Does your website have:
- Google Analytics installed?
- A contact form?
- Comments enabled?
- A form to collect email addresses?
The goal is transparency
I’m a big fan of keeping the public policy of laws in the back of my mind as I try to understand why the laws are the way they are. The public policy behind privacy policies is centered on protecting consumers.
What should you include?
- Who is collecting the information (e.g. you are collecting it or Google/Facebook is collecting it on your behalf)
- What data is being collected
- How you are using this information
- If you share this information with anyone else
- If the data is aggregated so you can’t identify any individual user
How to opt in/out
You should give your visitors a way to let you know if they don’t want their data collected and used. From the website owner’s standpoint, it’s usually easier to implement an “opt-out” policy, that requires consumers to let you know if they don’t want their data collected rather than an “opt-in” policy. Either way, you should let visitors know the process.
Access to data
Since you’ve got data on consumers, you need to let them know how they can review the information you’ve collected that’s specifically identifiable to them (rather than data that’s only identifiable in the aggregate).
- Who do they address their request and what email/mailing address to they send it to?
- How long will it take you to provide a response?
- Will they need to pay anything to cover the costs of researching and gathering the data?
If you are collecting and storing sensitive identifiable data that hackers might want to get at (e.g. credit card numbers) then you should have security measures in place to store and dispose of that data when it’s no longer needed.
Word of warning: kids
If you know that you have a young audience, then you need to comply with laws surrounding the collection and storage of data on children under the age of 13. This requires the consent of the parents to collect data and parents must be able to review the data and revoke permission at any time. These laws are strict, so you should research this area if your site caters to children.
Follow your policy
You should also regularly review your policy to make sure that it still outlines all the data you are collecting and matches up with what you are doing.