Why You Should Have a Privacy Policy Even If No Contact Form

Since the new CCPA law went into effect, I’ve had a few requests to remove contact forms from websites. You do not need a Privacy Policy if you’re not collecting ANY personally identifiable information, including using any analytics program; such as Google analytics. However, data collection and privacy has become a BIG issue. People – including legal authorities – will expect to see a Privacy link in the footer of the website.

Many people visiting your website may not understand that the policy is not a legal requirement if you’re not collecting personal information.

Even if you remove the contact form from your website and/or remove Google Analytics in order to avoid the need for the policy, you should STILL have a Privacy Policy Page with a very simple statement that you do not collect, share, rent, or sell personal information.

An example of a Privacy Policy Page when you’re not collecting ANY personally identifiable information:

This website (nameofyourwebsite.com) does not collect or transmit any Personally Identifiable Information (PII) about you; such as your name, address, phone number, email address, banking information, etc.

You might also want to include other brief notices about DNT (Do Not Track), Cookies, and links to your social media sites, such as:

DO NOT TRACK SIGNALS
Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. Most modern browsers provide this option. We do not support Do Not Track (“DNT”). You can enable or disable DNT by visiting the Preferences or Settings page of your web browser.

COOKIES
Most web browsers automatically accept Cookies. Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse Cookies before visiting websites, with the drawback that certain features of the website may not function properly without the use of Cookies. A cookie in no way gives us access to your computer or any personal information about you.

LINKS TO OUR SOCIAL MEDIA SITES
PLEASE NOTE THAT YOUR RELATIONSHIP WITH FACEBOOK, TWITTER, GOOGLE, YELP, OR ANY OTHER THIRD-PARTY WEBSITE IS GOVERNED SOLELY BY YOUR AGREEMENT WITH SUCH THIRD-PARTY WEBSITE.

When it comes to data collection privacy, it’s far better to be transparent and state that you don’t collect personal data than to arouse suspicion from website visitors — or a competitor trying to pull a “Gotcha!” — by saying you don’t have a Privacy Page.

If You Have the Same Policy You’ve Had for Years

Your Privacy Policy needs to be current to reflect any new laws. If you have a newsletter sign-up box on your website, make mention of this in your privacy policy and let your website visitors know that your email campaign program has its own policies. You can link to their privacy policy pages. Same applies for links to your social media platforms, and analytic programs.

Five states—California, Colorado, Connecticut, Utah and Virginia—have enacted comprehensive data privacy laws. Some states are proposing laws that will enable their citizens to sue businesses of any size and location simply for having a contact form without a compliant Privacy Policy.

Fines for not having a privacy policy can be in the thousands of dollars, and and it’s PER VIOLATION.

As reported in BakerHostetler Guidance on the California Consumer Privacy Act (posted on bakerlaw.com / PDF), “Violations of the CCPA are subject to enforcement by the California attorney general’s office, which can seek civil penalties of $2,500 for each violation or $7,500 for each intentional violation after notice and a 30-day opportunity to cure have been provided.”

In May 2023, Meta was fined $1.3 BILLION for breaking E.U. GDPR privacy rules. This wasn’t the first time Meta/Instagram/Facebook has had to pay hefty fines for privacy violations.

Privacy laws are very complicated and ever-evolving.