How to Write a Privacy Policy for a Website – Part 2 of 2: Options

Free Downloadable Assessment Form and Privacy Policy Solutions List

Privacy policy assessments take timeIf you read Part 1 of this article and did not already have a clear understanding of what needs to be considered before writing a meaningful and compliant privacy policy, you may feel like the guy in adjacent picture. 

The reason for the potential sense of overwhelm is two-fold. First, when sitting down to write a privacy policy there is a tendency to assume it will be a quick, low-effort task. The reality is there is a lot to consider and it can wind up taking much more time and energy than expected. For example, I came up with 20 questions that need to be considered before the privacy statement is even started (more about those questions, below). It’s not just a matter of whipping up a document based on the privacy policies of your favorite websites. It’s about knowing the current legal and ethical rules that govern online privacy in your jurisdiction (state, country) and examining your site’s functionality and supporting operational procedures to ensure compliance.

The second challenge with privacy policies is the fact that requirements in recent years have been a moving target. For example, in the U.S., a growing number of states have enacted different laws regarding online privacy and regardless of the differences, if you collect PII (personally-identifiable information) from residents of those states, you are expected to comply with all of those inconsistent laws. (For more information regarding state laws and privacy policies read Are Online Privacy Policies Required by Law?)

A solution, however, in the form of a U.S. federal standard may soon be upon us. As discussed in the previous post, well over a dozen PII related bills have been introduced in Congress this year (2011) and most of them are fairly comprehensive. (For a list of those bills and links to the legislation, see Federal Legislation and Online Privacy Policies.) It seems to me, even though members of the current Congress are unable (or unwilling) to agree on anything, the odds are in favor of some type of federal standard coming out of all that.

The dilemma, then, is how to make sure your site’s privacy policy and supporting practices are compliant in the meantime. Who knows how long it will take the federal government to get something signed into law.

One solution is to use the rules and best practices from the most relevant authorities. That is what Part 1 of this two-part article was all about. Using a series of questions it guides you through the issues that should be considered before writing a privacy policy. And the questions are based on laws in Massachusetts and California, rules of the Federal Trade Commission, and requirements of Google and Microsoft.

This post, Part 2 of How to Write an Online Privacy Policy, offers specific steps for writing a privacy policy and it examines methods for getting it done.

Steps for Writing an Online Privacy Policy

Here is my three-step process for writing a meaningful, compliant privacy policy:

Step 1: Complete my assessment form

This comprehensive form facilitates the two essential elements of developing a privacy policy:

√  It identifies requirements for online privacy as they apply to website and blog operators in the U.S.

√ It walks you through the process of determining whether your site adheres to applicable requirements.

The privacy policy assessment form is a reformatted version of Table 1B in my previous post which contains 20 questions regarding privacy practices. It’s in PDF format and you can download a copy here. (A PDF reader is required to view; you can obtain Adobe’s free Acrobat reader here.)

The form allows you to input your answers and save it locally and/or print it. Alternatively, you can simply refer to Table 1B in the previous post.

As indicated on the form, I recommend that you first read all 20 questions and identify those that apply to your site by clicking on the check-box in the column marked (X). Then, go back and fill in your answers for the questions that apply. The completed form can then be used as the basis for steps 2 and 3.

Step 2: Determine the best solution for generating your privacy policy using the completed assessment form to narrow down your options

Potential solutions compiled for this article (below) include websites that offer privacy policy generators, websites offering templates, and online professionals that will write your privacy policy for you.

Using the completed assessment form as a baseline for comparison, you can quickly rule out options that do not address all the requirements that apply to your site. Other factors that should help narrow down your options include how much PII your website or blog collects, your writing skills, and your budget. Numerous online solutions are free but if you are looking for a professional to write it for you, that comes with a price tag, of course.

Step 3: Generate the privacy policy using the completed assessment form as a validation tool

Once you have decided on a solution, the completed form can be used as a validation tool. For example, if you choose to use an auto-generator service or write your policy yourself with the aid of a template, the completed form can serve as a checklist to ensure that the final, web-ready privacy policy is accurate and complete.

If you decide to have an attorney or other professional write your privacy policy, he/she will need to gain a clear understanding of your site’s PII handling practices. You can expedite their learning curve and minimize phone and/or email communication by simply sending them a copy of your completed assessment form.

Solutions for Generating a Privacy Policy for Your Site

This section examines three types of solutions for generating a privacy policy:

A)  Websites that provide auto-generators (interactive questionnaires)

B)  Websites offering templates (write it yourself using a model document as a starting point)

C)  Online professionals that will write your privacy policy for you

Five options for each of the above three types were researched for this article and listed in a PDF document called the privacy policy solutions list. Feel free to print and/or save this it to your local drive.

A significant amount of time was spent sifting through numerous web searches to distill this list of 15 options. However, while I believe they are all credible solutions, I do not endorse any particular one because I have not personally used every option. That would be too expensive and much too time consuming, unfortunately. More importantly, whether a particular solution fits the needs of your site depends on the volume of PII involved and how it is collected, used, stored, shared, and disposed of.

Like the privacy policy assessment form, I compiled the privacy policy solutions list as an aid to online entrepreneurs who want to properly deal with the issue of online privacy and know what the options are without spending a lot of time searching the internet. The table below provides an overview of what was included the solutions list.

A)  Auto-Generator Websites

Online services that will generate a privacy policy for you.

These sites essentially provide interactive questionnaires and some are more comprehensive than others. In all cases, the level of compliance of the resulting policy depends on the accuracy of the answers you provide. That is why I recommend you complete the 20-question assessment form (see step 1, above) prior to pursuing one of the options in the solutions list. Some of these sites also provide the HTML version of your policy statement but if you edit your web pages with a solution like WordPress or Dreamweaver, you can simply copy and paste the standard text output.

B)  Websites offering Templates for Privacy Policies

If you have reasonably good writing skills and a solid handle on how your site manages PII (personally-identifiable information), this is a viable alternative. These templates serve as a starting point for writing a privacy policy and are intended to be modified to fit a particular website’s situation. Most of them emphasize that they should not be used “as is” because sites usually differ in how they deal with PII. Again, that is way I recommend you first conduct an evaluation of your site with the privacy policy assessment form. Like the auto-generator site alternatives, the five sites offering templates were not limited to U.S.-based entities in the event your website targets markets outside the United States.

C)  Attorneys and other Experienced Professionals

This category of solutions may be beyond the budgets of new start-ups but for mid-size and large online operations its the more prudent way to go. As brand value, cash flow, and company assets increase, so does the need to effectively deal with risk management – and dealing with PII does pose a risk. If your operation has been experiencing significant growth but you are not yet in a position to hire an in-house professional, you may want to consider one of these solutions to ensure privacy compliance and minimize your liability.

— Table 2A —

 Sites Excluded from the Privacy Policy Solutions List

Some sites offering privacy policy solutions were not included in this comparison for any or all of the following reasons:

  1. No privacy policy was posted; while this may seem odd and hypocritical, sites like this were found during my research.
  2. No contact information was available and/or no information about the site owner/operator was available.
  3. Finally, if the site sells a privacy policy solution but only as part of a large suite of downloadable legal documents, it was excluded for reasons of cost and being outside the scope of this article.


The 15 websites included in the privacy policy solutions list are shown within each section in descending order of popularity based on Alexa Traffic Rank and Google PageRank. These statistics were used as general barometers of website popularity and home page importance in the eyes of Google’s search engine. These rankings do not necessarily indicate how good or bad a product or service is in relation to others in the list.

Full Disclosure

I have no affiliation with the websites listed on the privacy policy solutions list. I receive no compensation or consideration of any kind. This list is the result of extensive, impartial research using a wide variety of keywords and multiple search engines. My motivation (and the focus of the RVC site) is to provide value to online entrepreneurs. In this case as previously mentioned, the value is time-saving research.

Closing Thoughts

No matter what method you use to generate a privacy policy for your website or blog, the most important thing to remember is you must uphold the promises you make in your posted statement. That is, you must follow through on your commitments about how your site and your supporting operations handle PII. Once you post your privacy policy, those commitments are legally binding.

The Federal Trade Commission website has plenty of examples of sites that have been the subject of legal action because they violated their own privacy policies. For examples of such cases see Are Online Privacy Policies Required by Law? (Subheading “Examples of FTC Cases: Companies that Violated Their Own Privacy Policy.”)

In closing, it is important for me to point out that I am not an attorney and I am not presenting this article as legal advice. As with all content published on this site, these ideas and concepts are offered for informational purposes only. Whether and how you use the information is up to you. Depending on the nature of your website and volume and type of PII it handles, you may be best served by securing the services of a licensed professional.

I hope you found this post useful.

If you have not read Part 1 of this article, here is a link if you would like to check it out “How to Write a Privacy Policy for a Website – Part 1 of 2: Assess.”

Leave a Comment

Comments are moderated so they do not appear immediately. Please be relevant to the topic covered in the article. Off-topic comments and solicitations are treated as spam. Legitimate, relevant comments are approved swiftly. Thanks for stopping by!

Your email address will NOT be published.

Please note - After submitting your comment using the above "Submit Comment" button, your comment will show above the comment form flagged as "awaiting moderation." You may need to scroll up to see it. Please do not submit your comment a second time. Thank you.

Render Visions Consulting