Plans & Pricing
About Gavel
Careers
Product Wishlist
Technology is changing rapidly, so it is especially important for law firms to be vigilant in their privacy policies and retention of data received from their websites. If you have a publicly listed email address or a “contact us” form on your website, keep reading.
Build document automation for you, your staff, and clients to auto-populate templates.
By Ruby Lau
Attorneys need to keep up with the latest privacy law, even if that is not their practice area.
In addition to complying with the laws regarding privacy law in your country and the relevant regulatory bodies, it is essential to stay up to date on the changes which may occur. Depending on the reach of your website, you may even need to comply with privacy statutes outside of your own jurisdiction.
Different jurisdictions will have different standards regarding privacy policies, but as lawyers we all know it is better to err on the side of caution. From the use of the General Data Privacy Regulation (GDPR) in the European Union, to the California Consumer Privacy Act (CCPA), which requires companies that share personal information with third-party marketers to make disclaimers in their privacy policy, the laws are constantly changing.
Privacy policies can be applicable in a law firm setting during the hiring process, when retaining clients, or simply in the case where users are visiting the firm’s website – basically any time you are requesting or receiving information online from the public.
Law firms face additional risk because they can be held liable for misuse of data received on their websites under privacy laws and under professional rules of conduct.
To avoid potential lawsuits, malpractice claims, or disciplinary action, lawyers must carefully evaluate their law firm’s privacy policy and data retention policies.
If you are an attorney reading this, you are likely well aware that the information in this article should not be considered legal advice. However, our resident attorneys here at Gavel insist that we mention this.
Anyway, here’s a generally applicable list of things that would be useful in a privacy policy:
Optionally, you could include a clause regarding the deletion of data about the individual after a certain length of time. For instance, the GDPR contains a clause regarding the right to be forgotten without undue delay, which in most cases gives people the right to ask an organization to delete their personal data in around a month’s time.
No, not your snack intake. In this context, cookies refer to data created on a website to identify you when you visit that website.
Cookies can track your personal information, online activities across different websites, or other online services. This information is then used in behavioral advertising or other targeted content. However, using cookies without proper permissions and data policies can expose you to liability.
To be safe, law firms should limit data-sharing as much as possible and disclose any third party data sharing in its privacy policy.
If you have a “contact me” section on your website, or if you have a sign-up form for email newsletters, you need to be aware of how you collect and store the contact information from your website.
A study from the University of Toronto Law Journal found that of more than 700 applications and policies analyzed, approximately 60% of tested applications were likely in violation of legal transparency requirements. It found that these applications were collecting personal information (location, contacts, device identification) that they were not disclosing in their privacy policy.
Approximately 60% of tested applications and policies likely violated the relevant laws.
Third-party code was responsible for 85% of the problematic applications, meaning that while the code written by the application developer is in compliance with the website’s privacy policy, most of the time noncompliance occurs because the collection of data by third-party code is not stated in the privacy policy.
Even though the privacy laws are constantly changing, the good news is you can leverage legal technology to help you. For example, Termageddon created a legal tool to provide embeddable website policies that automatically update as the laws change. You can even license Termageddon’s policies for your own clients to use.
If you are in Canada, check out jusTech, which provides a free policy tool and breach reporting tool (both built on Gavel!).
If you want to write your own, you can find sample policies on most legal research platforms. However, you’ll need to regularly check your applicable privacy laws and manually update your policy.
Additionally, you can make your policy “machine readable.” This allows the reader to set their privacy preferences instead of having to read lengthy data policies to look for the information they need.Look for tools like the Platform for Privacy Preferences (P3P), which allows the coding of a policy in XML, a mark-up language for formatting text. With this platform, websites can specify policies in a uniform manner which can be read and presented by website browsers or a policy display application .
Here at Gavel, we are here to support you and your law firm in creating a privacy policy which evolves and complies with the laws in your relevant jurisdiction. If you have your own template, our Gavel Automation Developers can automate it for you, or you can easily use our no-code platform on your own.
Watch Gavel's CEO and CTO, Dorna and Pierre, share what's coming in 2025 and celebrate the biggest product updates of 2024 during Gavel Innovate 2024.
Recommendations and Tips for Probate Lawyers Who Are Using AI
"I couldn't have done it if Gavel wasn't built the way it was" - Sukhi Dhillon Alberga
Subscribe to our newsletter to receive legal tech trends, automation guides, customer interviews, and more.