privacy policy template

Dangers of Using a Privacy Policy Template

As a technology company that collects personal information from customers, the temptations for using a privacy policy template that you find online is understandable. You need a privacy policy to communicate to your users that you are committed to their privacy, you need it fast, and you’re worried that hiring a lawyer would cost you too much at this early stage of your company. The truth is, using a privacy policy template from a similar company carries more risk than benefits.

Laws Regulating Privacy Policies

There are few laws regulating what goes into an online privacy policy. California is one of few jurisdictions with its own Online Privacy Protection Act, but most other laws are only applicable in specific circumstances, for example when a service collects financial or health data or information from children. For the most part, privacy policies are left to self-regulation by consumers, companies, and organizations such as the Digital Advertising Alliance.

In fact, the most common way that companies get into legal trouble with regards to their privacy policies is not by leaving out a legally-mandated provision, but by stating something in their policy that is not in line with practice. This gap between privacy and practice may occur for several reasons, including:

  1. The company used a similar business’s policy. Many times an enterprise may use another business’s privacy policy because it is in the same industry without doing a thorough review of the content of the policy to make sure that the company intends to do everything stated in the policy. Chances are, no matter how similar the two companies, something about their privacy practices may be different, whether it be the type of information collected, how the information is collected, and how the information is used and shared with others.
  2. The company makes promises that sound good but aren’t practical. Given recent consumer awareness about information and data privacy, many companies believe that giving the consumer peace of mind with regard to their personal information is critical. They include in their privacy policy a generic statement such as “we will never share your personal information with anyone” or “your privacy is of the utmost importance to us.” While meaning well, the company can get into trouble for misleading the consumer about how the consumer’s information will be handled when, for example, the company is required to turn over the information as part of a government request or sale of assets.
  3. Those who draft the privacy policy are not aware of the company’s actual privacy practices. It should be obvious that if you don’t fully understand a company’s actual practices in light of its resources and revenue source, you can’t accurately describe them. Lack of communication between those who draft the privacy policy and the professionals in charge of data privacy is a common reason for inaccurate statements in privacy policies.

The Best Privacy Policy is Your Own!

Given the importance of accuracy, both in terms of maintaining your credibility with consumers and avoiding legal action for misrepresentation, it is best to avoid using privacy practices from similar businesses. Chances are that your collection and use of personal information will differ from another company.

For this reason, we always work with businesses to draft their policy from scratch. We begin with a questionnaire that asks questions about your collection and use of customer information. We have found that, many times, the questionnaire is especially helpful because the company has not even had a chance to think through those privacy questions until they engage us. Only after we make sure we and the company representatives have the same understanding of the company’s privacy practices do we begin to put together a customized privacy policy. That is indeed the only way to avoid unnecessary risk of litigation associated with your privacy policy.

Please contact us to discuss how we can help you draft a privacy policy.


DISCLAIMER: The information in this article is provided for informational purposes only and should not be construed or relied upon as legal advice. This article may constitute attorney advertising under applicable state laws.

Hash Zahed

Hash is a business law attorney in Oakland, CA. He is passionate about using entrepreneurship as a force for good. Hash's practice focuses on assisting founders with entity formation, startup financing, employment compliance, business contracts, trademark, data privacy, and nonprofit organizations.

More Posts

Follow Me:
LinkedIn