In this lunchtime #WPQuickies, I look at the default privacy policy page that comes with WordPress.
Whether you run a hobbyist blog or maintain an e-commerce website, your site needs a privacy policy, but why, what is it for and what should be inside it?
What Is a Privacy Policy?
All websites collect information about visitors, in lots of different ways.
Some data collection methods may include
- Cookies
- Form submissions
- User registrations
- Google Analytics tracking
- Blog comments
A website Privacy Policy is a statement (document or web page) that outlines what personal data the website collects, where that data is stored and how it is used.
Why Does My Website Need a Privacy Policy?
In most countries, regions, states and territories having a Privacy Policy on your website is a legal requirement.
In Australia, if your business needs to comply with the Australian Privacy Principles (APPs) https://www.oaic.gov.au/privacy/australian-privacy-principles you need to have a privacy policy.
APPs are the framework of the Australian Privacy Act 1988 https://www.legislation.gov.au/Series/C2004A03712
The Office of the Australian Information Commissioner (OAIC) states that any business operating in Australia that generates more than $3 million in turnover annually, is an APP entity and you must comply with the Australian Privacy Principles. https://www.oaic.gov.au/privacy/your-privacy-rights/what-is-a-privacy-policy
It also states that “some other organisations” that generate $3 million or less must also comply with APPs, if they:
- provide a health service and hold health information other than in an employee record;
- buy or sell personal information; or
- are a contracted service provider for a Commonwealth contract
If your business isn’t legally bound by the APPs, it’s still best practice to have a privacy policy in place for transparency and customer confidence and civil litigations.
You should always speak with a privacy lawyer to confirm if your business is or is not an APP entity.
What Should I Put In A Privacy Policy?
The Australian Privacy Principles set out a list of required information that must be provided in your privacy policy. These include but are not limited to:
- the types of Personally Identifiable Information (PII) you collect and store
- how you collect and store PII
- the purposes for which you collect the PII
- how an individual may access their PII and ask for corrections
- how an individual may make a complaint if you breach the APPs
- how you will handle a complaint
- if you are likely to disclose PII to external parties, overseas recipients, and if so, to who and which countries
- your contact details
Regardless of what goes into your privacy policy, it should be written in plain English and easy to understand.
Where Should My Privacy Policy Go?
It’s common practice to put your privacy policy in the footer of your website, but you can place it anywhere that is easily accessible and visible to visitors.
The key takeaway is that it should be easy to find.
WordPress Default Privacy Policy Page
WordPress comes with a generic privacy policy page.
To access the page, navigate to settings > Privacy
This opens up the WordPress Privacy Settings page.
On this page, you can create a new page for your privacy policy or change it to an existing page on the WordPress site.
If you create a new privacy policy page, it will be pre-populated with some suggested headings and information which you are meant to customise yourself.
If you have an existing page, you can click into the Policy Guide section of the privacy settings.
In the Policies section, expand the “WordPress” dropdown, scroll to the end and click on the “Copy suggested policy text to clipboard” button.
You can paste this into your privacy policy page and edit the content.
WordPress Suggested Privacy Policy Text
Note, the language is English-US so you may have to update some word spellings.
Let’s have a look through the suggested privacy policy text from WordPress and see what is covered.
I don’t think you really need to put the website URL link in the privacy policy, the visitors are already on the site.
You’ll need to adjust the Comments section to reflect how your site handles comments and profile pictures.
The “Media” section may not apply to your website if you do not allow visitors to upload images.
Beware of support ticket plugins as sometimes these offer the ability to upload images as part of the issue description.
The “Cookies” section covers basic WordPress core functionality, commenting, logins and editorial processes.
The “Embedded content from other websites” may not be applicable to your own website.
Check your content to see if you are embedding directly from other websites.
The “Who we share your data with” is an important section, especially if your website or your website’s primary target audience is European and covered by the General Data Protection Regulation (GDPR) law.
The last sections are about data retention, data rights and where data is stored.
Check the retention period of your backup sets and where they are physically stored, especially if you use a third-party backup service.
For data rights, WordPress core has built-in features that allow account users to request a copy of their data or for you to delete it from the site.
You can access these tools from Settings > Export Personal Data and Settings > Erase Personal Data
.
Both these processes start by sending an email to the requisition to verify they have access to that email address.
Remember that if a user requests their data to be deleted, this also means backup files too.
Summary
The generic privacy policy that comes with the WordPress core is very general and only covers the very basic operations that the core performs.
#WPQuickies
Join me every Thursday at 1 pm Sydney time for some more WPQuickies – WordPress tips and tricks in thirty minutes or less.
Broadcasting live on YouTube and Facebook.
Suggest a #WPQuickies Topic
If you have a WordPress topic you’d like to see explained in 30 mins or under, fill out the form below.
https://forms.gle/mMWCNd3L2cyDFBA57
Watch Previous WPQuickies
Replace Existing WordPress Site
