Should Your Website Have a Privacy Policy?

By Helen Sedwick (@HelenSedwick)

ID-100144321Today’s writers wear many hats. We are Tweeters, Pinteresters, YouTube-ists and most of all, bloggers. Maybe we have heard about privacy policies, but we don’t know whether we need one. After all, we are not challenging Wall Street, City Hall, or Big Data. Most of us are not selling advertising space alongside our posts. We are blogging simply to inform readers about our work and sell a few books. Most writers do not want to wear a lawyer’s hat, too.

Unfortunately, by blogging and maintaining a website, writers may subject themselves to certain legal requirements, particularly privacy statements. Something as ordinary as collecting email addresses for a newsletter triggers the requirement. And if you collect personal information from children under 13, or if you or your advertisers track visitors as they surf the web, then you have more rules to follow. Let’s look at who needs a privacy policy and what it should say.

Who is required to post a privacy policy?

If your website or blog consists solely of reading material and you do not collect personal information about your viewers, congratulations. You have kept your life simple and do not need a privacy policy.

However, if you:

  • collect names and addresses to send newsletters,
  • require readers to register and log-in in order to comment,
  • obtain contact information as part of a giveaway,
  • post photos of and reviews by your readers,
  • collect any personally identifiable information, or
  • track visitors to see where else they venture on the internet,

then you should draft and conspicuously post a privacy policy on your website and blog. Put a link to the policy on your home page that uses the word PRIVACY. In California, it is now the law.

What is personally identifiable information?

Names, addresses, email addresses, phone numbers, user names, passwords, marital status, children’s names, occupation, credit and financial information, medical history, travel itineraries, photographs, Social Security Numbers, or any information in “personally identifiable form.”

What about web stats and analytics?

Information about your viewers in general, such as browser type, pages viewed, referring sites, history, and location— the sort of information collected by Goggle Analytics—is not considered personally identifiable information. I suppose a very sophisticated geek could identify individuals from such data. For this reason, many suggest every website and blog have a privacy policy that at least covers web stats.

What goes into a privacy policy?
  • Describe the types of information collected, such as names, addresses, and credit-card numbers. Provide the user a way to correct errors. This may be as simple as sending you an email.
  • Explain how the information will be used and the categories of people with whom the information might be shared. For instance, do you share it with potential publishers, agents, publicists, or marketing companies?
  • Describe how you maintain security.
  • Include an opt-out option.
  • Put a date of the policy.
  • Explain how readers will be notified of changes in the policy.
  • If you will be collecting personal information about children under the age of 13, then comply with the Children’s Online Privacy Protection Act (COPPA).
  • If you or your advertisers will be tracking visitors after they leave your site, then disclose how you respond to Do-Not-Track requests.
Is your site subject to COPPA?

If you operate a website, online service, or app directed toward children under 13 and collect personal information from those children, then you must comply with a long list of requirements under the Children’s Online Privacy Protection Act (COPPA) . COPPA also applies if you operate a general audience website and have actual knowledge you are collecting, using, or disclosing personal information from children under 13.

For example, if you operate a website where children share questions and discussions about your book, or they may upload photos and drawings using their real or user names, hometowns, etc., then you must comply with COPPA.

COPPA basics:

  • Post a clear and comprehensive privacy policy.
  • Obtain verifiable parental consent.
  • Give parents the choice of prohibiting disclosure to third parties.
  • Provide parents a way to review, correct, and delete information.
  • Take reasonable steps to maintain confidentiality and security.
  • Retain personally identifiable information only as long as necessary.

After reading this list, I have more questions than answers. How am I supposed to obtain verifiable parental consent? What if the child lies about her age? What are reasonable steps to maintain confidentiality? What is a clear and comprehensive privacy policy?

The COPPA rules are technical, evolving, and beyond the scope of this article. The best approach is to hire an expert to help set up your site, write your privacy policy, and install parental verification systems. Search online for COPPA compliance experts, and you’ll find dozens of companies. As always, research the reputation of these companies before you agree to any contract.

How do you handle Do-Not-Track requests?

California law requires anyone who operates a website that may be viewed by someone in California (okay, virtually everyone) to disclose how they respond to Do-Not-Track requests.

Few casual bloggers must deal with this issue because we do not track users browsing habits after they leave our sites. But if you track visitors, or if you host click-through advertisements and your advertisers track visitors, then you must disclose that information and explain how you respond to Do-Not-Track requests.

Tracking is not prohibited. The law requires disclosure only.

The law and technology in the area are new, so I expect we will see many changes on how visitors opt in and out of Do-Not-Track lists and how websites handle such elections.

Now what?

If you search the internet, you’ll find many sites that offer privacy policy templates for free or a small charge. But you could write your own. Let’s look at my website for a sample.

  • I do not sell books through my site, or post third-party advertising, or track users.
  • I collect names and email addresses when readers submit a comment or subscribe to my blog or newsletter through MailChimp.
  • WordPress and Google Analytics collect general user data.
  • My site is not geared toward children under 13, and I am not aware that I have collected any personal information from any children.

Does this sound like your site? My privacy policy is fairly simple. If you like it, you are free to copy and reuse it.

If you collect and use more personally identifiable information, then Joel’s Friedlander site,, also has an easy to read Privacy Policy.

About the Author

Sedwick.Headshotx175Writer and lawyer Helen Sedwick has thirty years of experience representing businesses and entrepreneurs as diverse as wineries, graphic designers, green toy makers, software engineers, investors, restaurateurs, and writers. Her newest release Self-Publisher’s Legal Handbook: The Step-by-Step Guide to the Legal Issues of Self-Publishing is assisting indie author in navigating the legal minefield of self-publishing and blogging. Her historical novel Coyote Winds earned five-star reviews from ForeWord Reviews and Compulsion Reads and is an IndieBRAG Medallion Honoree. For more information about protecting your rights and your wallet, email her at or visit

Disclaimer: Helen Sedwick is an attorney licensed to practice in California only. This information is general in nature and should not be used as a substitute for the advice of an attorney authorized to practice in your jurisdiction.

Happy Holiday Super Sale for Writers!
Lowest prices of the year on my products and services—
but only until December 31!

writers gifts

I want you to have what you need in 2015 to achieve your goals and dreams as a nonfiction writer.
Take advantage of this opportunity to stock up at big discounts on the resources I have to offer you!


Photo courtesy of Stuart Miles | Amazon links contain my affiliate code.


  1. Maureen C. Berry says:

    Thank you Helen and Nina.

Speak Your Mind