When it comes to legal documents, you have to do a couple of things right to protect your company, and you have to be hyper‐transparent with anybody who might be involved with your business. With customers (or even visitors to your website), you'll have to ask permission to collect data and if they provide it, you need to explain to them why they're giving you their data, why it's important, and what you're going to do with their data. You'll also have to tell them how you're going to protect their data. There is widespread concern from consumers about their data and plenty of high‐profile data breaches (see Facebook example in Chapter 109) justifying those concerns.

Privacy Policy

The first document you should create is a privacy policy. This is a statement made by you as a company that says to a visitor or consumer what data the visitor or consumer will need to provide to receive service from your company. And then you'll tell them what you are collecting, how you'll use the data and, more importantly, how you're not going to use the data they provide, who you share it with, and how you protect it. Even though a customer or visitor will not “sign” the privacy document, they will need to check a box and/or click a submit button and it then becomes a contract between you and people coming to your website. Then, people who are supplying their personal data—even if it's an email—will trust that you do what you say you're going to do with their data. ...