25: 10 website privacy protection measures for your site design

This post is a summary of a more detailed article first published on SmallBizDaily.com June 3, 2020.

In addition to designing your website for its content, functionality, web marketing, and user experience, equally consider these 10 website privacy protection measures.

Website Privacy

1. Write a user-friendly website privacy policy

Your site's privacy policy conveys how your business protects personal data. Adopt best practices, including collecting the minimum data necessary, explaining how personal data are collected, reassuring users that you do not sell personal data (or at least how to opt out), and describing a procedure to access, update, or delete personal data.

2. Enforce strict authentication

Minimize the probability of account piracy or identity theft with strong password management best practices and two-factor authentication.

3. Data security

Reassure users that their user data are safeguarded through such measures as a secure server, attack protection, redundancy, backup, and encryption.

4. Honest communication about website privacy

Privacy trust is enhanced with transparency and honesty, particularly when it comes to privacy matters. Don’t exaggerate privacy claims, and upon a breach, take responsibility.

5. Disclose business relationships

Disclose relationships with parties to whom you link, and clarify that it is the linked website that governs privacy once the user clicks away.

6. Website privacy for children

In the US, comply with COPPA if children use your web site.

7. Industry-specific requirements compliance

Your industry may have its own privacy regulations such as the US Gramm-Leach-Bliley for financial services, payment card industry (PCI) compliance if you accept credit cards, or HIPAA for healthcare.

8. Sites serving European Union (EU) countries

The EU requires compliance with GPDR regulations, which include limiting user data collected, and granting users rights to access, port, or delete personal data and to dispute or suspend data collection.

9. Sites serving California

If you serve California residents, your site must comply with CCPA, whose major provisions include allowing users to request copies or delete personal data and to prevent the sale of personal data.

10. Sites transferring data from the EU or Switzerland to the US

Such sites may need to comply with Privacy Shield, a framework for “… protection requirements when transferring personal data [across the Atlantic]”


When designing your web site, we suggest you consider these website privacy protective measures as integral to your website design on par with designing content, functionality, web marketing, and the user experience. Also know the privacy regulations that govern your industry or location.


Disclaimer: Nothing in this post should be construed as legal advice, but rather as general educational information believed to be accurate. Consult your lawyer for guidance specific to your needs.

Get email alerts for new posts

*We do not share your email with any third party.  See Privacy Policy.

Use of this blog site constitutes acceptance of its Terms of Use. Note that the terms are written in plain English for clarity and transparency.  Similarly, see also our Privacy Policy.

Brand names mentioned are trademarked or are the trade names of their respective owners.

Other than the logo, most photos or illustrations are stock photos licensed from iStockPhoto.com


If you like the free content of this blog, help defray the costs of operating the site by making a small donation:

This site is owned and operated by Adept Advice LLC.

Copyright (c) 2020 by Adept Advice LLC. All rights reserved.