If you’re under the assumption that nobody reads your privacy policy, chances are you haven’t bothered to update it in a while.
After all, what’s the point in making privacy policy updates if 36% of people—according to Pew Research—don’t read a policy all the way through before clicking “agree”?
Well, here’s the thing. Those 36% of people might not read your privacy policy, but the rest do.
In this article:
- What is a Privacy Policy?
- Why are Organizations Updating their Privacy Policy?
- What to Include in a Privacy Policy Update?
- How Do You Communicate Changes to Privacy Policy?
In fact, 22% of website visitors say that they “always or often” read privacy policies before agreeing to them.
These users care about their privacy and are willing to stop doing business with you if you fail to protect their sensitive information.
But there’s another critical reason why organizations regularly update their privacy policy: the law.
To comply with data protection laws and, if applicable to your organization, the NIST cybersecurity framework, you need updated, accurate privacy policies on your website.
The slew of GDPR fines issued to brand giants like Amazon and Meta proves that this isn’t something to be taken lightly.
Organizations of all sizes are performing intricate data privacy policy updates in a desperate bid to avoid the same costly fate.
But wait—before we discuss why privacy policies need updating, let’s look at what they are.
What is a Privacy Policy?
Free to use image sourced from Pexels
A privacy policy is a legal document posted on your organization’s website. It discloses how your website manages the personal information it collects from visitors.
It also covers nuances such as users' rights over their data and whether information is shared with third parties.
But even the most thorough privacy policy can’t serve a business for months or years, which brings us to our next point.
Why are Organizations Updating their Privacy Policy?
Your privacy policy should be a living document. This means that it should adapt to changes as and when they occur. Let’s explore the main reasons why organizations are updating their privacy policy.
To comply with data privacy laws
Any business that collects data—whether from web visitors, customers, or employees—must abide by data privacy rules, such as GDPR and CCPA.
These regulations legally enforce the proper way to collect, store, and use data. And, critically, they dictate how these actions should be communicated.
Data privacy laws tend to change year by year, although updates can certainly happen more frequently and unpredictably.
Whether new legislation has been passed or previous legislation has been amended, organizations are required by law to update their privacy policies accordingly.
Fail to do so, and be prepared to pay the price. The average GDPR fine is around €1,755,366 ($1,874,729) across all countries—so it’s safe to say you want to avoid non-compliance at all costs!
Various types of internal audit can help you identify areas that need attention.
But which data privacy laws should you be concerned with? Here are some of the main laws regulating the usage of website visitor data:
- General Data Protection Regulation (GDPR): If your website collects personal data from EU citizens, you must create a privacy policy that discloses specific information, such as how and why you use their data.
- California Consumer Privacy Act (CCPA): If you do business in California, the CCPA dictates that you must publish an updated privacy policy every year. Customers must be notified of these updates, know how and why their data is being used, and be able to opt out if desired.
- California Online Privacy Protection Act (CalOPPA): CalOPPA requires every commercial website or online service to display a privacy policy and specifies the required information to include.
- Children’s Online Privacy Protection Act (COPPA): If your website collects data from children under age 13, your privacy policy must align with COPPA requirements.
To avoid lawsuits
It’s not just regulatory fines you should be wary of. An updated privacy policy can help prevent expensive, reputation-damaging disputes.
Let’s say your privacy policy states that you will always refuse to share information with third parties.
But if you encounter scenarios where you’re legally required to share information, you must update your policy to reflect this. If you fail to make or disclose the update, customers may sue—even if you’ve acted within the law.
Why? Because they can argue that they weren’t informed of the changes and therefore never agreed to them. And if there’s one thing you must gain before utilizing customer data, it’s consent.
Regularly updating your privacy policy and informing users helps prevent disputes. Users can opt out if they don’t agree with your new terms.
To meet user expectations and win customer trust
You need to win user trust to turn a web visitor into a customer—and a customer into a loyal advocate. In the digital age, this goes far beyond offering a great product.
You must create content that users trust, deliver excellent customer service, and protect sensitive information.
Users must trust that any personal data your business collects is handled properly, regardless of whether it’s collected through websites, apps, phone calls, emails, or live chats.
However, you store your data—whether using HDFS (what is HDFS?) or another framework—the same privacy laws apply.
Pew Research highlights the anxiety users feel around data usage, showing whether customers really care about how you use their data.
It’s also worth noting that if you’re using AI for data collection, you may need to work harder to establish trust.
Pew Research also found that 70% of people are wary of companies that use AI for data collection despite understanding its benefits.
Creating an in-depth privacy policy and regularly updating it alleviates this anxiety. It proves to customers that you take data privacy seriously and builds transparency—essential for earning trust.
What to Include in a Privacy Policy Update
When reviewing your privacy policy, consider both operational changes within your company and changes in data privacy law.
For example, maybe you’ve recently carried out some mainframe modernization. As part of this, you might want to disclose that you’ve migrated some of your data to the cloud.
Free to use image sourced from Unsplash
Here’s some of the main information you should consider updating in your privacy policy:
- The type of personal data collected by your website.
- What the data you collect is used for.
- How data is collected and processed by your organization.
- Your practices and procedures for storing and securing data (e.g., end-to-end encryption, strict permissions, and regular backups).
- How users can access, check, and update their personal information.
- How users can opt out of data collection.
- Your data retention policy.
- Your data-sharing policy regarding third parties and authorities.
How Do You Communicate Changes to Privacy Policy?
We’ve mentioned just how important it is to notify users about privacy policy updates.
To recap: it helps you avoid legal disputes, win customer trust, and stay compliant with data privacy laws.
But how do you communicate these changes? The three most common methods are:
- Email: Send a message to your subscribers announcing that you’ve updated your privacy policy. Explain the key changes or link to the full policy.
- Website pop-up: Use a website pop-up to notify new and returning visitors. Invite them to read and accept or deny the update.
- Push notification: If your business has an app, send users a push notification announcing the update.
Free to use image sourced from Unsplash
Wrapping Up
Just like the prices of your products, the personas of your customers, and the contracts you devise with suppliers, your privacy policy is subject to change depending on the current landscape.
New data privacy laws may come into effect. Existing laws may be updated.
You may change the type of data you collect or alter your data collection methods. Whatever the case, your privacy policy should be updated to reflect these changes.
To stay compliant and meet user expectations, aim to update your privacy policy annually—and don’t forget to notify your customers whenever you make a change.