Tips for Privacy Policy

Why do I need  a privacy policy for my small business?

Required by Law

If purchasing your product or service requires customers to give you personally identifiable information, you are required to post a Privacy Policy on your website or make one available at your office or storefront. Personally identifiable information is the universal description of any information that can be used to identify, contact or locate an individual. It includes but isn’t limited to the following:

  • Full Names
  • Date of Birth
  • Physical Addresses
  • Any Type of National Identification Number
  • IP Addresses (if tracked)
  • Telephone Number
  • Screen Names or Handles
  • Email Address
  • Credit Card Numbers

Protection From Liability

Small businesses have the most to lose from poor data practices. You can handle data in a way consistent with local laws and your internal policies, but if a customer interprets that as mishandling, you may face liability or at least an expensive and time-consuming legal battle to fight the claim. A Privacy Policy explains your policies for handling information and distinguishes prohibited actions from allowed ones. Also, if a customer authorizes your procedures by accepting the Privacy Policy, they will not have a cause of action against you. Their acceptance authorizes your data practices and as long as you
continue as you stated in your Privacy Policy, you enjoy legal protection even if a customer suddenly decides they do not approve of how you handle their data.

Drafting Your Privacy Policy

Start with these provisions when drafting your complete Privacy Policy.

  • Information Collected
  • How Information is Collected
  • Information You Share or Disclose
  • How Customers Can Update Information
  • Data Protection Measures
  • Opt-out Procedures
  • Updates and Notification

Drafting Tips

  • Never ask for more information than is necessary. If you do not require a customer’s date of birth to provide services, do not ask for it. The less personal data you collect the less work you need to perform to keep it safe and track it.
  • Write in plain language. Consumers are becoming more savvy about the data they share and how companies use it. Writing a vague or unnecessarily complex Privacy Policy puts them on alert and they will be less likely to do business with you. Use plain language and consider experimenting with other structures, like a FAQ or adding a table of contents.
  • Customize to your business. A fitness studio collects different data than an accounting firm. You can start with a template or a borrowed Privacy Policy, but make it relevant to your business and the information you collect.
  • Implement good information practices. A Privacy Policy gives a solid foundation and strengthens relationships with your customers, but that will mean nothing if you fail to instill the right security and virus protection for your systems. A well-drafted Privacy Policy is a good start to handling your customer’s personal data well and will help you enact better information protection practices.

Tips for Cybersecurity


If you’d like to learn more, please call Empire State Bank at 866-646-0003. Or, simply speak with an Empire State Representative at Banking Center near you.

Find UsLocation & Hours Connect with Us on LinkedIn Like Us on Facebook Follow Us on Instagram

Next Section

Back to Top

Internet Explorer 11 is outdated. For improved security and optimized performance we highly recommend upgrading your browser. ChromeFirefoxEdge