What should your privacy policy cover?

What should your privacy policy cover?

As a business, you deal with a lot of personally identifiable information on a daily basis. It can come from anybody who interacts with your business. It could be your clients, your vendors, employees, etc. You need to have a privacy policy declaring how you, as a business entity, will be using that data. What does your privacy policy cover? There are 5 key elements that a privacy policy must touch upon. They are:

Information about the data you are collecting

Your privacy policy needs to spell out what kind of PII you are collecting. Make sure you cover all possible data –right from something as ambiguous as first names to the more important ones like credit card information.

Information about how the data you collect will be used

The next step is to state how you will be using the data you procure and for what purposes. For example, if you will be using the data to reach out to customers at a later date to market your products and services, you need to state that.

Information about data sharing

Who will you be sharing the data with? You need to identify who you will be sharing the PII with. For example, it is possible that your vendors or partners may have access to it. You need to declare this clearly in the privacy policy.

Information about data security and storage

Your privacy policy should identify how you will be storing the PII. You also need to discuss the security measures you will be taking to keep it safe.

A bit from the customer’s perspective

The first 4 elements discussed here pertain to disclosure of information regarding data collection, sharing, storage and security. These are all from the business’s perspective. The final item in the privacy policy covers the rights of your visitor. Your privacy policy must mention

  • How visitors can see what PII of theirs has been procured
  • Correct or update their PII
  • What recourse visitors can take if there’s a breach of the privacy policy

Be sure your privacy policy covers all these 5 areas. You can also run it by a credible MSP or ask them for a template or draft.

  • NOTE: This blog is for informational purposes only and designed solely to encourage awareness of this complex topic. To learn more, contact legal and technical professionals for advice.

T3 vCIO is an onsite consultation service created for small- and medium-sized business leaders who need long term strategic IT guidance. A vCIO helps you define your IT strategy, identify business critical technologies, and implement a plan for success. A vCIO will evaluate the strengths and weaknesses of your IT and then create a new business technology architecture to meet your vision of success.

Learn more here.