Privacy Policy for Individuals

Privacy Policies aren't just required for big businesses. Anyone who collects personal information from users via their website or app should have a Privacy Policy to help comply with applicable privacy and data protection laws.

This article explains what a Privacy Policy is, why individuals need one, what laws require a Privacy Policy, and how to write and display a Privacy Policy for individuals.

What is a Privacy Policy?

A Privacy Policy is a legal document that outlines users' privacy rights and explains how you collect, use, and disclose users' personal information.

Many privacy laws require businesses, organizations and individuals that meet their criteria to maintain a Privacy Policy on their websites or apps.

What is Personal Information?

Personal information is any data that can be used on its own or in combination with other information to identify an individual.

Personal information can include:

• Names
• Addresses
• Email addresses
• Phone numbers
• Health and financial information
• Driver's license or Social Security numbers

Why Should Individuals Have a Privacy Policy?

Having a Privacy Policy in place when you are conducting business as an individual can help provide protection against personal culpability.

Even when a website or app is marketed under an individual's name, it is typically owned by a company.

For instance, investor, advisor, and author Tim Ferriss provides productivity products, including multiple books and a podcast featuring his name, The Tim Ferriss Show:

However, the Tim Ferriss Privacy Policy doesn't refer to him personally, and instead applies to an entity, Seneca and Marcus, LLC, that functions on behalf of Tim Ferriss:

Incorporating can help provide individuals with personal liability protection. If a user sues you, the company will be held responsible instead of you.

If you put your Privacy Policy in your name, users can hold you personally responsible for any breaches of the document. That means that your personal assets may be at risk and you may have to pay out of pocket from your personal bank account (instead of your business accounts) for legal fees and fines.

While it may seem like creating a Privacy Policy as an individual would leave you open to legal liability, it can in fact offer you a layer of legal protection that you may not have without it.

Anyone who collects or processes (uses) consumers' personal information should have a Privacy Policy to help comply with privacy and data protection laws. While some privacy laws only apply to companies that process a certain amount of personal data each year, other laws apply to anyone who collects or processes any personal information.

That means that even if you don't sell a product or service on your website, if you collect or use visitors' personal information you should have a Privacy Policy.

For example, many individuals who don't sell goods or services still collect users' personal information for advertising or analysis purposes via cookies, email sign-ups, or third-party service providers.

Legal compliance purposes aren't the only reasons you should have a Privacy Policy. Consumers value their privacy, and being transparent about why and how you collect their personal information and what you do with it can help build trust with your audience.

What Laws Require a Privacy Policy?

Several state and global laws require applicable businesses, organizations, and individuals to maintain a Privacy Policy on their websites and apps.

Laws that require a Privacy Policy include:

• The Children's Online Privacy Protection Act (COPPA). COPPA is a federal law that requires anyone who operates a website in the United States and collects or processes children's personal information to maintain a link to a COPPA-compliant Privacy Policy that explains how they handle children's personal information.
• The California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA). The CCPA/CPRA applies to for-profit businesses that meet its thresholds. If you don't get more than 50% of your revenue from selling or sharing California residents' personal information, buy, sell, or share personal information from more than 100,000 California residents, or make over $25 million/year, you're likely exempt from this law
• Virginia's Consumer Data Protection Act (VCDPA). The VCDPA applies to data controllers (those who make decisions about how and why to process personal data). Individuals who do business in Virginia, control or process personal data belonging to at least 100,000 Virginia consumers or at least 25,000 consumers, and get more than 50% of their gross revenue from selling personal data must comply with the VCDPA.
• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA applies to organizations that collect, use, or disclose Canadian residents' personal information, including individuals acting in a commercial capacity.
• The General Data Protection Regulation (GDPR). The GDPR applies to organizations based in the EU who process personal data belonging to EU residents, or those based in other countries who offer goods or services to or monitor the behavior of EU residents.

Keep in mind that the privacy laws that pertain to you can be based on both where you live and where the people who visit your site or use your app live. It's your responsibility to keep abreast of the privacy legislation that applies to you and protects your users.

How to Write a Privacy Policy for Individuals

The clauses your Privacy Policy should contain depend on your unique website and/or app, the types of personal data you collect and what you do with it, and the laws that apply to you and your users.

Privacy Policies typically contain the following clauses:

• The types of personal information you collect
• What you do with the personal information you collect
• Who you share personal information with
• What categories of personal information you share with third parties
• How you keep the personal information you collect secure
• A list of consumers' rights and how they can exercise their rights
• How you handle children's personal data
• Your contact information

The table of contents of Google's Privacy Policy includes clauses about the types of information it collects, its reasons for collecting data, and how it keeps personal information secure, among others:

Let's take a look at the information that each of these clauses should include.

What Personal Information You Collect or Process

This clause describes the types of personal information you collect, such as names, email addresses, and credit or debit card numbers.

Book Writing Coach Lisa Tener's Privacy Policy lists the types of personal information her website may collect, including users' contact and billing information:

Your Reasons for Collecting or Processing Personal Information

You should limit your collection of personal information to that which is absolutely essential to fulfill your purposes. Common reasons for collecting or processing personal information include communication, advertising, and order fulfillment purposes.

Lisa Tener's Privacy Policy explains that users' personal information may be used for communication, payment processing, and targeted advertising purposes, and that users' personal information may be shared with third party service providers:

Third Parties You Share Personal Information With

This clause lets users know what third parties you share personal information with, such as service providers or affiliates.

Many privacy laws require you to inform users if you share their data with third parties, sell their personal data, or use their personal data for targeted advertising (marketing based on users' online activities) purposes.

Author Coach Kelly Irving's Privacy Policy explains that personal data may be shared with third-party service providers, but only with users' consent:

The Types of Personal Information You Share With Third Parties

You should list the types of personal information you share with third parties, such as contact and financial information and information about how users interact with your website.

Editor and Writing Coach Jamie Morris lists the types of personal data she collects and explains that she shares financial data with PayPal, a third-party payment processor:

How You Keep Personal Information Safe

It's important that you keep the personal information you collect or process safe. This clause explains how you keep users' personal information secure, such as by implementing administrative, technological, and physical safeguards.

Kelly Irving's Privacy Policy explains that she only transfers personal data to jurisdictions that are subject to data protection laws, keeps personal data only as long as needed to fulfill its purpose, and responds to users' data deletion requests:

How Users Can Exercise Their Rights

You should use this clause to list users' privacy rights under applicable laws and how they can exercise those rights.

Many laws require you to enable users to, at a minimum:

• Access, edit, or delete their personal information
• Opt out of certain data processing activities (such as the sale or sharing of their personal data)

Some website owners will include additional clauses within their Privacy Policies to detail users' location-specific rights.

Mindset Coach Laura Herde's Privacy Policy lists EU residents' privacy rights under the GDPR and includes an email where consumers can send requests concerning their personal data:

Dotdash Meredith's Brands Privacy Policy provides users with links allowing them to opt out of marketing emails and delete their personal information:

Users can scroll down to find out how to access region-specific information concerning their privacy rights:

How You Handle Children's Personal Information

This clause explains how you collect or process children's personal data.

Laura Herde's Privacy Policy explains that she does not collect or use children's personal data, and that she will delete any personal data belonging to a child that is collected unintentionally:

Your Contact Information

You should let users know how they can contact you. The more ways you give users to get a hold of you, the better. Ideally, you should include your name, mailing address, phone number, email address, and a link to an online contact form.

Apartment Therapy's Privacy Policy contains its email address, mailing address, and phone number:

How to Display a Privacy Policy for Individuals

Once your Privacy Policy is written, you will need to put it somewhere users can easily find it. You should place a link to your Privacy Policy anywhere you collect users' personal information.

Common places to put a link to your Privacy Policy include:

• Website footer
• Checkout page
• Account creation/login page
• Newsletter subscription page
• In-app menu
• Cookie Consent Banner

Let's look at why each of these areas works well for linking your Privacy Policy.

Website Footer

Putting a link to your Privacy Policy within your website footer helps ensure that users can access it from any page on your website. Many businesses put links to their legal documents within their website footer, so users tend to know to scroll down to find a website's Privacy Policy.

Kelly Irving's website footer includes links to her Terms of Use agreement and her Privacy Policy:

Checkout Page

You should give users the opportunity to read your Privacy Policy before collecting their personal financial information. Adding a link to your Privacy Policy on your checkout page helps ensure readers can access your Privacy Policy before they make a purchase from you.

Here's an example of this:

Account Creation/Login Page

If you allow users to create an account with you, you should put a link to your Privacy Policy on your account creation or account login page.

Here's an example:

Here's another example of this:

Newsletter Subscription Area

You should add a link to the area of your website where you collect users' email addresses or allow users to sign up for a newsletter.

Here's an example of a Privacy Policy link located directly above a newsletter subscription area:

Good Housekeeping's newsletter subscription pop-up box includes a link to its Privacy Notice:

In-App Menu

If you have an app, you should make sure users can access your Privacy Policy either via a page within your app or through a link that takes users to an external Privacy Policy page.

When users download website and app developer Alessandro Riperi's app Novelist they are provided with links to his Privacy Policy:

Cookie Consent Banner

A Cookie Consent Banner is a pop-up notification that lets users know that you use cookies - small files that are stored on a user's device. A Cookie Consent Banner should give users the option to adjust their cookie preferences and should include a link to your Privacy Policy and, if you have one, your Cookies Policy.

Jamie Morris has a Cookie Consent Banner that contains a link to her Privacy Policy:

How to Get Agreement to a Privacy Policy for Individuals

One of the most effective ways to request clear consent from users to agree to your Privacy Policy is by having them check a box next to a statement showing that they have read and agree to your policy.

When users create an account with Nintendo, they must tick a checkbox indicating that they have read and agree to its Privacy Policy:

Summary

A Privacy Policy is a legal document that explains how you collect and use consumers' personal information and how they can exercise their privacy rights.

Individuals should have a Privacy Policy to help them comply with applicable privacy and data protection laws and to help build consumer trust.

Laws that require a Privacy Policy include:

• COPPA
• CCPA/CPRA
• VCDPA
• PIPEDA
• GDPR

Your Privacy Policy should be clearly written, easy to access, and regularly updated.

A Privacy Policy for individuals should contain the following clauses:

• What personal information you collect
• Why you collect personal information
• Who you share personal information with
• The types of personal information you share with third parties
• How you keep the personal information you collect secure
• How users can exercise their privacy rights
• What you do with children's personal information
• How users can contact you

You should display your Privacy Policy wherever you collect users' personal information.

Common places to put a link to your Privacy Policy include:

• Website footer
• Checkout page
• Account creation/login page
• Newsletter subscription area
• In-app menu
• Cookie Consent Banner

You can use a checkbox next to an "I Agree" statement to get users to consent to your Privacy Policy. Include a link to your Privacy Policy when requesting consent.