Prepare yourself. You are about to learn about why course-based websites may be required to have Privacy Policies.  

Alright, so maybe not the most exciting topic, but it’s an important one. 

Privacy is becoming a bigger and bigger deal. Consumers are expecting website owners to respect their privacy, and non-compliance fines can be quite expensive simply for failing to disclose your own privacy practices. 

If your course website is collecting regulated data, you have an obligation to provide specific details so your visitors understand what you’re doing with their data.

This article (and webinar!) is intended to provide course creators with the basics for what website policies are, when they are required for certain course-creator websites, and what you can do to get proper policies in place (and keep them up to date over time). 

Before we move any further, it’s important for us to note that this article and webinar is not legal advice and is for informational purposes only. You should speak to an attorney in your area for assistance with your compliance needs. 

What is regulated data?

Things like names, email addresses, and IP addresses are being regulated under a multitude of privacy laws throughout the world.  If you are collecting this regulated data, you may be required to have a Privacy Policy, regardless of where you are located. 

This is already a huge takeaway: governments that create privacy laws don’t care about where your business is located. They care about protecting their people’s data. If people from anywhere can submit their names and emails to your website or sign up for your course, you may be required to comply with multiple privacy laws and your Privacy Policy must make the disclosures required under each one (yes, each privacy law is different).

Is collecting regulated data bad?

Not at all! You just have to make some disclosures about it. 

Collecting data like names, emails, and IP addresses helps you gather leads from your website and grow your course. It also helps you make improvements to your website over time. 

The only thing that has really changed is that you need to be conscious of your privacy practices and ensure you have the respective policies on your website that contain the proper disclosures you specifically are required to make under the law(s) that apply to you.

Does your website course collect regulated data?

Virtually all modern websites collect regulated data. It’s darn near a requirement to ensure spammers aren’t trying to attack your contact forms and it would be impossible to take payments otherwise.  So collecting data is normal for websites, and it may be a lot more common than you think. 

Common features for course platforms that collect regulated data:

• Course and membership registrations;
• Accepting payments;
• Embedded 3rd party videos;
• Engagement triggers;
• Rewarding your Learners;
• Email drips;
• Discussion forums;
• LearnDash Integrity; and
• Quizzes.

Common integrations where course creators are sharing data with third parties:

• Embedding 3rd party videos for courses (YouTube, Vimeo, etc.);
• Payment gateway integrations (Stripe, PayPal, etc.);
• Automatic renewal notifications (Mailgun, ActiveCampaign, Mailchimp, etc.);
• Email newsletter subscription forms (Mailchimp, ActiveCampaign, Constant Contact, etc.); and
• Data transfer providers (Zapier, etc.).

As you can see, collecting and even sharing data is quite common when operating a modern day website.  It’s just important to understand the importance of having a properly compliant Privacy Policy in place, providing the disclosures you specifically are required to make. 

When do privacy laws start applying to businesses?

Privacy laws start applying to a website owner the moment they collect regulated data, not when they share that data or sell it.  

Why should I care?

You should have website policies to make more sales and avoid non-compliance fines or lawsuits. In other words, by using website policies, you build trust and help comply with laws. 

Privacy isn’t going anywhere (for example, there are six new privacy laws going into effect next year affecting websites) and failure to provide a fully compliant Privacy Policy is what gets website owners into trouble when it comes to privacy laws (where fines start at $2,500 per website visitor whose rights you’ve infringed upon).  

You should consider joining our webinar where we’ll discuss the basics of website policies, how to obtain proper ones, and how to easily keep them up to date over time!

How often do you need to update your Privacy Policy? 

At the time of writing this article, we have 6 new privacy laws going into effect next year, each requiring new disclosures if applicable to your business. On top of that, there are dozens of privacy bills proposed in the United States alone.  

As privacy becomes a bigger and bigger deal, it is important you have a strategy in place to keep your policies up to date with new disclosures. 

So how do you get a Privacy Policy?

A Privacy Policy helps explain to your website visitors the information you collect, what you do with that information, who you share it with, and more.  

You will first  have to identify the privacy laws that apply to you (as a reminder, privacy laws outside of where you are located can apply to you, as privacy laws protect people, not businesses). 

Only after you identify the laws that apply to you, can you figure out what specific disclosures you need to make.  Below we outline two options of getting a proper Privacy Policy in place. But first, let’s discuss a common mistake. 

High risk option: Privacy Policy templates

A lot of people try to find cheap and/or free templates for their Privacy Policy.  Unfortunately, this is one of those ‘too good to be true’ kind of scenarios.  Templates do not help you figure out what disclosures your Privacy Policy needs to make based on the privacy laws that apply to you.  If you don’t know the laws apply to you, then there is no way for you to know what disclosures you’re specifically required to make. And because privacy laws require different disclosures for different business and privacy practices, that means that templates cannot be truly compliant for all business types. 

In addition, templates do not update your Privacy Policy over time with new disclosure requirements, whether it be from new or amended privacy laws.  Having no strategy to keep your Privacy Policy up to date over time puts you at risk of missing the disclosure that you were required to make, which can result in noncompliance related fines and lawsuits. 

Privacy Attorneys vs Privacy Policy Generators

Best, but expensive option: Nothing beats hiring a privacy attorney to help you draft and update your Privacy Policy, because privacy attorneys will provide you with legal advice. When selecting a privacy attorney (check out iapp.org for a list), you will want to ensure they understand who you’re collecting data from, your business practices, and more.  Be sure to ask them upfront what their pricing is and their process for drafting your Privacy Policy. You’ll want to make sure they take all privacy laws into account that could apply to you, not just the ones within your jurisdiction.  Also, be sure to ask them what their fees are with regard to monitoring privacy laws and keeping your Privacy Policy up to date with new disclosures. If the attorney is not monitoring changes in privacy laws, it may be best to consider contacting another attorney.

Second best, but affordable option: You can use a Privacy Policy generator to quickly generate comprehensive policies for your website.  Generators typically charge between $100-$200/year and offer a variety of additional policies, making it significantly more affordable when compared to hiring an attorney ongoing for your policies. The downside to using a generator is that they are a tech company and thus do not provide legal advice.  When selecting a Privacy Policy generator, you may want to verify that the company has (or is founded by) privacy attorneys actively working at the company. You’ll also want to ensure the tool helps you identify the laws you need to make disclosures for, as well as having the ability to push updates automatically to your policy pages.  

The team at Termageddon offers an auto-updating Privacy Policy generator (and other policies that can help you protect your business) for $99/year. They also offered our audience 20% off first payment and a walkthrough video guide for course creators when using the promo code LEARNDASH at checkout. Feel free to check them out for your own website!