WordPress is a very popular platform for creating websites, from elaborate e-commerce sites to basic informational blogs.
What is Personal Information?
In this arena, "personal information" means personally identifiable information such as any information that would be able to be used in an attempt to contact, locate, or identify an individual.
Information that can be used to determine an individual's identity includes things like a social security number, name, email address, mother's maiden name, home address, and other such pieces of information.
Other information that can be linked to an individual and used to identify him/her when combined with other personal or identifying information can also be considered personal information, such as medical records, education records, or financial information.
Who requires this?
In the United States, the California Online Privacy Protection Act (CalOPPA) applies to any individual or business located within the United States that has a website that collects any personally identifiable information from consumers who are residents of California.
Because of the nature of the internet where businesses and websites are so easily able to reach customers all over the world, chances are that most U.S.-based websites will reach California residents. Therefore, CalOPPA works to require this legal agreement for U.S.-based websites that collect any personal information from visitors or users.
Other countries also have requirements for businesses that collect personal information.
In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) works to keep customers' personal information safe from misuse by businesses.
One of the requirements of complying with PIPEDA is that businesses are open and honest with customers and clients about the collection of personal information, and provide them with policies and information on practices.
In Europe, the Data Protection Directive works to ensure privacy requirements are met. One of the requirements of the regulation is that all European users need to be informed when personal information is collected through a website or mobile app.
But does it matter what platform I use?
These laws are triggered by the collection of personal information. There's no mention in any of the laws about the platform used for a website, or the type of website.
Similarly, the Shwood website is a successful eCommerce website on the Shopify that makes a ton of sales with their unique wooden eyeglasses frames collection.
Here are a few examples of successful websites using the WordPress platform, and the way these sites structure their Privacy Policies based on the activities of the website.
First, Time Inc. uses WordPress for its extensive news website.
This is so that each legal agreement can include specific components that are required by each specific country:
Under the first section, The Information We Collect, Time outlines what information may be collected, and under what circumstances. Users are told that when they engage in various activities on the website, such as playing games, entering sweepstakes, or expressing opinions (leaving comments or participating in an online forum), personally identifiable information may be required.
In the next section, How We Use the Information, Time outlines the ways that both personal information and non-personally identifiable information can and may be used. This section is very long and covers a broad range of scenarios, from using information for marketing purposes, to what may happen to your information if Time is sold, merged with another business, etc.
TechCrunch is also powered by WordPress and has a large international audience. They collect personal information on the home page by allowing users to enter email addresses to subscribe to a daily newsletter.
When you visit the full agreement, you'll find sections outlining what types of information is collected and received, and how this information may be used.
AOL includes a section called Choices where multiple different options are given to users for how they can change how AOL handles their personal information.
It's not just WordPress
While these are both WordPress websites, websites built on other platforms aside from WordPress still have Privacy Policies when personal information is collected.
Here are a few websites using non-WordPress platforms that still have this legal agreement in place because it's required by law.
The famous Heathrow Airport in London uses Joomla for its Heathrow Boutique.
Note how a section is included that tells users how their personal information is used, how it is disclosed, and how a user can access this information or ask questions about how the information is used.
City of Chicago Office of the City Clerk
The City of Chicago Office of the City Clerk uses the Drupal platform.
This is because this website is purely informational. It provides information, but does not collect or use any personal information from users.
This is because users look for this kind of agreements, and having one takes away any questions of what your practices are on collecting and using personal information from users. Even if your agreement is one sentence long and says simply that you do not collect or use any personal information, this is better than none.