ISBA Members, please login to join this section

December 2017Volume 55Number 3PDF icon PDF version (for best printing)

Five tips for drafting privacy policies

Like it or not, we live in an age of big data and privacy invasions. Events such as the recent Equifax breach have left consumers weary of sharing their personal information online for the fear of it being stolen and used for improper purposes. Therefore, it is now more important than ever for websites to have a Privacy Policy that delineates what information is collected, shared and with whom. If a website owner walks through your office door and requests that you draft a Privacy Policy, would you be able to help him or her? The following are five tips that will help you draft a clear and concise Privacy Policy that not only abides by the law but also reassures the users of the website.

1. The Privacy Policy should be drafted in a way that will be understood by even the most lay of persons

The Federal Trade Commission (“FTC”) provides guidance that states that Privacy Policies should be written in a way that is easy to read and understand. Remember, the policy that you write will most likely be read by people who want to purchase a necklace or a child’s car seat, not by lawyers. Thus, “heretofore” and “herein” should be left for complex commercial contracts and are not appropriate for Privacy Policies.

2. One Privacy Policy does not fit all websites

As attorneys, we all love our templates. However, it is important to remember that each website collects different types information and disseminates it to different types of people. While some websites may have a purchasing option that redirects the user to PayPal, others may ask the user to send them a check to effectuate a purchase. Some websites collect cookies to track information while others do not. Therefore, it is important that you have a comprehensive understanding of your client’s website and all of its features and you mold the Privacy Policy to fit that particular website.

3. Remember that the case law and statutes change

Privacy is a very hot topic right now not only for consumers but also for law makers and judges. This area of the law has new cases on a frequent basis and thus you must remember to constantly monitor the case law and the guidance as put forth by the FTC. This will help you draft policies that are up to date and will protect your client to the fullest extent of the law.

4. You must advise your client to place the Privacy Policy in the right area of the website

Having a well written Privacy Policy is half of the battle. The remainder of the battle is where this Privacy Policy is placed. The link must include the word “privacy” and must be visible, not hidden and easily accessible. Furthermore, the FTC also has guidance regarding the type and its size that that should be used. Before your client’s website launches or immediately after the Privacy Policy is uploaded you should visit the website to ensure that the Privacy Policy link meets all of the visibility requirements as stated by the California Business and Professions Code Sections 22575 – 22579.

5. Create a checklist for yourself

A Privacy Policy can be a complex and lengthy document. In order to ensure that you do not miss anything, use a checklist.

With the proper care and attention to detail, Privacy Policies can both reduce the potential for liability and reassure website visitors that their information is safe thus leading to more business for your client. These five tips for drafting Privacy Policies should help you win over your clients with better writing.


Donata Kalnenaite, Esq. is the founder of Agency Attorneys, a Chicago-based firm that provides contracts and other transactional services to website developers, graphic designers and marketing agencies. She is currently the General Counsel of Work Now, LLC, which is a staffing firm and the President of Termageddon, LLC, which is a privacy software that is scheduled to launch in December, 2017.

Login to post comments