Short answer: Yes.
Medium answer: It’s best practice for you to do so, but not required by law unless you do business in the state of California and/or target children under the age of 13.
Long answer: Read on.
Privacy policies serve a different purpose than a disclaimer, which are also good to have on your website. A disclaimer denies responsibility. For law firms, this usually means informing users that the content on your website is not and is not intended to be legal advice (and other statements along the same lines.)
- Let users know what information you collect, whether or not that information is personally identifiable, and explain how that information is collected.
- If you share user information, state who the information is shared with and how it is shared with them.
- State that if you are compelled by law to disclose information, you will comply with such orders.
- Give readers the option to correct, change or remove any personal information about themselves.
- Include a last updated or effective by date.
- Communicate if/when you’ll update it and how you’ll communicate changes.
- If you’re not a lawyer or you outsource the writing of your policy, get it reviewed by a lawyer.
- Don’t say you’ll never share user information with a third-party, because there’s a 90% chance you will. Do you have a web developer/marketing company working on your site? Third party. If you were legally required to share that information with law enforcement, would you? Third party.
A Special Note for Lawyers
- You are collecting information about your users; you should tell them about it.