Of course the flip side is the benefit to your law firm: your respect for a potential client's privacy beginning with their first contact with your firm serves to build trust and confidence right off the bat.
In brief, these privacy principles are often boiled down to the six FFC Fair Information Practice Principles, which can be summarized roughly as:
Now, obviously these concepts contemplate collection and use of personal information well beyond the functions of most law firm websites. The most significant concepts for our immediate purposes are Notice and Choice, each of which are squarely addressed by the handful of laws that affirmatively require website privacy policies.
But there are notable exceptions that apply to law firms — and that also provide useful guidance for firms crafting voluntary privacy policies.
Below are the stand-out exceptions based on my research as of November 2017. But always remember: I'm not your lawyer and this is not intended to be actionable legal advice! Moreover, I have not addressed any of the specific laws, regulations or guidelines specific to Internet use by, or online marketing to, children.
The Delaware Online Privacy and Protection Act includes nearly identical requirements for websites visited by Delaware residents. And, just this past summer, Nevada enacted stricter privacy procedures for operators of websites visited by Nevada consumers. Nevada's law is a bit narrower than the Delaware and California statutes; in particular, it exempts an website operator located in Nevada whose revenue is not primarily derived from online sales and whose site is visited by fewer than 20,000 individuals per year.
Finally, note that some states — California and Utah, in particular — have specific laws governing disclaimers and opt-out procedures if a business that collects personally identifying consumer information sells that information or shares it with third parties for the third party's own direct marketing purposes.
All of this adds up to provide useful guidance to law firms crafting their own website privacy policies. Consistent with these laws and policies — particularly those on Notice and Consent — here are some basics that The Modern Firm ensures our privacy policies address:
Google Analytics (installed on most new Modern Firm websites) and other software collect data when Internet users visit your website. The collection is effected by HTTP cookies (a.k.a. "web cookies," "Internet cookies," "browser cookies" or simply "cookies"). A cookie is essentially a small bit of digital data stored in a user's web browser. There are various types of cookies, some temporary and some longer lasting. The ones we're most interested here are cookies that remain stored by a user's browser and effectively "talk to" your website (via Google Analytics and other marketing programs you use) to give you information about user behavior on your site.
The aggregate data collected by software or services through cookies can include the number of visitors to your site in a given timeframe, the time spent on your site and pages clicked by users, the types of devices used to access your site, and the Internet Protocol (IP) addresses of visitors. This data provides very useful information you can use to improve your website, including by learning which pages are most popular, how your potential clients are reaching you (i.e. via their computers or their smartphones), and how visitors ended up on your website (i.e. Google searches, links from other websites).
Importantly, cookies can also be used to identify web browsers that visited your website even after the user has left your site. This is where remarketing ads come in: using remarketing, you can have ads for your law firm pop up on other websites that host such ads, displaying them only to folks (or, at least, their web browsers) who have visited your website in the past. (Here is a full explanation of remarketing.)
Your website may also collect personally identifying information when a user fills out a contact form or inputs his or her name and/or email address to access additional information, such as if you offer resources (like these free Ohio estate planning resources) or an email newsletter (like this Michigan estate planning website does) to users who supply some personal information to you.
Indirectly, a user may supply personally identifying information (at a minimum, an email address) if he or she contacts you via an email address you display on your website. Law firms generally use such personal information to follow up with a potential client personally or add them to an email marketing list to encourage further engagement. This use of their information has privacy implications beyond standard law firm disclaimers (such as: communication via the Internet is not always secure; potential clients do not establish attorney-client relationships with you merely by contacting you; and site visitors should not share confidential information as part of a mere request for further information).
For example, imagine a user inputs his email address on your website to receive access to your free pdf guide "How to Start a Small Business." In addition, your automated marketing program records his email address and connects it with the browser he used to visit your website. Your program later might take any number of automated actions, such as emailing him information about your law firm's business start-up services, either some number of weeks later, or, when the program detects him browsing your website (or even your specific website page on business start-up services) again.
It's particularly important to acknowledge your potential sale (or gift / barter) of email addresses, names or other personal information to third parties for their own direct marketing purposes. This is not the same as "sharing" your site's browsing data with Google Analytics or with other analysis or marketing software that you use for your direct marketing (or that gives Google aggregate browsing information). Rather, it covers situations such as if the business attorney who collects email addresses in return for the free "How to Start a Small Business" guide then turns around and sells those addresses to other businesses who want to target entrepreneurs. (Resulting, say, in the person who requested the free guide getting a barrage of emails offering such things as office equipment, business card printing, etc.)
Not only do the few laws directly governing collection and sale of personal information by private websites tend to require notice of this sort of sharing, but the potential sharing may be of particular concern to the clients of lawyers, for obvious reasons.
Partners and features that collect information. Our website marketing partners or features that collect data as described above may include, among others, Google Analytics, other analytics programs, and Google AdWords remarketing service. Remarketing involves tracking devices that have visited our website in order to display ads for our services on other websites. Use these links to learn how Google uses data it collects, to prevent Google Analytics from using data from your device, or to opt out of Google’s interest-based ads.
Information you send us. Please see our disclaimer, which generally addresses information you intentionally send us using e-mail or any contact form on this website. If you submit your name or contact information to us, we may use it to send you information about our services. You may opt out of receiving further information from us by contacting us or, where applicable, by using an “unsubscribe” option included in our communications. We will not sell or give your personally identifying information to other parties for their own direct advertising purposes.
Changes to this policy. We reserve the right to update this policy. If we make updates, we will change the modification date below.
Last modified. DATE OF LAUNCH.