If you're on a Galaxy Fold, consider unfolding your phone or viewing it in full screen to best optimize your experience.
Online businesses can’t exist without data and personal information from customers. But collecting details that can identify an individual carries responsibility for e-commerce businesses. It’s critical for meeting legal requirements and developing customers who can trust your business.
Think about your own online shopping habits -- you want to know what data a company is collecting. And, you want to know it is safe and secure. Your customers feel the same way, and they want to know you are protecting their data.
Establishing a privacy policy for your online store gives customers peace of mind. Plus, it helps ensure you’re complying with privacy and data security laws.
A privacy policy for an e-commerce website discloses how you plan to collect, store, share, and use the personal data you gather from shoppers. What is personal data? It’s information that can be traced to a person’s identity either from one piece of data or multiple data points used together.
The U.S. Office of Management and Budget (OMB) defines personally identifiable information as, “information that can distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.”
TheLawDictonary.com gives these examples as personal information.
When you’re selling online, your store is probably collecting other information too, such as website cookies, photographs, and customer support documentation stored on your servers or with third-party service providers. It’s important to notify customers this information is harvested, stored, and how it will be used.
Yes. The United States and many other countries worldwide require privacy policies for online stores and mobile apps. Any e-commerce business that collects personally identifiable information or data must give customers the choice to provide or deny including this information and the opportunity to change what is provided at a later time.
Shopping carts are the most obvious data collection points. But you can’t overlook the information you collect for e-commerce marketing purposes through opt-ins, subscriptions, website analytics, and more.
It’s important to know the laws pertaining to your state, other states, and countries where you do business. California passed the California Online Protection Act of 2003 (CalOPPA), which was the first in the country with broad requirements for privacy policies. This applies to any company selling in the state, even if the business is based elsewhere.
Internationally, the European Union (EU) implemented a data privacy law called GDPR in 2018. The law applies to U.S. businesses selling to shoppers in any of the countries located in the EU.
The size and scope of your business will guide the privacy policy for your e-commerce website. Amazon includes 14 links to details about their store privacy policy. Yours may not need to be that specific.
Technology makes it easy to collect information and data through e-commerce platforms.
Customers may not realize all the ways you are collecting their information. Think of the big picture and all the ways you’re collecting data. Walmart’s privacy policy includes information collected in five key ways.
The list of information collected may be longer than first expected. The basics include personal identifiers such as name, address, purchase history, financial information, demographics, and ID numbers such as driver’s license numbers, social security numbers, etc.
However, some data collected is much more complex. Walmart.com includes biometric data such as fingerprints, iris and retina scans, background information, including criminal information, education information, and more, in its privacy disclosure.
Outline the specific ways a visitor’s personal information will, and might be, used in the business. A few examples may include for research and development purposes, to maintain an account, to fulfill orders, for marketing, and for third-party advertising. The more transparent you are about how the information will be used ensures you’re complying with laws, and transparency builds trust among customers.
Besides federal privacy laws, California and the European Union have additional requirements. Include those details if selling into those areas.
Privacy policy disclosures can be overwhelming and complex depending on your business. These best practices can help you get started.
Drafting a store privacy policy is the first step. E-commerce attorneys can assist in writing a privacy policy for e-commerce websites. Generic privacy policies for e-commerce are widely available online. E-commerce platforms often offer an e-commerce privacy policy template for users to get started.
Visit your competitor’s online stores or review your favorite online store’s privacy policy to get a sense of what to include in yours.
It’s often considered best practice to ask customers to opt in to sharing information rather than assuming they are okay with it and giving them a chance to opt out later. Even with an opt-in approach, you still need to give customers an option to rescind their initial agreement to share their data.
Include the privacy policy in obvious places on your website. Some companies include a link in the footer and app menus. Other options include checkout pages or when a customer initially signs up for an account. Placing it near often-looked-for information such as a return policy helps keep customers from getting frustrated having to navigate complex websites to find the needed information.
Creating a privacy policy isn’t just checking a box on a list of things to do. Avoid putting it on a shelf and letting it collect dust. To be legally compliant and keep customers satisfied requires regularly reviewing and updating your privacy policies. Companies working with third-party providers must stay current with changes to those terms and include any changes in their own privacy policy.
Your e-commerce business can’t function without customer data. While it’s necessary for operation, it’s your responsibility to make sure shoppers know what and how you’re collecting their information. Don’t view this as a simple courtesy to your clients -- it’s the law. Learning best practices can help you establish a policy that satisfies both criteria.
Our Small Business Expert
We're firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers. The Ascent, a Motley Fool service, does not cover all offers on the market. The Ascent has a dedicated team of editors and analysts focused on personal finance, and they follow the same set of publishing standards and editorial integrity while maintaining professional separation from the analysts and editors on other Motley Fool brands.