It’s no secret that a strong and honest privacy policy is crucial to any thriving online business. If you’re skeptical, just ask Uber; they ran into legal trouble when their drivers violated their privacy policy. Or look at the app that was voluntarily pulled off the market by its founders for unlawfully using consumers’ public information and current location.

In a survey conducted by the Pew Research Center, 91% of adults “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies. In addition, 80% of those who use social networking sites say they are concerned about third parties like advertisers or businesses accessing the data they share on these sites.

Yikes! The good news is, you can single-handedly reduce these skyscraper stats by drafting, implementing and enforcing a really awesome & high-integrity privacy policy.

Earlier this year we wrote about why your online business needs a privacy policy. Basically, you need a privacy policy if you collect any kind of data from your website visitors, because it’s the law.

OK – but, what should you actually include in your privacy policy?

A good privacy policy should clearly describe your practices regarding the collection, use, sharing, disclosure, and retention of personally identifiable data. It should also be easy to read and accessible for the user.

Start by determining what type of data your site needs for its basic functions.

Will you collect just their name and email address? Or, will you collect more sensitive information like browsing history or contacts/address book? Make sure to cross reference with any third-party software used in your app that will also require data collection.

Here’s what you’ll want to include in your privacy policy:

  • Identify the categories of personally identifiable data collected by the site and/or app.
  • Identify how you will use each type of personally identifiable data and the retention period for each.
  • If your users make purchases online or in-app, disclose whether you keep their payment information and for how long.
  • Disclose whether you use cookies (first- and/or third-party cookies) to track and retain users’ interaction with the site, what information is extracted, and how it is used. Describe how users can change what information is collected and include a link to those pages.
  • Describe the process for a user to review and request corrections to his or her personally identifiable information.
  • Describe the process in which you will notify users of material changes to your privacy policy.
  • State the effective date of the privacy policy.
  • Describe the choices a user has regarding the use, retention, and sharing of personally identifiable data.
  • State whether you will share users personally identifiable data with third parties. It’s good practice to also post a link of that third parties’ privacy policy, if available.
  • State that your organization takes the necessary steps to safeguard the users’ data and that it has the electronic capabilities to keep it safe. (And actually do those steps, of course!)
  • If users subscriber to a newsletter or create an account or membership, explain how their information will be used for marketing, analytics, and future advertising (i.e., sending them emails). You should also include instructions on how they can unsubscribe or cancel their account, at a later date.
  • Even if you don’t have a site targeted to children under 13 and your site is targeted to a more general audience, it’s still a good idea to insert a caveat that you don’t collect any information on users under the age of 13 … just in case.
  • Disclose the means for users to contact you if they should have any questions or concerns.

Be sure to include any industry-specific requirements. For example, if you are in the healthcare industry, you have to abide by HIPAA’s set of rules. Or if you have a site or app for children under the age 13, there is a separate set of requirements you’ll need to meet.

A privacy policy is only as good as the enforcement efforts by the company.

Be proactive in actually implementing your policy & encourage your employees to be accountable, too!

Click here to access EPW’s privacy policy – go ahead and take a look, you know you want to. 🙂

Don’t Wait Any Longer. Send a Message & Get Started Today!

  • This field is for validation purposes and should be left unchanged.