privacy policy

Privacy Policy Best Practices

privacy policy

Key to instilling trust in users, your privacy policy tells visitors to your site what to expect when they provide personal information. What you might not realize is it is actually a legal document. Your privacy policy is a contract between you and your users in which you promise to behave in a certain manner in exchange for the data they provide. These privacy policy best practices will help you draft one people can understand, in as succinct a fashion as possible.

Start with Information You’re Collecting

What you collect will vary according to your industry, as well as your specific needs and intentions. However, it’s important to disclose all of this to the user so they have an opportunity to decide whether it’s worth giving you what you’re asking for to get what they want—or need.

In most e-commerce situations, this will include:

  • Name
  • Address
  • Telephone number
  • E-mail address
  • Credit card information
  • Banking account information
  • Social Security number

Your privacy policy should also disclose:

  • What information you collect
       • With whom it is shared
       • How errors can be corrected,
       • How it is secured against hackers and identity thieves
       • How policy changes will be communicated
       • How to address concerns over misuse of personal data.
  • Opt-out or opt-in procedures
  • How cookies are used
  • Contact information (e.g., an e-mail or postal address)
  • The date the policy went (or goes) into effect

When to Notify Website Visitors

Your privacy policy should have its own menu listing, as well as a landing page on your site. It should also be revealed whenever customers are asked to provide sensitive information. Ideally, you will notify a user of your policies governing the use of their private information at the moment it is obtained. This usually takes the form of a popup and users are required to click on it to express their acquiescence. Most free website templates for ecommerce include formatting to accommodate this.

Crafting Your Policy

For the best results, your privacy policy should be written in language everybody here can easily understand. It should also be as short as possible, while meeting all legal requirements. Be clear and concise. Get straight to the point. Don’t try to Jedi mind trick your users into clicking without reading by employing dense legal jargon. People will see you as having something to hide and your credibility will suffer.

Ironically, you might be tempted to make it sound more formal and legal in an effort to establish your veracity. However, the opposite usually happens. People don’t trust what they can’t understand.

It’s also a good idea to include a values statement to help build trust. Just make sure you’ve already explained what you’re doing and why you’re doing it before you start talking about yourself.

Reviews and Updates

Things change, business models evolve and product lines expand. With these events can come new requirements for your privacy policy. It’s important to ensure yours keeps pace with the development of your business. As new relationships evolve, you may be required to share information with new partners and they may have differences in the way they handle data. You have to take all of this into consideration and inform your customers so their trust is not violated.

The Legalities

If you’re doing business in the United States, the Federal Trade Commission (FTC) enforces privacy policy regulations. You should be aware the organization takes its role quite seriously and has prosecuted cases of:

  • Broken promises
  • Retroactive privacy policy changes
  • Deceptive data collection or use
  • Inadequate data security
  • Inadequate disclosure of the amount of data gathering

Consequences have included the imposition of fines and audit obligations (which in some cases have lasted for 20 years). Imagine how much fun it would be to have the FTC looking over your shoulder for 20 years. While these privacy policy best practices will help keep you in compliance with government regulations, they will also go a long way toward establishing your trustworthiness in the eyes of your customers.

Anik is an IT professional and Data Science Enthusiast. He loves to spend a lot of time testing and reviewing the latest gadgets and software. He likes all things tech and his passion for smartphones is only matched by his passion for Sci-Fi TV Series.