2018 in particular, brought matters to a head.
These days, we have many regulations like the General Data Protection Regulation, which have brought about country-wide and region-wide changes regarding data sharing and online privacy.
Companies that wish to be legally complaint must ensure they put in place the right measures, and more importantly, convey the right information to customers through beautifully written privacy policies. After all, compliance starts with communication.
- Give a brief description of your company and its ethics
A general introduction about your company, its stance on customer data privacy and ethical digital practices can help customers understand your company better. By reading this information, they will get a variety of information like:
- What the company’s data collection objective is
- How the company uses and shares customers’ data
- How the policy will benefit the customers
Image Credits: Pixabay
- Specify which data you will be collecting and from where
A lot of data privacy problems arise because customers are unaware of what type of data companies collect. That is why it’s important for companies to clearly spell out each type of data they collect both through contact forms and website cookies.
Your information collection checklist should mention:
- Customer’s name
- Phone number
- Email ID
- Home/office address
- User content – likes, shares, comments
- Verification information like OTPs and stored passwords
- Payment information
Next, it’s very important to specify where you are collecting this data from.
For example, apart from traditional data collection tools like the computer and the mobile phone, some companies also use secondary data collection devices – Disney and its MagicBand wristband, Garmin and its watch, Amazon and Alexa and so on.
It’s important also to list the type of data you collect from such secondary data collection devices if you use them.
- Explain why you need customers’ data
Are you using customers’ data to improve the products and services you offer? Do you need their data to comply with your country’s legal requirements? Maybe you’re sharing this data with another company (?).
According to GDPR, companies are now required to showcase their cookie notifications at the top of the Homepage.
- Provide clear information about opt-outs
According to regulations by international bodies (for example, the FTC), companies must provide customers with a means to opt-out from both data sharing and from receiving future communication from the company.
These days, you can hire experienced content writers to draft customised privacy policies, which are easy to understand and which provide detailed, step-by-step information about a variety of processes, including opt-outs.
Image Credits: Pixabay
- Detail your data storage policy
Some forms of data like credit/debit card numbers, PayPal account details, and so on are extremely sensitive. Many e-commerce sites store these details on servers they control or which a trusted vendor manages. But customers seldom have any insight into how these sensitive data are protected and how they are used.
- Talk about third-party vendors, apps and data sharing
In her research about data sharing and customer privacy, Ford Mozilla Open Web Fellow Rebecca Ricks created a brilliant visualisation about the number of (sometimes) unethical ways in which companies share customers’ private data with third-party vendors. Her research provided extremely distressing results. Even reputed companies like PayPal, Google and Microsoft were found lacking in their data privacy compliance.
Results like these can make customers distrustful of your company. They may even stop engaging with you. That’s why it’s extremely imperative that you provide a detailed account of the third-party vendors and apps with whom you share your data. It’s also best practice to specify the objective of data sharing.
- Always include child-safe information, triggers and warnings
International data privacy regulations, like COPPA, are particularly stringent about children’s data privacy online. Companies can be penalised for not having a dedicated child protection policy in place. It is mandatory that you provide information about how you process information provided by underage users; irrespective of whether you run a website for children or not.
As a good practice, include a notice specifically for underage users on the landing page, asking them NOT to provide any data. Having a check-box which minors can select, which allows them to directly opt-out of all data sharing and communication, can help.
Image Credits: Pixabay
- Give information regarding data security redressal
- Include DOE and clauses for policy changes
Additionally, you should also include a clause which safeguards you from any policy changes you may make in the future to meet the requirements of amended regulations.
The team at Godot Media have extensive experience writing quality business content, including privacy policies and security pages. Feel free to speak to us for more information about our services.
Feature Image Credits: Pixabay