Privacy Policies for Individuals
The question to ask yourself first is whether or not your website or app collects personal data.
This can be something as simple as collecting email addresses to send newsletter updates out, or allowing readers to comment on your blog posts.
Most websites and apps are owned and operated through some kind of company or incorporated entity.
Let's take a moment to briefly review the meanings of "corporation," "limited liability company," "partnership," and "sole proprietorship."
A corporation is a group of human beings legally authorized to act as one person. Under law, a corporation is seen as one person that can be taxed and even sued. The revenues come directly to the corporation and the board members then decide what to do with it. If one or all members of the corporation die or go bankrupt, the corporation still exists as a legal entity.
In the case of privacy law, a corporation's members are responsible for compliance with the law because they're the ones who control and/or process clients' personal or private information.
Limited Liability Company
You can think of an LLC as a compromise between a corporation and a business partnership (or sole proprietorship), chosen for its advantages over both.
In an LLC, you get more legal protection (in the event of bankruptcy, for example) than you would in a simple partnership or sole proprietorship without the effort, time and expense of setting up a corporation. The owners get the revenue and also pay the taxes. Unlike a corporation, if a member dies or goes bankrupt, the LLC must be dissolved.
In the context of privacy protection, an LLC's owners are responsible to see that the company complies with the law.
A business partnership is an agreement between two people to share the ownership, responsibility, and profits of an enterprise. Revenue is shared as are duties such as tax obligations and compliance with privacy laws.
Personally identifying information includes but isn't limited to the following:
- Email addresses
- First/last names
- Phone numbers
- IP addresses
- Mailing addresses
- Financial information
As a rule of thumb, if you're marketing products or services online it's best to be at least generally aware of the main international regulations, because of the difficulty (if not impossibility) of restricting your digital marketplace to one country.
Here are a few of the main privacy regulations that may affect you.
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada's privacy protection law.
In Part 4 we learn that PIPEDA applies to every organization that collects, uses or discloses personal information in the course of commercial activity:
To further clarify, the Limit section outlines who the act doesn't apply to, including individuals who collect, use or disclose personal information solely for personal or domestic purposes and nothing else:
The California Online Privacy Protection Act (CalOPPA) affects people far outside of the California state border. Here's how the Education Foundation of the Consumer Federation of California outlines who CalOPPA applies to:
So, it does apply to individuals if the individual owns or operates a commercial website or online service, and that commercial website or service collects and maintains personally identifying information from customers who reside in California.
Australia's Privacy Act
This act only applies to:
- Some government agencies
- Privacy sector organizations and not-for-profits that make over $3 million annually
- All private health service providers
- Some small businesses
The GDPR goes about things a bit differently and uses the terms "data controller" and "data processor" throughout the legislation.
Either of these roles can be an individual, which means the majority of the law must be followed when applicable, regardless of whether you're an individual with a website or a large company with one.
Here's how Article 4 defines these terms:
You run a blog that invites readers to submit recipes to you through email, so you'll have their email addresses and probably their real names.
You sell products from your website or app and have shipping addresses, mailing lists, and financial information at your disposal.
You don't sell anything from your website, but you use Google AdSense and are an Amazon affiliate.
- Your blog sends out a monthly newsletter to an email mailing list.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.