Does your WordPress website need a Privacy Policy?

Let’s get this out of the way first thing. The author of this article works for a Privacy Policy Generator. So OF COURSE it’s going to say that every WordPress website needs a Privacy Policy… except it’s not going to say that, because not every single website needs one.

However, most modern websites do need one.

This article will explain:

• Privacy Policy is; 
• What laws require a Privacy Policy; 
• Common reasons your WordPress website might need a Privacy Policy, and; 
• How to obtain a Privacy Policy that actually works.  

Note: This is not legal advice. 

What is a Privacy Policy?

Privacy Policies are documents that inform a website visitor of a website’s privacy practices, such as what Personally Identifiable Information (PII) is collected, what is done with that information, and who it is shared with. While many think that a Privacy Policy contains random information and legalese, this is actually not true as a Privacy Policy must contain the disclosures that are required by the privacy laws that apply to the website.

What privacy laws require a website to have a Privacy Policy?

Most businesses have a Privacy Policy on their website to comply with the privacy laws that apply to them and thus avoid fines and lawsuits. Since non-compliance with privacy laws can be costly (starting at $2,500 per website visitor), it is important to get this right.

Privacy laws were created to protect individuals residing in certain states and countries and, due to the broad nature of the Internet (anyone from anywhere can submit their PII to a website online), privacy laws do not apply based on where your business is located.

To determine which of the privacy laws that require a Privacy Policy apply to a website, the following questions must be asked: 

• Who can submit their PII to the website? 
• Where does the website do business? 
• To whom does the website offer goods or services? 
• Who is tracked online through features such as cookies, pixels, and analytics? 
• Where are customers located?

For example, collecting the PII of California residents? CPRA or CalOPPA may apply. Collecting the PII of Nevada residents? Nevada Revised Statutes Chapter 603A may apply. Collecting PII or tracking the behavior of residents of the European Union? GDPR may apply.

Remember, all the laws mentioned above can still apply even if the business is not located in California, Nevada, or the EU.

Common reasons WordPress websites might need a Privacy Policy

One of the reasons WordPress is so popular is that it plays nicely with so many third parties and has so many plugins to choose from. While these tools aren’t necessarily bad, they may collect or share data in a way that requires your website to have a Privacy Policy. Common examples are:

Forms – WPForms, Gravity Forms, Contact Form 7, etc. are all commonly used plugins on WordPress. They work great, but they do create forms that collect personal information like names, email addresses, and phone numbers. Data collected by forms is one of the most common reasons a WordPress website needs a Privacy Policy.

Newsletters – Mailchimp, MailPoet, Omnisend, etc. all help website owners sign people up for email newsletters. To do this, they often collect names and email addresses.

eCommerce – WooCommerce, Shopify, Stripe, etc. all collect protected information like physical address, names, phone numbers, and payment information to help WordPress websites

Analytics –  Google Analytics, Satisfy, WP Statistics, etc. collect IP address data to let WordPress website owners know what people are doing on their website.

Security – reCAPTCHA, Wordfence, WP Security Ninja, etc. are all security plugins for WordPress that collect IP addresses.

 

How to obtain a Privacy Policy? 

Once “what are Privacy Policies?” and “what websites need a Privacy Policy?” are answered, the next logical question is “how to obtain a Privacy Policy?” Remember that the two most important aspects of a Privacy Policy are: 

1. The Privacy Policy must contain the disclosures required by the privacy laws that apply to the website and must accurately describe the business and its privacy practices 
2. The Privacy Policy must be updated to reflect new laws, regulations, cases, fines and guidance.

The two best options for getting a Privacy Policy that does both of these things is: an attorney and a trustworthy Privacy Policy Generator.

An attorney is always the best option because they can provide legal advice where as a Privacy Policy Generator (no matter how good) can’t. Unfortunately, keeping a privacy attorney on retainer so that they can frequently update policies can get expensive.

A Privacy Policy Generator like Termageddon can also help identify the laws that apply to a particular WordPress website, create the policies, and update them automatically. As an added bonus, Termageddon was founded by a privacy attorney.

Hopefully this article was helpful, and happy Privacy Policy creating!