If it seems that everyone is updating their privacy policies, it's because they are. Companies update their privacy policies in order to be compliant with the data protection laws and to inform users of their rights and how their data is collected, stored and used. Among the latest are GDPR and CCPA, both laws increase the need for transparency surrounding personal data and ensuring users are aware of their rights.

Listen to this article in audio format

What is a Privacy Policy?

A privacy policy is a legal document that explains how a website or company handles personal data. Personal data is any information that can be used alone or in conjunction with other information to identify an individual. This includes, but isn't limited to, a name, address, date of birth, phone number, place of employment, ID numbers, medical history and marital status.

A privacy policy should include the following information:

• The name of the website or company
• the types of personal data that is collected
• how this personal data is collected and stored
• the reason for the collection of personal data
• how the website or company will use personal data
• how the user can access their personal data or ask for a correction
• how the user can lodge a complaint
• the users rights
• cookies

International Privacy Laws

There are a number of International Privacy Laws that need to be considered when you are creating your privacy policy. The ones that will apply to you are dependent upon where your users are situated, not your business. are GDPR, CCPA, CalOPPA, COPPA, PIPEDA, and the Australian Privacy Act 1988.

Let's take a brief look at each of these data protection laws. For more detailed information please follow the links to individual articles which will go into further detail.

GDPR

GDPR stands for General Data Protection Regulation. It is an European Union privacy law which protects the personal data of residents of the EU. Companies and websites privacy policies need to include the following to be GDPR compliant:

• your company contact details contact details of your data protection officer if you have one
• a list of data protection rights of your users
• the right for your user to withdraw consent at any time
• the right for your user to lodge a complaint with a supervisory authority if required
• if you have an automated decision making system implemented, then details about how the system is set up and what the consequences of this system are.
• what personal data is collected
• your companies reason for processing personal data
• the length of time that personal data is retained
• who personal data is shared with, if any other party

CCPA

CCPA stands for the California Consumer Privacy Act. It is a privacy law which protects the rights and personal data of the residents of California. Companies and websites who collect personal data from the residents of California will need to include the following privacy rights in their privacy policies :

• the right to know
• the right to delete
• the right to opt out
• the right to non discrimination

The privacy policy will also need to include the categories of personal information that are collected.

CalOPPA

CalOPPA stands for California Online Privacy Protection Act, a privacy law which made posting privacy policies online mandatory.

To comply with CalOPPA your privacy policy should include:

• easy to read format
• disclose personal data that you collect
• provide links to privacy policies of third parties that you share personal information with
• inform users of their rights and choices
• provide contact details
• explain how you respond to "Do Not Track" signals
• clearly label your stance on online tracking, for example "California Do Not Track Disclosures"
• list any third parties that may collect personal information while on your site.

COPPA

COPPA stands for Children's Online Privacy Protection Rule, which is a privacy act which the primary goal protecting the personal information of children under the age of 13.

If your website does not apply to people in this age range then your privacy policy should state this.

If your website is directed at children 3 years or younger then the following applies:

• You must post a clear and easily understood privacy policy on your website
• outline what personal information is collected
• outline why the personal information is collected and what it is used for
• explain how you maintain the confidentiality, security, and integrity of information you collect from children

PIPEDA

PIPEDA stands for Personal Information Protection and Electronic Documents Act. It is a privacy law which apples to private sector businesses in Canada.

To be compliant with PIPEDA, your privacy policy needs to include the following:

• what personal data you collect
• the purpose for the collection of personal data
• explain how the personal data has been used
• what are the risks of harm or other consequences of collecting the personal data
• what third parties, if any, the personal data is shared with
• make your privacy policy easy to understand and readily available for your customers

Australian Privacy Act 1988

The Australian Privacy Act of 1988 is a privacy law which help to protect the privacy of Australian residents and their personal data.

To be compliant with the Australian Privacy Act 1988 your privacy policy needs to include the following:

• your business name and contact details
• what personal data you collect
• how you collect personal data
• why you collect personal data
• how you use the personal data you collect
• disclose if you share personal data with a third party
• if so what third parties
• disclose any parties outside of Australia that you share personal data with
• how can your users access their personal data
• how can your users lodge a complaint if they think you have mishandled their personal data

Conclusion

Updating your privacy policy to keep inline with international privacy laws is an important aspect of your online business.

To get your updated privacy policy check out our easy to use generator. It is comprehensive and customisable to suit any business requirements. It is lawyer drafted, up to date and compliant with all major privacy laws.