I would suggest that any site that collects information by forms would benefit from a TOS/Privacy statement.

Some advertisers require a ToS/Privacy statement as well. I believe AdSense does, although it may just be for those who opt-in to their interest-based ads. In the U.S., some states have requirements for businesses/sites that collect any personal information.

So I would say that some of your sites are definitely ready (past ready) for a ToS/Privacy statement.

Are the clients sites for businesses? If so, the question is . . . why wouldn't you?

Some states require it for some kinds of businesses (however, having one and publishing it are two different things,) it lends credibility to your business, and is just a good thing to do, even if no one ever reads it. Even if your don't accept data via forms, you will make contacts, and it's a good idea to publicly display how the contact information will and will not be used.

There are a good number of privacy policy generators out there to get you started, I used to have one to a .gov site but can't locate it now. Takes you all of half an hour to do and review for appropriateness for your site(s).

Next up on the chopping block for businesses, like it or not, is the FTC Reg Flags Rule [webmasterworld.com] which, if anyone is watching, is gaining momentum and will affect even the smallest of businesses. I hear crickets whenever it's mentioned, but it cannot be ignored. You have to have a policy and procedure in place to identify and address security breaches that affect clients' data, no matter how insignificant it may seem - fines are extremely hefty just for not having one.

Won't be able to ignore it much longer.

I'll get it done, right away, then. I found two privacy policy generators (along with TOS generators).

The legalese is abhorrent, especially (for me) on a site where the page contains optional name, required email, optional comment...and that's the only form. But...Thank you all for your responses, and thank you @rocknbil for the fear'o'g.