Do you need a privacy policy?
Do you need a privacy policy?
YES, you do!
In fact, laws, and services require that you have one. A privacy policy informs your customers, employees and users how you will treat their personal information. The privacy policy makes you compliant with regulations.
There are two main forms of enforcement in the U.S. regarding privacy notices. Since the early 1970s, at the Federal level, the Federal Trade Commission has taken on this role. Enforcement done at the state level is by the relevant attorney general office. In growing circumstances the private right of action, the ability for an individual or group of individuals to pursue legal action to enforce their rights, has become of significant importance.
What is a Privacy Policy?
So, what exactly is a privacy policy? It is a written statement of how you use personal information (PI) that you receive as a business.
What is Personal Information?
Personal information (PI) is any material that can identify another person.
Examples of PI include credit card numbers, social security numbers, bank account numbers, driver license numbers and more.
Best Practices
Privacy policy construction is easy. There are examples of privacy policies on the Internet. Although you should never copy someone else’s privacy policy reviewing others is a good start.
To write an effective privacy policy you should be clear, direct, and easy to understand. Keep technical jargon and legal terminology to a minimum. If you decide to modify how you use personal information, you must inform your users.
What should a privacy policy contain?
The privacy policy should contain the following:
- Who is the owner.
- What data is collected?
- How is that data collected?
- The reason for the collection. These include consent, necessary for your service, legal obligation and others.
- For which specific purposes are the data collected? Analytics? Email Marketing?
- The categories of sources from which you collect consumers’ personal information.
- Which third parties will have access to the information? Will any third party collect data through widgets, social buttons and integrations for example Facebook.
- Where applicable, details relating to cross-border/ overseas data transfer and which measures are in place to facilitate this in a safe and compliant way.
- What rights do users have? Can they request to see the data you have on them; can they request to rectify, erase or block their data?
- Description of process for notifying users and visitors of changes or updates to the privacy policy
- Effective date of the privacy policy
These points are the bare bones of an effective privacy policy. It is important to review the privacy policy at least once per year. It is also important to review and modify the privacy policy as rules change, as you change your marketing efforts, as you change your product offerings and your business operations.
Remember the five golden rules of writing a great privacy notice:
- Non-legalese
- Do not hide
- Match your data practices
- Ask for consent
- Make it short and relevant
A Privacy Policy is a necessity for every business, regardless if there is a regulatory mandate. Customer are looking for transparency and your privacy policy is the first step.