Your Company Needs a Privacy Policy

Don’t you want to know how businesses are using the private information they collect from you? Don’t you think your customers want the same thing?
Depending on where you live and what you’re doing, having a privacy policy for your customers’ information may actually be required. The Federal Trade Commission, for example, recommends privacy policies for most websites that collect and share consumer data, whether they do so actively or use cookies; federal law requires privacy policies for businesses collecting sensitive data, including personal information from children under 13, protected health information, or information related to certain financial products or services such as consumer loans, investment advice, or insurance. A few states go even further, with laws that require privacy policies for websites collecting certain types of data. BBB requires a privacy policy for its accredited businesses if they collect sensitive information.
But even if it’s not required, a privacy policy can help you build trust with customers and set yourself apart from your competition. Even if you’re not using your site to make sales, you may be collecting visitors’ personal data to generate leads, make appointments, manage newsletter subscriptions, or share with advertisers. You may also be using web analytics to optimize your website’s performance. It’s useful to at least have some sort of policy in place for navigating and using all this information.
 

How to Provide an Effective Privacy Policy

Be accurate and complete. Your policy is a pledge to your customers about how your business will handle and protect their personal data. It should reflect data practices unique to your business. You can check out policies of similar businesses for inspiration.
 

• Keep it simple. The policy is a legal document, but consumers don’t want to read a bunch of technical jargon. Your privacy policy should be written in plain language so your customers can readily understand how you’re handling their information.
• Make your privacy policy easy to find. Consider including a prominent link in the header or footer of every page so visitors can check out your policy before they interact with your site.  At the very least, your privacy policy should be linked from your homepage and any other pages where data is collected.
• Update your policy as necessary. If you change your business and privacy practices affecting customer data, communicate any substantial changes to customers before they take effect.

 
Key Questions to Answer in Your Privacy Policy
What type of data is being collected? In addition to names, home addresses, email addresses, phone numbers, credit card information, and IP addresses, you may be collecting information about purchase histories, gender, age, income, or marital status.  Your analytics provider, your advertisers, your third party shopping cart, or your payment processor may all be collecting information throughout your site. These activities should be identified and your customers should be directed to any third party privacy policies that may apply.
 

• How is data being collected? Online forms used to gather data may be obvious to the consumer, while cookies and other trackers placed on the visitor’s computer browser may go unnoticed. You should clearly explain all data collection practices to customers.
• How will the data be used?  Answer this question and tell your customers how, where and how long you will store the information you collect. If you share customer data with affiliates or service providers, sell data you collect to business partners, or allow marketers or others to collect data on your site, be sure to explain what information is being shared or sold and how it may be used.
• How do you protect the data?  You should be protecting customer data with strong security measures. In your policy, you can explain what you’re doing to provide assurance to your customers, but avoid getting too detailed: revealing too much about your security practices could put your systems at risk.
• How can customers control their data? Provide a point of contact at your business (usually an email address or phone number) to help customers change passwords, unsubscribe from mailing lists, close accounts, or address a problem. If marketers are using your site to collect data for interest-based advertising, you should also provide customers with opt-out information for this activity.

 
Keep in mind that you are legally responsible for keeping the privacy promises you make in your policy. If you have questions, seek legal advice before finalizing the policy. This is important — you want to be thorough.