After a number of high profile data breaches occurring in 2017 (the Equifax data breach and Facebook Ads vulnerabilities were probably most well known to Canadians), the European Union put the finishing touches on it’s robust data protection framework, the General Data Protection Regulation, or GDPR, and began enforcing it on the 25th of May, 2018. The implications of this new regulation for online businesses worldwide were significant, and the potential penalties for failing to comply are considerable. Fines of up to 20 million Euros or 4% of a company’s annual global revenue, can be levied against companies inside or outside of the EU.

Canada already had its own privacy protection policy established in the Personal Information Protection and Electronics Document Act (PIPEDA), which was enacted way back in April of 2000. This law applies to any Canadian company or any company that collects information from Canadian visitors. There are two different types of personal information defined by PIPEDA:

  1. Customer – name, address, banking info, etc.
  2. Employee – Social Insurance Number, work history, Record of Employment, etc.

Any company who collects this type of information is required to have a Privacy Policy in place. For more information, and for a detailed guide to the 10 principles outlined in PIPEDA, visit the Privacy Commissioner’s website.

So what does this have to do with me?

Although adding a privacy policy page to your website is not going to bring you any big benefits in the SEO game, and the fact that more than 75% of people never even bother to glance at these policies while visiting  a website, it does give your business an added look of professionalism and shows a commitment to being a good citizen of the online world.

Taking the time to create a privacy policy for your website can be an excellent time for reflection on how you are handling your clients private information, and to review your security and protection protocols. There are a number of websites out there that can provide you with a free sample privacy policy template to use (Termsfeed is a great example), and WordPress is even providing its own privacy policy template to use with your site. As an added bonus, you’ll increase your customers trust, and reduce your legal risk and liability.

What about cookies?

You’ve probably noticed that a lot more of the sites you visit lately have some sort of pop-up box asking you to “Accept Cookies” before you can access their content, but just what are cookies? A cookie is just a small file sent from the website to the users browser, and is intended to capture some information about your browsing session in order to improve your subsequent interactions with the same website. These tasty little morsels also provide a tremendous amount of information to marketers for creating those targeted ads that follow you around the web, but don’t let that deter you from accepting cookies, as the benefits of these little files can be substantial when viewing content online. While the Canadian government doesn’t have a specific policy in place for the use of cookies, it is considered best practice to provide information to your site visitors about the use of cookies on your site, although the government still places the onus on the site visitors to manage their own cookie preferences.

So how about a little privacy?

Taking the time to create and regularly review your website’s privacy policy should be considered a normal part of doing business on the web these days, and is a great way to signal your integrity to the online community. Showing your commitment to security and data protection, while helping to shield yourself from potential legal action, sounds like a no-brainer to me, and it’s why I’ve created my own Privacy Policy page for this website, which you’re free to copy and adjust to fit your business, or feel free to contact us for help with setting up your own policy page.