If you are at the beginning of your business and quite curious to find out what’s with the legal statements and agreements, there are indeed things you should know about them.

From the first place, it’s best for you to learn that they are means of safety, both for your website and for the users and that they must obey legislation. But are they mandatory by law?

The answer is both No and Yes. Privacy policies, documents that state your actions concerning your users’ personal information protection, are mandatory.

Concerning Terms of use, well, the law does not oblige you to have such document, but a wise thing to do is certainly to have it too, because it displays information about your business, what you do and what you don’t, in other words, it stands for transparency and honesty, as important steps in building online trust.

Let’s focus on privacy policies, since the law decided implementation as mandatory. When, where, and especially, why?

State of California has the Business and Professions Code that claims the following: any “operator of a commercial website or online service that collects personally identifiable information through the Internet about individual consumers residing in California” must have a privacy policy on its website.

Before rushing to say this does not concern you anyhow, because you’re not in California and your site does not have its content hosted on servers in California, we suggest you to rather take an in-depth look at the statement above. The situation of websites, through their different statute (online business) comparing to other category of businesses, is called “long arm statute” by laws, hence of their reach, meaning, websites can be reached by anyone with an internet connection.

There’s no doubt this may lead to data gathering even from clients residing in California. Internet is not a matter of geography, so it is considered that your site is reachable from any other state, as well.

The California state considers having a privacy policy mandatory. As a practical matter, site owners have no real means to exclude users/consumers/clients from California.

More notes about this law here.