Documate is now Gavel! Read more about why we’re excited about this rebrand.
Guide

Law Firms Need To Pay Attention To Their Privacy Policies Too

How much do you need to know about privacy laws?
Key elements for your privacy policy
How to reduce liability risks
Tools to help you create your privacy policy
Guide

Law Firms Need To Pay Attention To Their Privacy Policies Too

How much do you need to know about privacy laws?
Key elements for your privacy policy
How to reduce liability risks
Tools to help you create your privacy policy

Table of Contents

Technology is changing rapidly, so it is especially important for law firms to be vigilant in their privacy policies and retention of data received from their websites. If you have a publicly listed email address or a “contact us” form on your website, keep reading.

By Ruby Lau

Privacy Policy Basics

What Do You Need to Know?

Attorneys need to keep up with the latest privacy law, even if that is not their practice area.

In addition to complying with the laws regarding privacy law in your country and the relevant regulatory bodies, it is essential to stay up to date on the changes which may occur.  Depending on the reach of your website, you may even need to comply with privacy statutes outside of your own jurisdiction.

Different jurisdictions will have different standards regarding privacy policies, but as lawyers we all know it is better to err on the side of caution. From the use of the General Data Privacy Regulation (GDPR) in the European Union, to the California Consumer Privacy Act (CCPA), which requires companies that share personal information with third-party marketers to make disclaimers in their privacy policy, the laws are constantly changing.  

What should my privacy policy cover?

Privacy policies can be applicable in a law firm setting during the hiring process, when retaining clients, or simply in the case where users are visiting the firm’s website – basically any time you are requesting or receiving information online from the public. 

Law firms face additional risk because they can be held liable for misuse of data received on their websites under privacy laws and under professional rules of conduct. 

To avoid potential lawsuits, malpractice claims, or disciplinary action, lawyers must carefully evaluate their law firm’s privacy policy and data retention policies.

Elements of Good Privacy Policy

If you are an attorney reading this, you are likely well aware that the information in this article should not be considered legal advice.  However, our resident attorneys here at Gavel insist that we mention this. 

Anyway, here’s a generally applicable list of things that would be useful in a privacy policy:  

  • Describes the types of personal information collected;
  • States how and where the law firm will use and disclose that data;
  • Requires disclosures about how third parties such as advertising networks or others may collect personal information about consumers who visit or use the website, application or service;
  • Defines the length of time personal information is kept; and
  • Explains the user’s rights regarding their personal information.

Optionally, you could include a clause  regarding the deletion of data about the individual after a certain length of time. For instance, the GDPR contains a clause regarding the right to be forgotten without undue delay, which in most cases gives people the right to ask an organization to delete their personal data in around a month’s time.

Potential Issues in Liability

Tracking Cookies

No, not your snack intake. In this context, cookies refer to data created on a website to identify you when you visit that website. 

Cookies can track your personal information, online activities across different websites, or other online services. This information is then used in behavioral advertising or other targeted content.  However, using cookies without proper permissions and data policies can expose you to liability.

  • In the European Union, the law requires companies to refrain from placing trackers and cookies on users’ browsers until they have given their consent for you to do so.
  • In Canada, cookies are considered to be online behavior advertising and are classified under personal information.

To be safe, law firms should limit data-sharing as much as possible and disclose any third party data sharing in its privacy policy.

Collection of Contact Information

If you have a “contact me” section on your website, or if you have a sign-up form for email newsletters, you need to be aware of how you collect and store the contact information from your website. 

A study from the University of Toronto Law Journal found that of more than 700 applications and policies analyzed, approximately 60% of tested applications were likely in violation of legal transparency requirements. It found that these applications were collecting personal information (location, contacts, device identification) that they were not disclosing in their privacy policy. 

Approximately 60% of tested applications and policies likely violated the relevant laws.

Third-party code was responsible for 85% of the problematic applications, meaning that while the code written by the application developer is in compliance with the website’s privacy policy, most of the time noncompliance occurs because the collection of data by third-party code is not stated in the privacy policy.  

No time to study the latest privacy law updates?  Don’t worry, these tools and templates can help. 

Even though the privacy laws are constantly changing, the good news is you can leverage legal technology to help you. For example, Termageddon created a legal tool to provide embeddable website policies that automatically update as the laws change.  You can even license Termageddon’s policies for your own clients to use.  

If you are in Canada, check out jusTech, which provides a free policy tool and breach reporting tool (both built on Gavel!).

If you want to write your own, you can find sample policies on most legal research platforms.  However, you’ll need to regularly check your applicable privacy laws and manually update your policy. 

Additionally, you can make your policy “machine readable.”  This allows the reader to set their privacy preferences instead of having to read lengthy data policies to look for the information they need.Look for tools like the Platform for Privacy Preferences (P3P), which allows the coding of a policy in XML, a mark-up language for formatting text. With this platform, websites can specify policies in a uniform manner which can be read and presented by website browsers or a policy display application .  

Want to create a privacy policy tool for you or your clients?

Here at Gavel, we are here to support you and your law firm in creating a privacy policy which evolves and complies with the laws in your relevant jurisdiction. If you have your own template, our Gavel Automation Developers can automate it for you, or you can easily use our no-code platform on your own.  

Sign up for a free trial to create your own privacy policy generator!

Gavel Newsletter

Sign up for our newsletter to get product updates, exclusive client interviews, and more.

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.