Studies show that 56% of all internet users accept a company’s privacy policy without reading it. Unfortunately, this behaviour was exploited by a few companies, and many customers’ personal data was hacked and misused by anti-social entities.
2018 in particular, brought matters to a head.
The past year has been a challenging time for customers, companies and legal authorities. Security breaches and data scams of global proportions have brought to the fore the importance of a properly defined privacy policy.
These days, we have many regulations like the General Data Protection Regulation, which have brought about country-wide and region-wide changes regarding data sharing and online privacy.
Companies that wish to be legally complaint must ensure they put in place the right measures, and more importantly, convey the right information to customers through beautifully written privacy policies. After all, compliance starts with communication.
Create an internationally-complaint privacy policy by following these steps
- Give a brief description of your company and its ethics
A general introduction about your company, its stance on customer data privacy and ethical digital practices can help customers understand your company better. By reading this information, they will get a variety of information like:
- Why the privacy policy exists
- What the company’s data collection objective is
- How the company uses and shares customers’ data
- How the policy will benefit the customers
Image Credits: Pixabay
- Specify which data you will be collecting and from where
A lot of data privacy problems arise because customers are unaware of what type of data companies collect. That is why it’s important for companies to clearly spell out each type of data they collect both through contact forms and website cookies.
Your information collection checklist should mention:
- Customer’s name
- Phone number
- Email ID
- Picture/s
- Home/office address
- User content – likes, shares, comments
- Verification information like OTPs and stored passwords
- Payment information
Next, it’s very important to specify where you are collecting this data from.
For example, apart from traditional data collection tools like the computer and the mobile phone, some companies also use secondary data collection devices – Disney and its MagicBand wristband, Garmin and its watch, Amazon and Alexa and so on.
It’s important also to list the type of data you collect from such secondary data collection devices if you use them.
- Explain why you need customers’ data
Are you using customers’ data to improve the products and services you offer? Do you need their data to comply with your country’s legal requirements? Maybe you’re sharing this data with another company (?).
Irrespective of what your reasons are, it’s extremely important to let customers know how and why their data will be used. Transparency is the key here. If you use cookies on your website, let your customers know of the same.
According to GDPR, companies are now required to showcase their cookie notifications at the top of the Homepage.
- Provide clear information about opt-outs
According to regulations by international bodies (for example, the FTC), companies must provide customers with a means to opt-out from both data sharing and from receiving future communication from the company.
Typically, information about these opt-outs should be available in your privacy policy. There should also be a detailed explanation of the opt-out procedure in your privacy policy.
These days, you can hire experienced content writers to draft customised privacy policies, which are easy to understand and which provide detailed, step-by-step information about a variety of processes, including opt-outs.
Image Credits: Pixabay
- Detail your data storage policy
Some forms of data like credit card or debit card numbers, PayPal account details, and so on are extremely sensitive. Many e-commerce sites store these details on servers they control or which a trusted vendor manages. But customers seldom have any insight into how these sensitive data are protected and how they are used.
This is something that every privacy policy needs to explain.
The objective of a company’s privacy policy is to show customers how the company cares for and safeguards its data. Having a page dedicated to data security protocols can give customers peace of mind that their data is in trusted hands.
- Talk about third-party vendors, apps and data sharing
In her research about data sharing and customer privacy, Ford Mozilla Open Web Fellow Rebecca Ricks created a brilliant visualisation about the number of (sometimes) unethical ways in which companies share customers’ private data with third-party vendors. Her research provided extremely distressing results. Even reputed companies like PayPal, Google and Microsoft were found lacking in their data privacy compliance.
Results like these can make customers distrustful of your company. They may even stop engaging with you. That’s why it’s extremely imperative that you provide a detailed account of the third-party vendors and apps with whom you share your data. It’s also best practice to specify the objective of data sharing.
- Always include child-safe information, triggers and warnings
International data privacy regulations, like COPPA, are particularly stringent about children’s data privacy online. Companies can be penalised for not having a dedicated child protection policy in place. It is mandatory that you provide information about how you process information provided by underage users; irrespective of whether you run a website for children or not.
As a good practice, include a notice specifically for underage users on the landing page, asking them NOT to provide any data. Having a check-box which minors can select, which allows them to directly opt-out of all data sharing and communication, can help.
Image Credits: Pixabay
- Give information regarding data security redressal
One of the biggest benefits that the GDPR has brought customers is autonomy. Today, customers can actively decide which information they wish to share with companies. Your privacy policy should highlight this right to customers.
Additionally, a section of your privacy policy should also be dedicated to providing information about data sharing redressal mechanisms. If your customers accidentally agree to share data with you, which they don’t wish to, they should have means to revoke these permissions.
Use your privacy policy to outline how customers can revoke data sharing permissions and provide contact details of your customer service team here.
- Include DOE and clauses for policy changes
Finally, every privacy policy should outline when it comes into effect. This way, you can protect yourself, should you be charged with lawsuits about data misuse.
Additionally, you should also include a clause which safeguards you from any policy changes you may make in the future to meet the requirements of amended regulations.
Need help developing a strong privacy policy?
The team at Godot Media have extensive experience writing quality business content, including privacy policies and security pages. Feel free to speak to us for more information about our services.
Feature Image Credits: Pixabay
Author bio:
Nisha Prakash is a blogger specializing in social media marketing and content management. She is an avid runner and a bibliophile.