You should EXPLAIN how you protect the data and the recourse for privacy violations.
Data collection results in privacy concerns and misuse worries. You need to inform users exactly what information your site is collecting, how you use it, and why you have to collect it. This allows you to strengthen their confidence and trust in your site.
You need one if your business, website, or mobile app collects personal information from its users.
General Data Protection Regulation (GDPR)
The GDPR benefits European Economic Area (EEA) residents. This set of regulations applies regardless of where the site or app is located, as long as its audience is EEA residents.
It revolves around giving users more rights as to how and when their personal data is collected.
It incorporates a “Privacy by Design” model. This requires businesses to consider their users’ data privacy in the design of their business practices, systems, and processes.
Its effectiveness has made it become the basis of succeeding modern data privacy laws.
California Consumer Privacy Act (CCPA)
The CCPA is remarkable because it is the first comprehensive data privacy law that a US state passed.
It gives users, particularly residents of California, rights over the information that businesses collect.
ePrivacy Directive and Regulation
The ePrivacy Directive and Regulation is also referred to as the EU cookie law.
This was the main regulator of EU internet privacy. It ensured that websites got user consent first to place unrelated cookies in their browsers.
Personal Information Protection and Electronic Documents Act (PIPEDA)
The PIPEDA gives Canadian users the right to consent to their personal data collection.
It also allows them access to their information and dispute inaccuracies. It also limits the data collection to its specified purpose only.
You should be able to reflect on how much you value your users’ privacy and patronage!
You can use this tool as a starting point for your business. You can add or remove policies to make them more applicable to your business.
Aside from this, you can also edit the language and technicalities to make it a better fit for you and your business.
Step 1: Identify All the Personal Information You Gather When You Collect Data
Gathered basic information includes the following:
- Contact information
- IP addresses
- Payment information
You should be keen as to WHEN and WHERE you collect personal data. You should do a thorough review of your site to determine where you collect data.
Step 2: Explain How You Use Your Data Collection
The next step is informing users how you plan to use the data you collect.
Be transparent with your users to put them at ease!
Let them know if you are using the information for product recommendations or custom promotions.
It helps to let them know that you’re using their information to provide them with special offers.
Step 3: Address Child Privacy Issues
Provide a clause that addresses child privacy in your privacy statement. This is regardless if the audience of your website or mobile app is children or adults.
On the other hand, the Children’s Online Privacy Protection Act (COPPA) forbids you to knowingly collect private information from children aged 18 and younger.
Step 4: Explain How You Protect Personal Information
As such, you should explain how you will protect the personal information that your website or mobile app collects.
Show how you can prevent possible security breaches and prohibited access. The level of your security measures depends on the sensitivity of the data you gather.
You should make your users feel safe and secure when they provide sensitive information.
If they do not feel confident in giving their banking and payment information, you may miss out on possible sales revenues.
Step 5: Provide a Recourse Policy
There may be situations where you may not have honored your users’ data privacy or your own policy. To prepare for times like these, provide a portion of recourse.
This portion tells visitors who to contact in cases of policy violations and gives them the alternative to opt out of it.
This will reflect how much you value the privacy of your users and the respect you have for them.
You can turn to third parties to collect personal information from your users or share the personal information and contact information collected.
In any of the two cases where a third party is involved, you should let your users know about this.
Third-party tools can help you with content optimization, lead generation, site analytics, affiliate marketing, and even customer service.
IMPORTANT TIP: If you are not yet involved with any third party, it is still best to disclose the possible involvement in your privacy statement.
Your cookies clause can be short, as long as you provide a link to your detailed cookies policy.
What is more important is that you give your users the choice to opt out to disable cookies if they want to.
Step 8: Explain How Users Access and Control Their Data
At the end of the day, the data you have collected is still your users’.
Let them know about their rights relating to the personal information you collect.
For example, they have the right to access the data collected again or have them permanently deleted from your databases.
A DSAR form gives your users the option to access, edit, transfer, and delete their personal data.
Step 9: Notify Users of Future Policy Changes
It is unavoidable that your business will change or grow in a period.
You may indicate in your original privacy statement your right to change it whenever the situation calls for change.
You should also include the right of your users to be informed about any revision.
Most companies have a link or button to their privacy policies in the footer of their website.
Additional Tips When Writing Privacy Policies
#1 Consider Supplementary Clauses
For example, you can include a communications clause. This should contain all your contact information for your app users to reach you.
If you have a chat box on your website, let your users know that their personal information, like their name, contact information, and email address, is part of the data you are collecting.
Another supplementary clause you can consider is a business transfer clause. The future is uncertain, and you can never know for sure if you will have to sell your business later on.
This clause will help you minimize your potential liabilities when it comes to that point. It will give your users a heads-up on how their personal data may be passed on to a new owner when you decide to sell your business.
The most common example of an additional clause is the terms and conditions agreement. It is not always mandated by law, but it can help you avoid unacceptable user behavior.
It serves as the rules and guidelines for your website or mobile app. It acts as a contract between you and your users.
It helps in getting the consent and confidence of your users when they clearly understand what you are trying to say.
Your users can also skip to the more important parts that concern them more.
Many users may doubt the technicalities to be misleading. As such, they may not give you their consent to get their personal data.
Frequently Asked Questions
What Is Considered a Violation of Privacy?
The main factor that constitutes a violation of privacy is the absence of consent.
Common types of this violation include the appropriation of name or likeness, intrusion upon seclusion, false light, and public disclosure of private facts.
All these become problems when the owner of the data collected does not give you their consent to do so.
When you do so, you lose the trust of your users and waste plenty of your resources in attempts to redeem your reputation.
To add to this, you will have to face certain sanctions, fines, and legal claims.
However, it is still best to seek legal advice to ensure that you cover all the important details.