Have you ever scrolled to the bottom of a website and see in teeny-tiny letters a hyperlink that says “privacy policy” on it? Or maybe a privacy policy popped up on a website while you were browsing? Whilst you may quickly click ‘Accept’, close the box and move on; the same laissez-faire attitude can’t be taken when creating one for your website. You may be thinking to yourself, “Do I need a website privacy policy in Canada?”
And the answer is yes, absolutely, especially if you’re Canadian business as it’s a requirement under the Canadian Government’s Personal Information Protection and Electronic Documents Act or otherwise known as PIPEDA. According to the Office of the Privacy Commissioner of Canada2 , “organizations must generally obtain an individual’s consent when they collect, use or disclose that individual’s personal information.”
But what constitutes as an individual’s personal information?
You may think that by creating a simple website with a contact box on it will help you to avoid having to use a privacy policy but the truth is according to PIPEDA “personal information includes any factual or subjective information, recorded or not, about an identifiable individual.2” This may include name, age and even the individual’s Internet Protocol (IP) address or cookies, among others. Many website hosts and website plugins track an individual’s IP address or cookies to gain information about your website users so that it can provide you with data to help improve or monitor your site. Even if you decide to never view or use this information, many website hosts track this automatically meaning your website is collecting your website users personal information.
So essentially, if you collect data of any kind on your website, in order to be compliant with PIPEDA, as a Canadian business or practice owner, having a website privacy policy on your site is a must.
In this article, I’ll explain what a website privacy policy is, what should be included and where you can purchase affordable a legally-drafted website privacy policy in Canada.
What is a Website Privacy Policy?
A website privacy policy, is essentially a statement or legal document on a website that explains how the owner of the website – you – gathers, stores, protects and uses any personal data provided by website users. Website users are anyone who visits your website, regardless if they become an active client into your business or practice.
You might be thinking to yourself, “Does anyone even scroll to the bottom and look at the privacy policy?” The answer is sometimes.
As a website user, you may notice that more times than not, you choose to skip over the fine-print. The privacy policy, although not be always viewed by website users, is essential and required to protect your website users so that they understand how their information will be used, and protect you the owner of the website as you’re providing informed consent and transparency with why, how, and when you’ll use the website user’s information.
What Should a Website Privacy Policy Include?
Legal documents and policies are hard to understand, especially when you’re expected to write one yourself! Sometimes they have such superfluous language that you can’t make heads or tails of what they mean.
So, let’s break this down a little shall we; let’s take a look at what a website privacy policy in Canada really protects against and some of the clauses it should include:
How and why you collect data
You’ll need to clearly state why you collect a person’s data. Maybe, you track users with cookies so you can re-target them with better marketing. Maybe, you import the inquiries that you receive into Practice Management Software or Client Relations Manager. Or maybe, you track analytics through website plugins, like Google Analytics or Jetpack, to better understand your website users. However, you use it, you must clearly state it in your policy.
Who and how website users can contact
When you have a website privacy policy it is important to have your contact information attached so that if a website user has questions about your privacy policy, they can reach out to you. Even if you run an online business or practice, you’ll need to provide contact information on your privacy policy which may include your telephone number or even your email address. In addition, you’ll want to ensure that you provide your organizations process for reaching out to you if any website users has a concern.
How users can opt-out
It is a requirement to provide users with an option to ‘opt out’ or to not participate in data collection. This option must be clearly stated in your policy and must be easy to navigate on your website.
What your dispute resolution is
This is a big one. How do you protect yourself whilst also allowing a smooth, pain-free resolution process for those who feel their privacy rights have been violated? This is absolutely essential to any website privacy policy.
But this only scratches the surface of what a proper privacy policy should include.
What to not do when creating a privacy policy
Now that you know what a website privacy policy is and just how important it is to have on your website, you may be thinking “Could I sneakily use someone else’s policy and just swap out their business name for mine?”
No. Stop. That’s a dangerous road to go down.
Coping another website’s privacy policy, terms of use or terms and conditions and passing it off as your own, breaches copyright law1 – unless you have you a licence to use the material. Not to mention you may be overlooking specific areas pertaining to your website’s uses, making your policy incomplete or incorrect, leaving you wide open for liability in regard to privacy law compliance3 that only a Canadian legally-drafted privacy policy can help protect you.
Purchasing a Legally-Drafted Website Privacy Policy
One of the best ways to protect yourself and your website is to purchase a legally-drafted website privacy policy from a legal professional. You can reach out to a legal professional in your province to draft a website privacy policy for you, or you can find a legal professional who sells downloadable templates online. Regardless of your choice, seeking professional advice is key to ensure that your website is protected and appropriately following PIPEDA.
Disclaimer
Please be advised that I am not a legal professional and the information in this article is not to be considered legal advice. Instead, this article is intended to be informational and educational in nature and consulting with a legal professional is always encouraged.
References
[1] Justice Laws Website. (2023) Copyright Act. Retrieved from https://laws-lois.justice.gc.ca/eng/acts/C-42/page-2.html#h-102726
[2] Office of the Privacy Commissioner of Canada. (May, 2019). PIPEDA in Brief. Retrieved from https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/
[3] Office of the Privacy Commissioner of Canada. (2021). The Personal Information Protection and Electronic Documents Act (PIPEDA). Retrieved from https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/