BBB Tip: How to Perform a Health Check-Up on Your Privacy Policy

Typing a privacy policy on a typewriter

Many small businesses have a privacy policy on their website only for the sake of having one. They know their customers expect them to have one and that it’s a legal requirement in states like California. In most cases, they didn’t write it themselves or had it written by a legal expert.

Complying with privacy laws is necessary for any business that collects personal information from customers online.

Here are some tips on how to perform a health check-up on your privacy policy, with special attention given to the State of California.

What Is Personal Information?

In general, personal information is any kind of data that can be used to identify or profile an individual.

It may include the following:

  • First and last name
  • Email address
  • Physical address
  • Phone number
  • Credit card information
  • Income
  • Sex
  • Age
  • Relationship status

What if You Don't Collect Any Personal Information?

Most commercial websites collect personal information from their users. However, even if you don’t collect any personal information it’s still a good idea to have a privacy policy which states that fact.

Many people expect to find a privacy policy on a commercial website. If it doesn’t contain a privacy policy, it might create the impression that the business is not transparent and visitors might feel that their privacy isn’t respected.

What if You’re Using Google Analytics?

Websites often use tools such as Google Analytics to better understand their customers.

Google Analytics, for example, can show you how many people visit your website, how long they stay on the site and where they are from, for example.

If you use Google Analytics, you must have a privacy policy on your site. If you don’t, you’re in breach of their Terms of Service, which states:

You must disclose the use of Google Analytics, and how it collects and processes data.” 

Google doesn’t expect you to provide detailed, technical information. They suggest you post a prominent link to the following page: How Google uses information from sites or apps that use our services.

What’s the Law?

Unlike other countries, the United States does not have a general privacy law. There are only some sector-specific laws, such as:

  • The Children’s Online Privacy Protection Act (COPPA).
  • The Health Insurance Portability and Accountability Act (HIPAA).
  • The Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM).

California Privacy Laws

The State of California has been at the forefront of privacy legislation.

Specific privacy protection laws include:

  • California “Shine the Light” Law (California Civil Code Section 1798.83) – Residents can request what personal information has been shared with others for marketing purposes.
  • California “Online Eraser” Law (California S.B. 568) – Allows minors to remove or request removal of content they have posted on a website.
  • California Consumer Privacy Act (CCPA) – Gives consumers more control over the personal information that businesses collect about them. It targets big businesses and data brokers.
  • California Online Privacy Protection Act (CalOPPA) – Deals with internet privacy requirements.


CalOPPA covers all types of businesses that have commercial websites, including small businesses. It’s the primary data privacy law in the United States.

If you have a business in California or have California residents that visit your website, your privacy policy must be CalOPPA compliant.

Writing or Updating Your Privacy Policy

Privacy policies can be complex. It’s always a good idea to hire a legal expert to write or review your privacy policy. Many experts use a standard template that they only have to customize for your business.

There are also websites that offer privacy policy generators such as TermsFeed. Enter specific information about your business and it will generate your privacy policy language.

Always read through your privacy policy from time to time to make sure it remains accurate and that you still comply with it. It’s good to stay on the right side of the law!

For more tips, advice and scam alerts make sure to check out our blog. If you have a business in Los Angeles or Silicon Valley that’s not yet accredited with the local Better Business Bureau, we invite you to get accredited and take advantage of the many benefits to help you build your clientele and manage your reputation.

Share on facebook
Share on twitter
Share on linkedin