Friday, 3 February 2012

Privacy Policy for your Website- Creation and Best Practices


Privacy Policy Best Practices

Creating, updating, monitoring or managing privacy policies and practices may not be your responsibility. But that doesn’t mean you should ignore possible missteps. More importantly, those who are responsible may not know the rules, regulations or best practices.

For those who are responsible, whether it’s part of your job because you’re an entrepreneur and everything is your responsibility, or you’re hoping to add this area to your book of knowledge, there are best practices to keep in mind.

  1. Don’t ignore the FTC or state laws that provide minimum standards.
  2. Write the policy in plain English. If you have a lawyer draft your policy, ask that it be written so your consumer or visitor will clearly understand.
  3. Don’t cut and paste something you found for free on the Internet. Because the risk of penalties is very real, this is not the time to be cheap. Your policy should be your own and reflect the unique circumstances of your site.
  4. Update your policy regularly to reflect changes in the online environment, what your company actually does with information and clarify areas that may be vague. And once it’s updated, communicate the update!
  5. Follow the policy! If there is only one thing learned from the FTC sanctions of Facebook, it is that you should follow your policy and not engage in deceptive practices.
  6. Allow consumers, readers, forum visitors or others to opt out of having their personal information retained. And then follow through with their wish.
  7. Make your policy easy to find and accessible. One of the biggest complaints I hear is that the policies are buried or inaccessible due to broken links.
  8. Ensure that the stored information is, indeed, secure. Security breaches are not only very costly in terms of having to invest in infrastructure, the potential disclosure or sale of private information can be devastating.
  9. Utilize a well-respected privacy certification program to add credibility.
  10. Do not ask for intrusive or excessively personal informationunless it’s absolutely necessary. Consumers are getting savvier and are less willing to provide sensitive information if they don’t feel the situation merits such an intrusion. If you need this information, be clear as to why and include how you will protect the data.

2 comments:

  1. Thanks for the informative and well-written blog. I frame privacy policy for firms,so had a question that has so far intigued me while working with several clients, regarding length of a PP. In your opinion, do you think the length has any relevance while drafting and publishing a privacy policy?

    ReplyDelete
  2. hello Deboshree. Thanks a lot for the motivating words. Well regarding the PP, there is no limit as it is usually hosted at owned media (websites, microsites etc). Its always better to have a customized PP for every business. An e-commerce website uses the data in a different mannner as compared to a static website.

    ReplyDelete