Website privacy policies are essential for keeping users informed of the personal information collection, usage and sharing practices of website operators. Recent changes to state laws (and possibly federal law) create important new legal obligations for online businesses. Those businesses must post clearly written website privacy policies that contain key disclosures, notices and other privacy rights information. However, in order to comply with emerging state and federal privacy laws, certain businesses may need to create two separate website privacy policies.
What Types of Businesses Should Post Two Different Website Privacy Policies?
Businesses that offer software applications (including SaaS offerings) to other businesses may need to provide two website privacy policies. This approach would be necessary where the software application itself collects, tracks and/or processes end-user personal information. In this scenario, the business should create one website privacy policy that describes the types of information collected from its prospective business partners, and how that information is stored, utilized and shared. The business should also create a separate privacy policy that describes the ways that the software application itself collects, processes and shares information regarding end-user consumers.
The two privacy policies will necessarily contain divergent provisions. For instance, in a B2B relationship, it is less likely that the business will be sharing information collected for marketing purposes. However, information provided by, or collected from, consumers via a software application will frequently be shared with the business partners for marketing purposes. Further, the information collection methods, and the types of information collected, will vary significantly.
A business offering a consumer-facing software application may be tempted to draft one privacy policy combining its B2B and B2C privacy practices. However, we counsel against that approach. A one-size-fits-all privacy policy will likely be overly-long and confusing, thus violating laws requiring privacy policies to be concise and easy to understand.
Your Website Privacy Policy, or Policies, Should Be Designed for You
In order to comply with an emerging wave of state and federal privacy regulations, it is vital for businesses to tailor privacy policies that accurately detail how they interact with online users. This may require creating two separate website privacy policies to account for B2B-based and B2C-based interactions. Given the significant liability for failing to comply with privacy laws, it is essential that businesses consult with experienced counsel to ensure that they have the right approach to the drafting and posting of a privacy policy or, in some cases, two.
If you require assistance in connection with privacy law compliance for your business, please e-mail us at info@kleinmoynihan.com, or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Attorney Advertising
Similar blog posts:
Why Your Sweepstakes Promotion Needs A Privacy Policy
