If you’ve ever visited a website, you’ve likely seen a link to the company’s website agreements. The links usually exist at the bottom of the page and provide information about what information the company collects, how they will use it, and the terms governing the use of the website. With the recent passage of California’s CCPA law, more and more attention is being focused on consumer privacy. This means it’s more important than ever to take online privacy seriously. But what does this mean? Are you required to have website agreements and if so, what should they include?
Understanding the Different Types of Website Agreements
As a startup, part of your business plan will likely include a website. A website is a valuable way to provide information to your customers, generate traffic, or in the case of a SaaS (software as a service) company, your website may be your entire business. But when you create a website, there are certain laws you must abide by. Failure to do so can lead to serious consequences.
There are various website agreements that you need to include on your website. Some of these will be required and others are highly recommended. Let’s take a closer look:
- Privacy policy: Your company’s privacy policy outlines what data you collect, how you store it, and how you use it. As a business, you may be collecting different types of personal information. This may include names, addresses, email addresses, and even credit card data. While the federal law does not legally require a privacy policy, per se, there are several laws that require you to disclose certain data collection practices. These include COPPA, HIPAA, CCPA, Gramm-Leach-Billey Act (GLBA), Fair Credit Reporting Act, and parts of the FTC Act.
- Terms and conditions: Also known as terms of service or terms of use. Terms and conditions include your company’s policies regarding what rules website visitors must follow in order to use your site. For example, one of your terms may be that a customer cannot copy information from your website without your permission. There is no law requiring a company to establish terms and conditions. However, depending on your business model, T’s & C’s can protect your company and are highly recommended.
What Types of Companies Need Website Agreements?
It is always a good idea for any company to have both a privacy policy and terms and conditions. Specifically, if you run a financial service, healthcare business, or a business aimed at children, you need a privacy policy. Federal law specifically refers to these industries. But even if you are not in one of these sectors, it is strongly advised to have a privacy policy easily accessible on your business’ home page. While your state may not have specific privacy laws, many other states do. If you do business outside of your state, other laws (like CCPA and GDPR) may still apply. If you own an e-commerce company or a SaaS platform, you should have Ts & Cs governing how customers use your site and/or services.
Possible Legal Consequences
So what happens if you decide not to create a privacy policy and terms and conditions? If you choose not to create a terms and conditions agreement, you are likely setting yourself up for failure. While there won’t be any fines from the government, you could spend thousands of dollars fighting a customer when they harm your company which could have been avoided with proper Ts & Cs.
When it comes to privacy policies, the penalties could be a lot worse. For example, HIPAA violations start at $100 and go up to a maximum of $250,000 a year. COPPA violations can result in fines of up to $43,280.
State-Specific Laws
There are some states where it is extremely important to take consumer privacy seriously. These states have specific laws regarding your duty as a business. This includes:
- California: California is the most recent state to pass laws regarding online privacy. CCPA went into effect on January 1, 2020, and gives consumers the right to know what data is being collected, how it is being collected, and if it is being sold. Consumers also have the right to request for their information to be deleted.
- New York: New York passed the Personal Privacy Protection Act in 1984. This law allows consumers to access their data, correct any inaccurate information, and know-how their data is being used. The state also recently passed the Stop Hacks and Improve Electronic Data Security Act (“SHIELD”) which requires data security safeguards and will go into effect on March 21, 2020.
Protect Your Business
Website agreements may seem like a lot of work, but they are worth the investment. But as a new business owner, you likely don’t have the time to figure out what to include in your agreements and how to stay in compliance. In this area, it’s always good to bring in an internet attorney. At the Law Office of Brown & Blaier, PC, we’ll work with you to figure out exactly what to put in your agreements and make sure your company is protected. To learn more give us a call or fill out our online form to schedule a free consultation.