|
How
to Write a Privacy Policy
by Anti Spam League
A Privacy Policy can be defined as the policy under
which a company or organization operating a web site
handles the personal information collected about visitors
to the site. For most of us consumers, privacy involves
protecting our integrity and our right to disclose or
not our personal information to third parties, without
letting anybody bother us with unsolicited communications
if we do not want to be contacted.
Why has privacy become such a big deal for consumers
over the last few years? The answer is that customers
need reassurance before giving out their personal information
to someone they do not know. They might really like
your web site and even visit it often, but as soon as
you ask for their name, they get suspicious. Moreover,
if you also ask for their address, phone number, credit
card number, bank names, account numbers, health history,
or current job information, they start worrying about
what you are going to do with all that information.
Can you blame them? Of course you cannot. What you have
to do is ensure you address some basic but critical
aspects of their concern, through a clear and efficient
Privacy Policy.
Below are some important issues you should take into
consideration when writing your company’s Privacy
Policy:
1) Explain what types of information you collect and
how you use it
Provide reassurance. Clearly explain what types of
information you ask from your visitors for and what
you are going to do with such information. Besides personal
information, what other information do you keep track
of? Do you collect information from children? How do
you verify parental consent for information about their
children? Remember that information is power and although
about two thirds of Internet users might be willing
to accept a guarantee that you will not abuse their
privacy, the other quarter feels extremely nervous about
the way their personal information might be used. Therefore,
if your web site mines raw transaction data to identify
visitors, to come up with new offers, or to sell their
names to merchandisers, you will need to explain how
you share that information within your own family of
companies and outside, or else you will very likely
face serious legal problems.
2) Explain why your server and online operations are
secure
Now you have already told people what information you
ask for and what you do with it, but that is just the
tip of the iceberg. Next you will have to explain what
makes your server and online operations secure. You
probably do not want to be caught with no answer when
confronted with questions such as, ‘How do you
make sure nobody steals my credit card information?’
or ‘How do you protect the privacy of my emails
to your customer support team?’ Point out how your
consumers can tell if they are really on a secure server,
i.e. the change in the URL, the icons that show up on
the status bar, etc. You may even take a shot at explaining
encryption, and the Secure Sockets Layer. Most importantly,
concentrate on the benefits to the consumer, for in
the end, most of them will not care less about all the
security measures you take and all the money you spend
to make your website secure, unless that translates
into some specific benefits to them.
3) Let customers out
When people read your Privacy Policy for the first
time, they will want to know how they can start or stop
receiving email from you. Giving customers an opt-in
and opt-out option is a great way to build trust and
lower their personal barriers. However, you must be
aware that people’s needs, desires and interests
might change over time and despite the fact that no
one likes to lose a customer, you must let them go if
they state that they are no longer interested in receiving
your emails. In order to protect your customers’
privacy, you must give them access to their personal
profile or account, and let them delete themselves.
Since one of the biggest invasions of privacy is spam,
one of the organizations created to fight spam called
The Anti SPAM League considers that it is a good idea
to allow people to opt into your e-mail newsletter twice
- once by clicking the checkbox and Submit button, and
again by responding to the e-mail notification that
they can subscribe if they reply -. Double opt-in makes
it more likely that people know what they are doing
when they volunteer for the email. Remember to include
an ‘unsubscribe’ option at the bottom of each
newsletter you email to your customer base. Of course,
if most of your customers request to be removed from
your mailing list then you will have a much more serious
problem because your business will be in danger. But
still, you must always give your customers a way out.
4) Let customers view and edit their personal information
If you give people the opportunity to view and edit
their information, chances are they will provide even
more. The reasoning under this is pretty basic: almost
no one destroys his or her own data. Therefore, whenever
you display customers’ personal information, place
clear and visible labels indicating how they can edit
it. Be clear about how they can view and edit their
information, i.e. ‘You can access all your personally
identifiable information that we collect online by logging
in and clicking the ‘Change User Info’ link
in the box on the right-hand side of every page’.
Also, answer questions that might be of extreme importance
to some customers such as, ‘Can I review information
you have about my child?’.
5) Inform customers about policy changes
Most businesses revise their Privacy Policies from
time to time. If you are among these businesses, inform
your customers how they can have access to those changes
and revisions. For example, include a sentence in your
Privacy Policy such as, ‘New versions will be posted
on this web site, so please check back periodically
for updates’.
6) Tell your customers who to contact in case they
have questions about privacy
Sometimes people might have some specific questions
that are not explicitly covered in your Privacy Policy.
For example, where they can learn more about their right
to privacy or who they can talk to if they have a question
about their privacy. Always include one or more ways
in which customers can contact you regarding privacy
issues. This contributes a lot in terms of reassurance.
7) Write a privacy policy that people can understand
Last, but not least, this issue can make the whole
difference between a trusted business and one that may
look OK, but deep inside you feel you cannot trust.
Unfortunately, most Privacy Policies are written by
lawyers and consequently, contain way too many technicalities.
We do not question the value of legal terminology, but
we greatly emphasize the fact that a Privacy Policy
does not need to sound too serious or elegant. It just
needs to be clear and simple, so that any average consumer
can understand it without much effort. If you use industry
or in-house jargon without explanation you make readers
suspect that you are trying to pull the wool over their
eyes and the final result debilitates the whole purpose
of the policy, which is to build trust. Sure you will
have to talk about your security precautions, but refer
to them in plain English before you mention tech words
that most people do not understand.
Our advice regarding how to write an efficient Privacy
Policy can be summed up in just two sentences: ‘Keep
it simple’, and ‘Do not lie to your customers’.
If you want to learn more about this and other related
topics, check out www.Anti-Spam-League.org. This organization
offers free membership and the chance to access a wide
amount of relevant information on privacy, spam, email
abuse, Internet fraud, responsible marketing and several
other topics.
About the Author:
The purpose of the Anti SPAM League is to help consumers
and business owners reduce the amount of SPAM they receive.
In addition, our Anti SPAM organization believes that
educating site owners in the area of SPAM prevention
and ways to successfully and responsibly market their
sites, is key in making a difference.
>>
Return to Web Site Design Article
Index
|
