Privacy Policies for Online Coaches

Are you an online coach or considering becoming one? If so, you'll need to know all about the particulars of Privacy Policies and privacy laws within your industry.

This article will detail the different types of online coaching available, the unique considerations required for their Privacy Policies, and the various legislations you will likely need to abide by as an online coach.

We will also discuss the basic setup for an online coaching business and explain the potential issues regarding privacy, as well as the various considerations that need to be taken into account when collecting personal information from clients.

The Online Coaching Trend

Online (also known as virtual) coaching has become a hugely popular trend that can be seen in almost every industry. If you can think of it, there's likely an online coach out there for it.

There are life coaches, confidence coaches, wellness coaches, personal development coaches, business coaches, relationship coaches, executive coaches, financial coaches, sales coaches and so many more.

The rising popularity of the coaching industry can be attributed to a few things, but the two main influences are the increase in services moving online, and the fact that people are now much more open to the idea of self development and improvement through such services.

The definition and purpose of a coach tends to vary depending on who you're talking to, but the most broadly accepted way to describe it is someone who helps you move from where you are, to where you want to be.

Coaches can also be referred to as mentors, teachers, guides, motivators and accelerators, and they can be a really effective way to achieve self-improvement.

An online coach will work with someone to find the right path to achieving their hopes, dreams and goals.

While the coaching industry might've been relatively small before, it's certainly become an 'on trend' profession now, with courses now available that teach just about anyone how to be a coach in just about any industry.

Thanks to video-calling and instant messaging, online coaching has quickly become just as effective as face-to-face coaching. It's convenient for both client and coach, as they can simply arrange a time to meet that suits them, and they aren't restricted by borders - there is nothing stopping you from coaching someone in a different country.

But, as with any online service, there are quite a lot of privacy aspects that need to be considered when setting up your business.

Read on to find out how you can implement these aspects into your Privacy Policy.

The Need for a Privacy Policy

These days, every online business whether big or small should have a well-written Privacy Policy. Yes, even if you're just a blogger earning money through a small online coaching site of your own creation.

There are several reasons behind the necessity of a Privacy Policy, but first and foremost is the need for transparency and honesty between companies and clients.

So many business transactions happen online every day, all over the world. Personal data is given, shared, used and collected through each of these transactions, and ensuring its protection is imperative.

Data has become a new form of currency. An individual's personal information is now highly valuable to businesses, advertisers and government agencies, and the protection of such information is now considered to be another basic human right.

This is because personal information will often include sensitive details such as:

• Name and contact details
• Racial/ethnic origins
• Political preferences
• Sexual orientation
• Religious/philosophical beliefs
• Criminal or medical records
• Locations
• Payment or bank details

As an online coach, you'll very likely be handling this sort of sensitive information regarding your clients. It's best to know exactly what's expected for your Privacy Policy to avoid any legal issues that could potentially occur, and adhere to any of the necessary legislations.

What Legislation Should You Know About?

Depending on where you are located, there's likely to be privacy legislation in place that you may have to comply with.

Being aware of these and ensuring your business follows their stipulations is the best way to make sure you're compliant.

California Online Privacy Protection Act (CalOPPA)

The California Online Privacy Protection Act (most commonly referred to as CalOPPA) is a California state law that was first brought into effect in 2004.

Its most recent amendment was made in 2013, which brought in the requirement of Privacy Policies to include a section on Do Not Track (DNT) requests that users could set on their web browsers to avoid their movements being tracked online.

CalOPPA is a very effective legislation that applies to companies that collect personal information from customers or website visitors who are based in California.

If you're located elsewhere, even in another country, CalOPPA will still likely apply to you.

This is because even if you don't have much presence within California or the US, there is still a chance that your products and/or services could be utilized by a resident in California.

As such, regardless of where your online coaching business is set up, the requirements of CalOPPA should be taken into account when writing up your Privacy Policy.

These requirements are as follows:

• Add a conspicuous hyperlink to the Privacy Policy on the homepage of your business' website.

This hyperlink should stand out from the rest of the homepage, whether by using a different font style, size or color. The hyperlink must also contain the word 'privacy.'

• Your Privacy Policy must disclose the following:
• The kind of personal information that will be collected from customers
• The way this information will be used
• Any third-party services that this personal information may be shared with, as well as the purpose of this sharing
• How the company intends to respond to Do Not Track requests as set by each individual site visitor
• The process a customer can follow in order to view and edit any of their personal data that has previously been collected by the company
• The way the company plans on informing users about any changes to the Privacy Policy (such as through a generic, bulk email or pop-up notifications)
• The date the Privacy Policy came into effect

If a business is found to be non-compliant with CalOPPA requirements, they will be given 30 days to make the required changes and bring their policy up to date.

Failure to do so means they can be found negligent under the "unfair competition" provisions in the California Business and Professions Code, and this can result in a fine of up to $2,500USD for each violation.

This might not sound like a large amount, but each violation means that every time someone has visited your site while your Privacy Policy has been deemed non-compliant, it will result in a fine, which potentially adds up to a huge amount.

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulation that was created by the European Union (EU) to strengthen the protection given to individuals within the EU regarding the personal information they share online.

The main purpose behind the GDPR is to give consumers a much higher level of control when it comes to their data. Its aim is to unify and harmonize other regulations pertaining to data collection in order to provide a level playing field for both customer and company.

The GDPR replaced the Data Protection Directive of 1995, and came into full effect on the 25th of May, 2018.

Even if you're not located within the EU, don't make the mistake of believing the GDPR won't affect you. Similarly to CalOPPA, if your business caters to or handles personal information from any citizens of the EU, you're required by law to follow the rules of the GDPR.

As such, it's believed that the GDPR will have an impact on the majority of organizations throughout the world.

One of the key aspects of the GDPR are its enhanced requirements for a Privacy Policy.

Penalties for noncompliance can be steep, with fines reaching up to 4 percent of your company's annual revenue, or $20 million - whichever is the greater amount.

Personal Information Protection and Electronic Documents Act (PIPEDA)

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian law that was brought into effect in 2000 with the aim to govern how private sector organizations (for-profit companies that are not controlled by the state but run by individuals) collect and use personal information from their customers.

If you do any coaching with residents of Canada, you should become familiar with PIPEDA and its requirements.

The Online Coaching Business Structure and Privacy

Online coaching might sound simple, but structuring it as a successful business can be quite difficult. Coaches may have a rough idea of the style and approach they want to use in setting up their online business, but there are still various other aspects to be considered, such as the packaging of their services, establishing costs, and estimating how much time can be spent on each client.

Given the growing virtual nature of the coaching industry, any coach looking to setup online must take into account things like landing pages, online lectures, webinars and social media presence.

This setup creates quite unique considerations regarding customer privacy because you can't build a successful client relationship without needing a fair amount of their personal data and information.

Depending on your chosen coaching industry, there is likely to be a lot of sensitive information being sent back and forth between you and your client. As such, the importance of a detailed Privacy Policy extends further than legislative needs - it's truly in your client's best interests.

Your Privacy Policy

So, how can you create and display your Privacy Policy on your coaching site in a way that covers all the requirements from the various legislations?

There are several things you should include in your policy in order to make sure your customers will be fully informed of their rights before they begin working with you.

These are things such as:

• The specific information you collect from customers and the purpose of that collection
• Whether you will be sharing collected information with third-party services and/or affiliate companies, and who those services/companies are
• Any information on cookies used by your site (if you don't have a separate Cookies Policy)
• The way in which any customer or website visitor is able to review and edit the information you've collected from them
• How you intend to inform customers about any changes or updates to your Privacy Policy
• The particular privacy legislations you comply with (so in this instance, include initiatives like CalOPPA, the GDPR and PIPEDA)
• Providing customers with an option to opt out of sharing any information, as well as a full explanation on what that means
• The date your most recent Privacy Policy came into effect

The Coaching Institute's Privacy Policy is a good example of one that uses simple language while still covering necessary requirements such as what constitutes both personal and non-personal information.

When displaying your Privacy Policy, you'll be compliant across the board if you have a highly conspicuous hyperlink on all pages of your website that includes the term 'privacy.'

Here's how The Coaching Institute does this in a way that's simple, standard and effective:

The online coaching industry is a worthy one to get into. Being able to provide individuals with guidance, motivation and advice on some of the most difficult aspects of life can be really fulfilling.

However, you should run your online coaching business just as that - a business. Don't neglect important aspects such as ensuring all your policies and disclaimers are in place.

Without these, you leave your customer data open to risk and yourself open to potential lawsuits and liabilities. Luckily, this can be easily avoided by taking the above advice and creating a thorough and compliant Privacy Policy.