A privacy policy is not just a legal requirement, it is a tool to help earn your customers’ trust and to protect yourself. In many ways, it sets the stage for the next steps such as data security, sharing and storage. In this blog, we share 7 tips that will help you when drafting your privacy policy.
- Update your privacy policy if there’s a change in any process or procedures related to any of the 5 key elements of the privacy policy (data procuring, storage, security, sharing and customer rights) and notify your customers of the update. Even a simple pop-up on the website, telling them you have made some updates to the existing privacy policy and they need to ‘accept’/ authorize the new one, will do.
- You need to make sure the privacy policy is a part of your website’s sitemap or clearly visible in the footer. The goal is to ensure it is easily accessible to your website visitors, in case they wish to read it. With the same goal in mind, we recommend that you keep it simple. There’s no need to use fancy words and jargon in your privacy policy. Just ensure it covers and conveys everything.
- Give a link to the privacy policy wherever it can come into play. For example, before filling a form (for demo/appointment/asset download), before check out (at the time of a purchase) or even just as they enter your website.
- Don’t forget the cookies! If your site uses cookies to store visitors’ preferences with the goal to offer a more personalized browsing experience, you need to let your visitors know of that. A pop-up on your site during their first time visit is a good way to do this.
- There are many websites online that you can use to get a template or a framework for your privacy policy. A great resource to get started with is the Better Business Bureau’s privacy policy template. They have privacy policy templates customized as per the state you operate in. Here’s a link to one of them – https://www.bbb.org/greater-san-francisco/for-businesses/toolkits1/sample-privacy-policy/
- Make sure your privacy policy mirrors the standards for the industry you are in. For example, a privacy policy for a business that sells products may differ from that for a service- oriented firm. An accounting firm or a healthcare service provider may have to cover more ground in their privacy policy owing to other regulatory requirements than a simple ecommerce based product seller.
- Stay abreast with developments that may affect your privacy policy. The GDPR is one of them. If you are afraid you won’t be able to keep tabs on such news, ask your MSP and legal counsel.
If you are too busy to draft a privacy policy that suits your business or are just not sure if you have covered everything that you need to, it may be a good idea to sit with your Managed Service Provider and have them review your existing policy or create a new one for your business.
- NOTE: This blog is for informational purposes only and designed solely to encourage awareness of this complex topic. To learn more, contact legal and technical professionals for advice.
T3 Audit – When compliance is something you think about every day
A T3 Audit is a comprehensive IT audit of your organization’s adherence to regulatory guidelines. It identifies areas of vulnerability and then guides you to establishing and maintaining policies and procedures to put you in compliance with laws, standards, and best practices.
Learn more here.