A privacy policy lets your visitors know that you care about their privacy. If you collect their data in any way you’re obliged to tell them.

Here are some examples of how your site may be collecting information on your visitors’:

Collecting visitor info is normal

The list above is pretty standard. There’s nothing sinister going on and the overwhelming majority of websites will be doing at least one of those things, if not a few.

What if I don’t have a privacy policy?

A privacy policy is a legal, as well as moral, requirement. The Information Commissioner’s Office (ICO) is the government body that looks after all things privacy related and they’ve been involved in a good deal of website-related controversy in recent years…


A few years ago there was a bit of a hoo-ha surrounding cookies on the web. A cookie is a snippet of code that a website sets in your web browser. Let’s use the members’ area login example from earlier:

  1. A member logs in on your site
  2. Your site sets a cookie in their browser that says ‘this person is logged in’
  3. When they navigate around the members’ area, it uses this cookie to keep them logged in
  4. If they log out the cookie will be amended so they can’t see the members-only pages any more

Useful stuff! Similarly, when someone visits your site, it’s likely that a cookie is set that tracks which pages they’re looking at, how long they’re on each page, etc.

Of course, cookies can be used to more intrusive ends, which is why the law was passed. But the law was rather heavy-handed… Here’s a great video that summarises things nicely:

And here’s the accompanying website.

It seems we’re legally required to get permission from our visitors to track their information.

So do I need a pop up?

A difficult question… Strictly speaking: yes. But it’s more complicated than that.

I’m no lawyer, so I don’t want to tell you not to. What I can say is that I don’t have a pop up that asks for permission to set cookies, or even one that simply informs the visitor I’m setting cookies. I do, however, have a privacy policy that’s accessible from every page of the site (in the footer).

Pop-ups are a horrible thing to inflict on users, and Google have recently blogged that they will penalise sites with pop ups.

So the choice is yours, but the minimum I’d recommend is that you have a privacy policy.

How do I get a privacy policy?

So we agree that a privacy policy is necessary. It’s the very least you need to be on your way to compliance with the ICO’s rules.

You could write your own policy. Or find someone else’s and amend it, but that all sounds like a lot of work. A quick web search will present you with a number of online tools that will generate a policy for you. All you have to do is fill out a questionnaire.

I’ve tried a few tools over the years and one of the best I’ve found is at PrivacyPolicies.com. There’s a small one-off fee if your website is for commercial use (and if it’s your business’s website, it’s commercial) but it’s well worth it for the effort it will save you.


A privacy policy is the bare minimum required by pretty much all website owners to not only reassure their visitors that they’re not doing anything untoward with their information, but to comply with the law.