Image of a small business owner reviewing a privacy policy.

Data Protection Tips

Understanding how to get your business privacy policy just right can be tricky. But it doesn’t have to be! Take a look at our expert tips on creating a solid privacy policy that works for you and helps to protect your business.

Protect your customer’s personal information with transparency.


The way business is conducted is shifting, and more emphasis is being put on online commerce. Though that has many perks, such as access to a global market, it does come with more risks. Having a strong privacy policy available online for your users to review should now be looked at as a top priority for every entrepreneur. It will not only paint you as a more reputable company, but a solid privacy policy can protect you from liability and even increase the value of your business, so why wouldn’t you prioritize it? As you are developing your own privacy policy, take a look at these tips to protect your business from hacking and identity theft risks.

Privacy policies “are contracts between your business and everyone that interacts with your website,” says Enrico Schaefer, founding attorney of Traverse Legal, a firm that specializes in Internet law. “They tell people what information you are compiling about them and how you are using it.” Businesses collect all kinds of personal identifiable information, including names, e-mail addresses, and phone numbers. Some of it can be particularly sensitive, such as health, financial, and employment details. If customers are to trust you with their personal information, you need an ironclad privacy policy so they know exactly how their data will be used.

If you’re going to share customers’ personal data with anyone, whether it is employees, marketing partners, or third-party organizations, keep these tips for creating a privacy policy in mind:

Privacy Policies Protect Your Business

A strong policy lets website visitors know up front how you will use their information, so it protects you from lawsuits over how you use customer data. “Privacy policies are very important just from a liability management standpoint for every small and medium-size business,” says Schaefer. “What’s more, if a customer complains about the way you use personal information, your policy is essential for protecting your reputation.”

Certain Privacy and Data Protection Practices Are Required by Law

While a business is not legally required to have a privacy policy, there are numerous privacy laws that can impact your company. For example, websites that target children under age 13 must adhere to the Children’s Online Privacy Protection Act (COPPA) protection of personal information is regulated by the Federal Trade Commission. You also need to follow state privacy laws wherever your customers live, and some states are more strict than others depending on the specific state laws. Spending some time getting familiar with these privacy laws and building your privacy policy around them is crucial for the security of your company.

Tailor Your Data Sharing Policy to Your Business 

While there are privacy policy templates you can use, a simple cut-and-paste job is not likely to fit your specific business. “It’s not a good decision to make over the long term,” says Schaefer. “There are websites such as FreeprivacyPolicy.com that can help you craft a document more closely aligned with your needs, but the safest route is to have a lawyer tailor a policy that meets your exact business model,” Schaefer adds. The most important thing is to feel that your privacy policy encompasses all it needs to in order to protect your business and customers. Creating a custom policy will help you achieve that goal.

Cell Phone and Online Sales Concerns

Privacy requirements extend to all forms of electronic commerce, including smartphone apps. In fact, apps actually require more extensive policies because Apple mandates that vendors meet very strict privacy and disclosure standards in the iTunes store. With the majority of the population having access to smartphones, it is vastly important to consider how mobile devices will fit into your privacy policy, especially if your company has created an app for consumers.

Data Protection Policies Can Boost Your Overall Value

“Sometimes, the information you are collecting is a business asset,” says Schaefer. “If you decide to sell your company, it will be worth a lot more to prospective buyers if your policy allows you to include your contact lists for sales and marketing.” Consider this when building your policy, and decide how extensive and involved you want this factor to be.

If you are operating a business online and don’t have a privacy policy in place, you are putting your company’s reputation and financial stability at risk. Not to mention implementing a policy has many advantages beyond just security, so no matter what way you look at it, the benefits outweigh the costs. As you’re considering a privacy policy for your business, now is a great time to contact your American Family Insurance agent (Opens in a new tab) to fine-tune coverage that fits your business needs. And if you’re a new business just crafting a privacy policy, you’re in luck. “The best time to get these things drafted and customized to your business model is before you launch a new version of something,” Schaefer says. However, “the sooner the better.”

Tools & Resources

Explore our tools and smart tips.