Does My Website Need A Privacy Policy?

Table of Contents

    What is a Privacy Policy And Does My Website Need One?

    A Privacy Policy lays out what personal information you will collect from visitors to your website, what will be done with that information, and who it will be shared with. Any business with a website needs a clearly defined privacy policy. This requirement is not only dictated by state laws around the country and the General Data Protection Regulation, it is smart to have it to protect yourself, your business, and your website users.

    Here we get into all of the details, the legal implications, changes in privacy laws, and how to get your website in compliance.

    Privacy Laws Nationally

    When you collect any private information of users of your website, you are required to notify visitors of your privacy policy.  

    While California and New York were first in implementing privacy laws, there are currently 17 other bills that are in the works that will impose additional requirements. Although they are being considered in Alabama, Connecticut, Virginia, Minnesota, Mississippi, New York, New Jersey, North Dakota, Oklahoma, Vermont, and Washington understand that these bills apply to the consumers of the state – not the business. 

    There are currently several laws across the country that cover telecommunications, health information, credit information, financial information, and marketing. So, for example, even if you are in Texas the current California consumer privacy law, other current laws, and these proposed laws apply to your business website.  


    The California Online Privacy Protection Act of 2003, the California Consumer Privacy Act, and the GDPR dictate that you do so. Declining to do so can cost you fines that are assessed per visitor by the user’s state or province. California laws require any websites that collect “personally identifiable information” (PII) from visitors to first publish a clear privacy policy that tells them upfront how you will use the information.  

    New York

    The Newly passed New York Shield Act, Stop Hacks and Improve Electronic Data Security Act, amends the former data breach law the state held and adds more security requirements.  

    Nevada & Deleware

    Nevada and Delaware have privacy laws similar to California and New York.  Some privacy laws cover an entire industry, like the Health Insurance Portability and Accountability Act of 1996 that protects patient information in health care settings. 


    On March 3, 2021, VA S 1392, the Virginia Consumer Data Protection Act (VCDPA) was signed into law.


    If you are in Texas, there is no set privacy law for commercial enterprises but that does not mean you don’t need one as a small business. “It seems likely that Texas will follow the lead of other states and implement a law specifically addressing privacy notices to consumers in the future. In the meantime, it is a best practice (and a Federal Trade Commission expectation) that companies which collect personal information online should post and abide by a privacy policy that is clear and conspicuous.” (see Texas Data Guidance, #8)

    And the laws keep changing and states keep amending them. 

    Currently, there are lawmakers looking to create a national online privacy law.

    Privacy Laws Internationally

    The General Data Protection Regulation protects the privacy of EU residents.  This legislation governs the collection, transmission, and data of residents of 28 member countries of the European Union. The Australian Privacy Act of 1988 and the Canadian Personal Information Protection and Electronic Documents Act can also affect your business when visitors of those countries are on your website.  

    Website Elements Needed in Your Website’s Privacy Policy

    Having a privacy policy means little if it doesn’t cover all of the requirements in the laws around the world.  You will need to check for what is needed for your industry in particular.  But these general rules will help you start.

    • Notify visitors what Personal Identifiable Information is collected while on your website
    • How you will use the collected information
    • Who you will share that collected information with
    • The effective date of your privacy policy and how you will notify people of any updates
    • Your contact information
    • The method used to collect the information
    • The reason you collect the information
    • How your website responds to “do not track” tools

    You should also find out what the privacy policy guidelines are of the platforms you use. The best way to present your privacy policy is a persistent link on the footer that directs visitors to the policy.


    How often should I update my privacy policy?

    As laws change, so should your privacy policy.  Some options automatically update this for you.  Your policy also needs to be updated if there are changes in the type of personal information you collect or the ways that you use the information changes.

    Can I use someone else’s privacy policy?

    It is not a good idea to borrow a privacy policy from another website.  You have to be specific as to how you collect and use the information, not how another company’s lawyer prepared their policy for them. What you do with the information you collect can be very different from another company.  

    I only sell within the US, do I need to address Europe’s privacy policies?

    Being a US business, it is not required that you follow suit and add a cookie bar to your website. This was generated by the EU e Privacy Directive or the ‘Cookie Law.” Even if your website is based in the United States, visitors from the EU who visit your website must be protected and must know how they are protected. It is best practice now to get their consent to collect cookies before obtaining personal data.  You will have to also give them the ability to revoke their consent, document and renew each user’s consent.   

    I have a very small website, do I still one?

    Yes, no matter the size of your business or the complexity of your website, these regulations apply to you. A privacy policy is necessary to protect you from governmental or consumer lawsuits. Privacy Policies are also required by third-party services.  Google AdSense and Amazon Affiliates and other services require that you have this. Online marketing tools that are so important in building your business require you to have a privacy policy. It also helps your customers trust your website. Nonprofits that gather information should have a clearly defined privacy policy for their websites.

    Get Your Privacy Policy Today

    Now is the time to get in compliance with the law and third-party services.  As a part of our goal to develop effective websites, we offer a privacy policy generator called Termageddon. We can get your Termageddon policy that includes a Terms of Service and Disclaimer started and ensure that your company, and your customers, are protected. 

    Instead of hiring an expensive lawyer and trying to keep up with ever-changing laws, we recommend using our privacy policy service which will automatically update your privacy policy. 

    Learn more about the laws regarding privacy policies and Termageddon.

    Does My Website Need A Privacy Policy?

    Blog Categories


    Christina Hawkins

    Christina Hawkins is CEO of GlobalSpex, Inc. and a Fractional CMO for her clients. A seasoned digital marketer since 1999, Christina has designed and built exceptional websites partnering with small businesses to help them grow and increase revenue. She understands that digital marketing is a constantly evolving technology and works to stay on top of the latest changes. She is always looking for the best route for clients' lead generation needs and revenue. In addition to her ability as a digital marketer, Christina is a coach and mentor with Agency Mavericks to other digital marketing freelancers, helping them grow their businesses. She is also a sponsor and co-leader of Houston's WordPress Meetup.

    Leave a Comment