- 2. Laws governing Privacy Policies
- 4.1.1. Information Collection
- 4.1.2. Use of Information
- 4.1.3. Third Party Disclosure
- 4.1.4. Information Protection
- 4.1.5. Rights of Users
- 4.1.6. Cookies
- 4.1.7. Notification of Changes
- 4.1.8. Contact Information
- 5. Remember!
"Statement that declares a firm's or website's policy on collecting and releasing information about a visitor. It usually declares what specific information is collected and whether it is kept confidential or shared with or sold to other firms, researchers or sellers."
Check almost any website footer and youâll surely find a link to one of these required agreements.
Laws governing Privacy Policies
Privacy Policies are mandatory in many countries for websites and apps that collect or use personal data from users. These laws are aimed at protecting consumers and their personal, private information.
During the planning phase, consider the following points:
- Assess the user information that you want to collect through your site or app and consider it's necessary that you collect it. For example, if your website provides an email newsletter, would collecting a user's state of residence and birthdate really be necessary? In this example, all you really need is an email address so that your newsletter can be emailed to the user.
The Policy should also be laid out in a clear format that is easy to navigate and isn't too complicated or confusing.
Santander's Privacy Privacy Statement is divided into short, easy-to-read and understand paragraphs with bold text headings and lists:
- Answer a few questions about your business:
- Add your website or app information:
- Answer a few questions about what information you collect from your users:
- Select options for how your users can contact you:
You need to disclose the types of personal data that your site or app collects and how it is collected. Some companies combine this information into one clause, while others separate it into two separate ones.
Most companies use a list format for this section to make the information clear and easy to read.
In addition, a list format can double as a checklist, helping to ensure that you do not omit anything.
In the example below, you can see the data collected is detailed and an explanation as to why it is needed is offered.
Use of Information
This section should explain to your users how and why you use the information that you collect from them.
Explain to your users how the collection of data can benefit them and how it is used by your business. This also applies to data that is collected as part of your website metrics and is used to monitor customer satisfaction and purchasing patterns.
Here's how LogMeIn discloses this information in a clear, easy to follow way:
Third Party Disclosure
Most users are concerned about their personal information being shared with third parties. Let your users know whether you share their personal data with anyone else, and under what circumstances you do so.
In the following example, you can see that Amazon UK explains its policy on data sharing clearly and in detail, with each relevant section broken down separately.
Reassure your users that the personal information you store is stored securely. While you don't have to give specifics in this clause about exactly how you secure the data, make it clear that you do take steps and have protocols for security.
Note that SSL encryption is mentioned, explaining to users that their data is kept confidential and secure. This is a good method of gaining users' trust and reassuring them, without giving away too much about your site's security provisions.
Note that Vitality has also included a disclaimer which states that no system can ever be regarded as 100% secure. You should include this in your clause as well.
Rights of Users
This section should explain that users have the right to make amendments to their data, to delete data, to review the information on them that you hold and other rights. This is important because users must know that they can protect their privacy and remove personal information at any time.
Royal Mail includes a section in its Privacy Notice called Your Legal Rights where user rights are clearly set forth and described:
In the case of Santander's UK site, you can see in the example below that their Privacy Statement contains a Cookies Clause that includes a link to their stand-alone Cookies Policy.
Note that users are also offered the option to disable cookies if they want to.
Notification of Changes
This can be useful if you need to change the type of client data you collect and how you store it in the future.
Most Privacy Policies end with a Contact Information clause, allowing users to get in touch quickly and easily if they have any questions or concerns about your use of their personal data. This helps show that your company is open, honest, and happy to discuss the use and protection of users' personal data with them.
Provide as much contact information as you can, or at least the best ways that users can get in touch with you such as telephone numbers, email addresses, terrestrial mailing addresses, or links to online forms. The BBC's Contact Information clause provides separate contact details for overseas users:
- Take the time to consider and review your information collection requirements and practices.
- Establish a comprehensive list of all places on your site where you collect personal information from users, both directly and indirectly.
- Identify all third parties that may be collecting information from your users.
- Ensure you are compliant within the jurisdiction of your business.
- Ensure you are compliant within the jurisdictions of your website and app users.
- Ensure you are compliant with privacy requirements of third parties.
- Give users the opportunity to update, remove or transfer their personal information from your database.