Privacy Policies and Why They’re So Important
Sign Up for Legal Pier Newsletter
Insightful articles and best practices for business owners.
Privacy policies are polices that businesses publish on their websites that detail how companies collect information from visitors to their websites, and the ways that they use such gathered information. Privacy policies should be accurate and easy to understand, since it truly is one of the most important documents on any company website. Some important things to include when drafting privacy policies are:
Introduction: This section should give the visitor some basic information regarding your organization, as well as any special information or functions your website features. For instance, if your website has a minimum age requirement for collecting information from visitors, you should make sure this is clearly stated in the introduction.
Information Collected: This section is straightforward enough. Visitors have the right to know what type of information websites are collecting whenever they visit. You should make it clear just what type of personal details your website is collecting, whether or not you ask visitors to complete a form that makes this personal data obvious. If your servers are logging hostnames and IP addresses, you should also make that clear.
Method of Collection: In this section, you should list the methods that your website employs to collect personal information. Is data collection automated, or do the visitors have to fill in a form in order for their personal details to be collected?
Storage of Information: How do you store the information? If you store it in a database with servers physically located in the UK rather than the US, you may need to obey information collecting regulations in both jurisdictions. Visitors have the right to know that your company will take every possible step to store their personal information in a safe and secure method.
Contact Information: It is vital that you act in as transparent a manner as possible, allowing users to contact you with any questions they might have. You should list both an email address or online form as well as a snail mail address where users can write to for information.
Make sure that you accurately follow your company’s privacy policies, or you run the risk of breaking customer trust in addition to potentially breaking the law–either of which could be seriously detrimental to your business. In this digital age, it’s important to protect both your company and your customers, and this extends to online data collection.
Thank you for this information, but it is incomplete.
Much more is needed to have an adequate Privacy Statement, whether this is required by law or whether this is a "best practice".
For example, you have to tell your users and visitors:
- what you do with their information, i.e., how you use the information
- with whom you share their information, such as your subocntractors, your business partners, your affilaites and subsidiaries, the government, etc
- whether they can access the information you have about them
- how to disputes and complaints will be handled
- and much more.
Furthermore, your Privacy Statement must "Say what you do". And, you must "Do what you say you do".
Thus, it is very important not to "cut and paste" the Privacy Statement on someone else's site into your own site. Your Privacy Statement must reflect your actual practices. Not those of another site.
Every site is different. One size does not fit all. Borrowing another site's privacy statement is like borrowing your friend's shoes. They will not fit you, you will not be able to walk, and it will hurt and damage your feet.
Francoise Gilbert, CIPP
Information Privacy & Security Attorney
General Counsel
DataMinding.com