Why do I need a Privacy Policy?

Hunter Nelson
Published: July 16, 2019
Last Updated: October 29, 2022
privacy policy for small business
Home » Blog » Why do I need a Privacy Policy?
Free Web Marketing Consultations

Helping B2B Technology Companies Increase Their Lead Volume.
Serving: IT, MSP, Cybersecurity, Software Dev, SaaS, ISV, VARs & More.
Apply Now
Table of Contents
    Add a header to begin generating the table of contents

    Data privacy is a topic that is of growing concern to many consumers around the U.S. and you may have heard the term privacy policy a time or two in recent history but haven’t paid it much mind. If your just getting into digital marketing or are updating an existing marketing site you may be wondering what all the fuss is about.

    “Why do I need a privacy policy”

    If this is a question you’ve asked yourself in recent history then this article is for you.

    Why do I need a privacy policy

    Top 3 reasons you need a privacy policy

    There are many reasons to have a privacy policy for your business and on your website but if you had to boil it down to 3 high level reasons they’d be…

    1. It builds trust with your customers
    2. It protects you from lawsuits
    3. In many business contexts, it’s legally required

    Yes, drafting a privacy policy isn’t many peoples favorite activity but it doesn’t have to be a complicated for many businesses, it’s really just a matter of taking some time to think about the customer data your business collects and getting some thoughts down on paper about how you will handle, distribute, and process it.

    “But I don’t collect any personal information, why do I need a privacy policy?”

    Trust me when I say that’s its very easy to collect personal information accidentally these days on the internet. Data privacy is still very much a growing field and will evolve very slowly over time since regulators are slow to implement consumers protections that could restrict commerce. Because of the lack of regulation, there are still many grey areas when it comes to defining personal information and what acceptable collection and processing practices are.

    The law is clear in that you must have a privacy policy if you are collecting personal information though so it’s better to err on the side of caution if you are uncertain.

    IP addresses, cookies, and other snippets of information that describe your sites visitors can be collected invisibly through the course of using common services like social media, SaaS tools, or more obviously through contact forms on a website.

    You are much better off defining a privacy policy just in case, than accidentally collecting personal information without disclosing it to your end users.

    Share This Article
    Posted in:
    Tagged:

    Hunter Nelson

    Hunter is the founder and president of Tortoise and Hare Software, a digital marketing agency for the technology sector and other lead generation oriented businesses. Hunter has more than 10 years’ experience building web applications and crafting digital strategies for companies ranging from scrappy startups to Fortune 50 household names. When not on the clock, you'll find him spending time with his family and pups, relaxing on the beach, or playing competitive online video games. See for more.

    Leave a Comment





    Recent Blog Posts

    SEO Not Working: Here’s Why

    Lately I’ve been getting on more and more calls lately with people saying something along the lines of “we’ve been doing SEO or inbound for 6 months, 12 months, or…

    Why SEO Investments Help Your MSP Weather a Recession and Keep the Door Open for New Opportunities

    What happens to your pipeline when the phones go quiet, inboxes stay cold, and paid ads stop converting? That’s not a hypothetical. It’s what happens in a recession. Budgets freeze.…

    MSP Marketing – How to Build a Strategy That Works

    Let’s be honest—most MSP marketing doesn’t work.Not because the tactics are bad, but because they’re unaligned. What looks like a marketing problem is often a strategy problem in disguise. Most…

    The 10 Best MSP SEO Agencies To Help You Grow Organic Traffic

    If you’re searching for SEO agencies for MSPs, the list of generalists can feel endless—and underwhelming. Most SEO providers don’t understand the managed services space, much less the buyer behavior,…

    Why Your MSP’s Online Marketing Efforts Are Failing

    If you’re leading an MSP and investing in online marketing, you’re probably feeling a growing sense of frustration. You’ve put money into websites, content, ads—even hired an agency or two…

    What Makes a Great MSP Website? 5 Examples You Should Follow

    Your MSP website is more than just an online brochure—it’s a powerful tool for attracting and converting potential clients. But what makes a website truly effective in the competitive managed…

    Related Blog Posts

    CMMC Presents New Marketing And Sales Opportunity for MSPs

    Have you heard about the Cybersecurity Maturity Model Certification (CMMC)? It’s a universal standard meant to enhance and normalize cybersecurity throughout the Defense Industrial Base (DIB). Released on January 31,…

    One Way Hash Functions and Data Privacy Compliance.

    This article will discuss how a one way hash function can be used in the context of privacy compliance for regulations like the GDPR. Storing customer’s personal data is an…

    GDPR Principles: Accuracy

    The accuracy principle states that controllers and processor should make reasonable efforts to ensure personal data is accurate.  They must allow citizens to challenge the accuracy of data and take steps to rectify or erase the data associated with the challenge.  Verification is sometimes needed to ensure data is accurate.  Controllers and processors should consider the impact to the individual and whether they collected the data or the user provided it when determining appropriate verification steps.  Organizations should document challenges and their responses thoroughly and in a timely manner. They should also document the thought process for determining whether personal data needs to be verified and the verification steps taken if necessary.

    SAR Portal – Privacy Definitions

    The GDPR and subsequent chain of privacy laws passed in countries around the world have resulted in a slough of new lingo for privacy professionals and IT professionals to learn.  One of these new terms is the SAR portal.  SAR portal stands for Subject Access Request portal.  Many of the new privacy laws grants certain rights to the citizens of their countries that allow them to make certain requests to businesses and other organizations that collect and process personal data.  The types of rights that are granted to citizens varies from country to country.  Some example requests that can be made are….

    GDPR Principles: Data Minimization

    Data minimization is the concept of collecting the minimum amount of data needed to carry out the stated purpose and no more.  When conducting a data minimization evaluation you must ensure that the data collected is adequate and relevant to your stated purpose as well as limited. The onus is on the organization to document compliance with this principle.  We recommend documenting a review of this principle each time new personal data is collected or processed.  Conduct at least an annual audit of personal data that has been collected or processed to ensure that changes in the business have not impacted compliance with the data minimization principle.

    GDPR Principles: Purpose Limitation

    The GDPR’s purpose limitation principle constrains the use of personal data to the original purposes or those purposes compatible with the original purpose.  There are a handful of pre-approved compatible purposes such as archiving purposes in the public interest, scientific and historical purposes, and statistical purposes. Under the GDPR, the burden falls on controllers and processors to document their purposes and reasoning behind them.  These must be documented externally to be transparent to the end user, and internally with regular audits. Care must be taken when deciding a purpose is compatible with the original.  An analysis must be conducted to determine compatibility and it’s a good idea to document the reasoning behind claiming a purpose is compatible with the original. Make sure to consider linkages to the original purpose, and consequences to the end user.

    Top Blog Content

    The Ultimate Guide To MSP SEO

    Search Engine Optimization (SEO) is one of the most important ways to attract new business for mid-market managed service providers (MSP). If you look at MSPs that have achieved any…

    The Ultimate Guide To Paid Search On Google Ads For Managed Service Providers

    Generating leads for your MSP can be a challenge. You spend so much time managing employees, making sure customer support tickets are answered, procuring hardware, and defending against cyber threats,…

    The Ultimate Guide To MSP Website Optimization

    A well-optimized website is essential for Managed Service Providers (MSPs) looking to scale their business, attract more leads, and achieve a lucrative exit. A lot of MSPs check a few…

    The Ultimate Guide to Hiring an MSP Marketing Agency

    Are you one of the many MSPs struggling to attract new clients consistently? According to research conducted by MSP Dojo, a leading MSP sales consulting firm, approximately 85% of MSPs…

    The Ultimate Guide To Setting A Marketing Budget For IT Companies

    Many IT companies get their start as a one-man operation and rely almost exclusively on word of mouth, referrals, and other organic offline means to get past their initial growth…

    Featured Review of Tortoise and Hare

    ryan drake president nettech consultants
    R.D.
    President Florida Based MSP

    Tortoise and Hare has been a key partner in our MSP's growth. Over the year's we've worked together they've helped our MSP dramatically increase our website traffic, and build a steady stream of leads sourced from our website and advertising efforts. Over that time, we've been able to raise our base customer size, build economies of scale to more efficiently service customers, and expand into new markets.