Privacy Policies are agreements that specify your responsibilities to the users of your website (what kind of personal data you collect, how it is stored, etc), while Terms and Conditions agreements set out the guidelines for users of your website (preventing spamming, etc).
Required by Law?
The borderless nature of the Internet makes these law applicable to almost every website or online service and mobile application.
- Sites that allow interaction (like posting comments) with or without an accounts
- Sites that allow visitors to create accounts.
- Sites that allow visitors to spend money (buying goods, buying services, or donating money).
For some companies, the legal requirements are more extensive.
For example, Google requires companies that are using either AdWords or AdSense to update their Privacy Policies to include mention of the DoubleClick Cookie and the use of remarketing (also known as retargeting) among other things. See other examples.
Note: If your website serves an audience under the age of 13 there are specific requirements you must adhere to under Federal Law as set forth by the Children's Online Privacy Protection Act of 1998 (COPPA)- http://www.ftc.gov/ogc/coppa1.htm
Because there are numerous federal, state, and global laws that govern privacy on the Internet, the only way to get 100% accurate answer specific to your situation is to consult with an attorney that specializes in laws related to digital and online media.
The FTC issues a set of guidelines to follow in regards to writing Privacy Policies. Some suggestions included in their guidelines:
- Your policy should be written in easy-to-understand English (not “legalese”).
- what information you are gathering,
- what you will do with information gathered,
- how you are gathering that information, and
- how the information will be stored.
Any employee (or webmaster) who has access to the data on your website, must be made aware of and held to the standards laid out in the policy.
Keep it Updated
Privacy Policies can meet your legal requirement (for websites, mobile app or other apps) to provide information to people whose information you are collecting.
These policies also help you build trust with your users by showing that you value their privacy.
David Johnson (Digital Media Lawyer Blog) provides some more detailed individual market requirements for privacy.