Beebe Law PLLC​

Copyright 2012 - 2023, Beebe Law, PLLC.  All Rights Reserved.

​Terminology Note

People often use the terms "Privacy Notice" and "Privacy Policy" synonymously, especially when referring to statements on a company website.  However, the International Association of Privacy Professionals ("IAPP") explains the term "Privacy Policy" to refer to the internal organization statement of the policies designed to communicate what practices to follow to those inside the organization, and "Privacy Notice" for external communications.  In practice, however, "Privacy Policy" is often used to describe either.  Beebe Law uses "Privacy Notice" on it's website for the public facing notice but for the purpose of this webpage, we will refer to the public facing information on a website as a "Privacy Policy."

What is a Privacy Policy?  

A website/app Privacy Policy is the agreement that discloses your data privacy practices, how you handle your users' personal information/data, and if you share or otherwise sell any of the data.  These agreements are often legally required by global privacy laws if you collect or use personal information, regardless of the platform used.  Similarly, these agreements can be required even if you don't collect data but use third-party tools (like Google Analytics, etc.).  Examples of such laws requiring Privacy Policies include EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA") and related California Privacy Rights Act ("CPRA"), all of which can impact Arizona entities depending on the nature of your business and customers.  In fact, more and more states in the United States are enacting comprehensive data privacy laws that might reach outside of their states to Arizona businesses.  Do you know if you are compliant with the ever changing laws?

Why do I need a Privacy Policy?

• They can be legally required.  That should be the "mic drop" as it's the most important reason.
  
• Your website/app users expect to see them.  In a world where every Tom, Pat and Sally can create a website or app, consumers are leery of shady looking websites.  Having a properly drafted Terms of Service and Privacy Policy can go a long way towards gaining consumer trust.

​Who requires Privacy Policies? 

•  Global and State Laws (which can impact Arizona entities depending on the nature of the business and customers) and each have their own effective date and unless and until there is a U.S. federal data privacy law that preempts all of these various state laws, businesses have a patchwork quilt of laws that they have to determine whether or not they need to comply with the regulations.  Some of these privacy laws include:
  • E.g., EU General Data Protection Regulation ("GDPR"), effective May 25, 2018
    
  • E.g., California Consumer Privacy Act ("CCPA"), effective Jan. 1, 2020
  • E.g., California Privacy Rights Act ("CPRA"), effective Jan. 1, 2023
    
  • E.g., Colorado Privacy Act ("CPA"), effective Jul. 1, 2023
    
  • E.g., Connecticut Data Privacy Act ("CTDPA"), effective Jul. 1, 2023.
    
  • E.g., Indiana Consumer Data Protection Act ("INCPA"), effective Jan. 1, 2026
    
  • E.g., Iowa Consumer Protection Act ("IACPA"), effective Jan. 1, 2025
    
  • E.g., Montana Consumer Data Privacy Act ("MTCDPA"), effective Oct. 1, 2024
    
  • ​E.g., Tennessee Information Protection Act ("TIPA"), effective Jul. 1, 2025
    
  • E.g., Texas Data Privacy and Security Act ("TXDPSA"), effective July 1, 2024
  • E.g., Utah Consumer Privacy Act ("UTCPA"), effective Dec. 31, 2023
    
  • ​E.g., Virginia Consumer Data Protection Act ("VACDPA"), effective Jan. 1, 2023
• Third-party tools
  
  • ​analytics tools
    
  • accepting payments
    
  • ads and remarketing
    
• ​App stores
  
  • ​Apple App Store
    
  • Google Play App Store
    
  • ​Microsoft Windows Phone Store
    

What kind of platforms should have a Privacy Policy? 

This type of an agreement generally belongs on the following types of platforms:

• Websites
• WordPress blogs (or other similar blog type platforms)
• E-commerce stores
• Mobile apps: IOS, Android or Windows Phone
• Desktop apps
• Facebook apps
• SaaS apps
• Digital products or digital services

What kind of information can be considered "personal information"? 

Information privacy is concerned with establishing rules that govern the collection and handling of personal information and therefore understanding what constitutes "personal information" is incredibly important. Central to this point is learning what types of information can be linked to a particular person versus information that is merely obtained in the aggregate or statistical information.  Here in the United States the terms "personal information" and "personally identifiable information" (often shortened to "PII") include information that makes it possible to identify an individual.  Examples of personal information can include:

• names
  
• social security number/passport number
• driver's license numbers
  
• birthdates
  
• street address/billing address
  
• telephone numbers
  
• Geo-location information ("GPS")
• health information
  
• biometric information (fingerprints, facial patterns, voice or typing cadence, etc.)
  
• email addresses
• social media handles and profile images
  
• ​Internet Protocol ("IP") address
  
• financial information​

Why should I be careful with using free versions of Privacy Policies?

We know that it's tempting to get documents online - after all, free is a great price!  The same goes for using ChatGPT to create yourself a legal document.  However, those free forms aren't crafted with your particular business needs, goals, and risk tolerance in mind nor do they necessarily take into consideration the most recent regulations and laws that seem to change frequently.  Furthermore, regulators and courts often treat your Privacy Policy as an enforceable promise made by the company to the users/customers.  If you just snag a free document, or have ChatGPT draft it for you, and you don't understand the promises that are being made, you can find yourself in hot water legally speaking.  Working with a privacy professional, or a lawyer that keeps up to date with the constant changes, provides you opportunity to have each clause explained to you so you know what your duties are, and helps prevent you falling out of compliance when the law changes - and they do change as technology evolves.

​​​​If you don't have a website Privacy Policy, or started with one of those generic free or low-cost forms, that's okay!  Better late than never! If this is you, and you're ready to elevate your business reputation and protect your business by having us draft or otherwise review your existing Privacy Policy, contact us! 

Not sure where else your website might need some TLC in order to help avoid legal liability?  Contact us to inquire about having us prepare for you our multi-point Business Website Risk Audit Report which includes a section on website Privacy Policies.  It's better to let us tell you ahead of time where you can improve so you can address issues now instead of waiting until an issue arises - because at that point, it's likely to cost you a lot more money to deal with.  Trust us, being proactive is a lot better than being reactive!

Website Privacy Policies

Of course people read these things... Well, sometimes. Okay, maybe enough just to see that you are legit - and that, outside of protecting you, is what's important!