Disclaimer: We are not lawyers and this should in no way be confused with professional legal advice.  If you need legal advice around the topics of TOS and Privacy Policy you should contact a lawyer.

 Undeniably the dullest page on your website, the Privacy Policy and Terms and Conditions page sets the rules for using your website.

What's the difference between a Privacy Policy and Terms & Conditions?

Privacy Policies are agreements that specify your responsibilities to the users of your website (what kind of personal data you collect, how it is stored, etc), while Terms and Conditions agreements set out the guidelines for users of your website (preventing spamming, etc).

Required by Law?

Under the UK's Data Protection Act 1998, if you collect, store or process personal data you must provide specific information to the users whose personal data you are collecting. Owners of websites, online services or mobile applications (apps) that can be accessed or used by California residents are required by the California Online Privacy Protection Act of 2003 (CalOPPA) to conspicuously post a privacy policy if they collect California residents’ personally identifiable information (PII).

The borderless nature of the Internet makes these law applicable to almost every website or online service and mobile application.

Any site that allows visitors to interact should have a privacy policy and terms of use page.  That includes (but is not limited to):

  • Sites that allow interaction (like posting comments) with or without an accounts
  • Sites that allow visitors to create accounts.
  • Sites that use cookies or other tracking mechanisms,
  • Sites that allow visitors to spend money (buying goods, buying services, or donating money).

For some companies, the legal requirements are more extensive.

For example, Google requires companies that are using either AdWords or AdSense to update their Privacy Policies to include mention of the DoubleClick Cookie and the use of remarketing (also known as retargeting) among other things. See other examples.

Note: If your website serves an audience under the age of 13 there are specific requirements you must adhere to under Federal Law as set forth by the Children's Online Privacy Protection Act of 1998 (COPPA)- http://www.ftc.gov/ogc/coppa1.htm

Because there are numerous federal, state, and global laws that govern privacy on the Internet, the only way to get 100% accurate answer specific to your situation is to consult with an attorney that specializes in laws related to digital and online media.

What Should A Privacy Policy Say?

The FTC issues a set of guidelines to follow in regards to writing Privacy Policies.  Some suggestions included in their guidelines:

  • Your policy should be written in easy-to-understand English (not “legalese”). 
  • Your privacy policy should declare
    • what information you are gathering,
    • what you will do with information gathered,
    • how you are gathering that information, and
    • how the information will be stored.

The BBB has a copy of a privacy policy you can use as a starting point.  Bear in mind you should read through this document, modify and adhere to as your organization sees fit -- this is not a one size fits all solution.

Once again, an attorney that specializes in laws related to digital and online media can make sure that your privacy policy wording fits your specific online situation.

privacy mozillaThe five data privacy principles from Mozilla: no surprises, sensible settings, defense in depth, user control, limited data.  Read more

Following Through On The Commitment Made In Your Privacy Policy

Having a website privacy policy is only part of the equation -- the second critical element is your commitment to adhering to the statements made in the policy. It is important that all team members have a clear understanding of your organization's privacy practices and can clearly communicate it to customers and website users.

Any employee (or webmaster) who has access to the data on your website, must be made aware of and held to the standards laid out in the policy.

Keep it Updated

A privacy policy is something that should be reviewed and modified as deemed appropriate at least once a year.

Take a moment and review your privacy policy and see if it meets today's needs of your organization and your website. If you don't have a privacy policy, create one, share it with your team members, and post it on your site.


Privacy Policies can meet your legal requirement (for websites, mobile app or other apps) to provide information to people whose information you are collecting.

These policies also help you build trust with your users by showing that you value their privacy.

Post a statement of your privacy policy in a conspicuous location on your Web site.  Then, be sure to comply with the terms of your privacy policy.

Additional Resources:

The Better Business Bureau has a pretty comprehensive starting point on their site - Sample Website Privacy Policy .

Additional information regarding COPPA and how to comply.

David Johnson (Digital Media Lawyer Blog) provides some more detailed individual market requirements for privacy.

The Contract Company out of Australia also provides a Free Privacy Policy Template that you can download by providing some basic contact information.