top of page
  • Writer's pictureSamantha Bradshaw

These 5 small business activities mean you need a privacy policy

Updated: Feb 11, 2022

Do you sell a product or service that’s exclusively made in your state, from a store or computer in your state, ONLY to people that live in your state and plan on staying that way forever?

Probably not. With nothing more than a TikTok account and a Square login, it's just as easy for a small business in Richmond, Virginia (VA) to sell courses or memberships all over the world as it is for a Virginia Beach photographer to take family portraits at Sandbridge (as long as everyone stays off the dunes, of course).

So, let's talk about keeping your business in line with the law and avoiding fines and courtrooms. Updated on Feb 11, 2022

An Introduction to what is a privacy policy?

A privacy policy is a contract that explains what kinds of personal information you gather from website visitors, how you use this information, and how you keep it safe.

Privacy Laws aren't just the GDPR

In the past few years, a few of the world’s biggest economies, think Europe, the UK, Canada, Australia, California, and Nevada (huge number of online businesses registered there!), decided that their residents deserve to know what information companies have on them. It’s a trend that is only going to continue.

Here’s where you say ‘But wait, I don’t operate in California or Europe!’

Remember that old school house rock song about how a bill becomes a law?

So, every state except Hawaii and Florida has had a privacy bill progress to at least the committee stage and these bills are going to keep popping up until they are passed.

Plus, can you really guarantee that you won't have a single website visitor from any of those places?

For my Virginia folks that can guarantee that no one in California or Europe will ever visit their websites, Virginia just became the second state in the US to pass a comprehensive data privacy law called the Consumer Data Protection Act (CDPA) in 2021. Carrying a fine of up to $7500, it makes businesses with at least 100,000 different peoples' data or selling data when they have 25,000 different folks' information have a privacy policy.

And you can bet your bottom dollar that states getting their own privacy laws will only push the federal government to make a law for every American based business soon. You can also bet these laws will only get more complex since data privacy isn’t going anywhere.

So now you say “I’ll never have tens of thousands of people visiting my website.”

And I’ll tell you that this is a legal requirement that is only going to apply to more and more businesses as time goes on. Plus, why would you hide from your potential customers what you are doing with their information. Communication is what makes every relationship, personal or business, successful. So start communicating in a privacy policy, wont ya?

Even if you are 100% local or aren’t processing 100,000 folks data yet, this is coming. BTW 100,000 people is less than 300 website visitors a day. That's not terribly high in the grand scheme of things. Plus your city or county can make a local law about this too. You can’t avoid it, so why risk your business over something so easily fixable?

A Look at the Activities that Require a Privacy Policy in the US

If you do any of the below, you needed a privacy policy on your website, landing page, emails and Facebook group. And you needed it, well....yesterday.

  • Asking folks for their email address

Email addresses are as important as home addresses or phone numbers to any small business. Because of that, governments started protecting email addresses just like any other personal information.

Business coaches seem to be screaming about the importance of collecting emails to sell.

You send your invoices and contracts to your clients by email. (if you don't, we gotta have a chat about why e-signatures and e-payments are gonna save you a TON of time.)

Whether you are building an email list of folks ready to buy, keeping track of who joins your VIP facebook group, or creating a lookalike audience for your newest ad based on this group of emails that you have a great conversion rate from before, you’re getting emails.

* any ‘standard’ contact info like full name, phone number count towards this too.

  • Use analytics of any kind on your website

Google Analytics and a Facebook pixel are the most common culprits here. These tools help you understand your customers but you have to tell site visitors what you're going to do with it .

Google’s own terms actually require you to tell folks you are using analytics, even if your state doesn't. Do you really want to piss off Google?

  • Have a single website visitor, customer, or potential client from Europe or California

I told you, these countries aren’t playing. And you know how you know if you have visitors from these countries? You have Google Analytics installed!

  • Selling folks data

In general, I don't think its a smart thing for small businesses to do, but if you need to sell your email list, you gotta tell folks.

  • Having ads on your blog or website

Monetizing your blog is no joke. It can bring you in some real money, but you gotta tell folks you’re doing that.

I won’t pretend that a solid privacy policy will make or break your business,

unless you are a communication app that has trouble communicating updates to its privacy policy and loses hundreds of thousands of users to competitors.....

but it is one of those easily check-off-able things that can let you worry just a little less as you continue to grow your business.

Comment below, do you have a privacy policy?

Have you updated it in the past 2 years?

Does it match the software and processes you are using today?

Are you rethinking your policy on privacy policies?

If so, you can grab a lawyer approved privacy policy over at the shop for 1/10th of what it would cost to have a lawyer write one just for you.


**Disclaimer: This is only general information, not legal advice specific to your situation, and does not create a client-attorney relationship between you and Samantha Bradshaw, a Virginia licensed small business lawyer, or InLine Legal, a 100% virtual law firm. If you need legal advice, please contact a lawyer in your area.

43 views0 comments
bottom of page