What should your privacy policy cover?

Dec 16, 2019 | Privacy Policy

As a business, you deal with a lot of personally identifiable information on a daily basis. It can come from anybody who interacts with your business. It could be your clients, your vendors, employees, etc. You need to have a privacy policy declaring how you, as a business entity, will be using that data. Below are five key elements that a privacy policy must touch upon.

Be open about the information and data you are collecting

Your privacy policy needs to spell out what kind of PII you are collecting. Make sure you cover all possible data — right from something as ambiguous as first names to the more important ones like credit card information.

Share how the data you collect will be used

The next step is to state how you will be using the data you procure and for what purposes. For example, if you will be using the data to reach out to customers at a later date to market your products and services, you need to state that.

Inform the user about data sharing

Who will you be sharing the data with? You need to identify who you will be sharing the PII with. For example, it is possible that your vendors or partners may have access to it. You need to declare this clearly in the privacy policy.

Explain your security and storage procedures

Your privacy policy should identify how you will be storing the PII. You also need to discuss the security measures you will be taking to keep it safe. 7 Steps to Protect Your Business from Cybercriminals includes details on how you can ask your IT team for Business Protection Documentation that can help you prepare and review the protection and security tools and policies you either currently or should have in place.

A bit from the customer’s perspective

The first 4 elements discussed here pertain to disclosure of information regarding data collection, sharing, storage and security. These are all from the business’s perspective. The final item in the privacy policy covers the rights of your visitor. Your privacy policy must mention:

  • How visitors can see what PII of theirs has been procured
  • Correct or update their PII
  • What recourse visitors can take if there’s a breach of the privacy policy

NOTE: It is imperative that these five elements are included in a company’s privacy policy; however, this blog is for informational purposes only and designed solely to encourage awareness of this complex topic. To learn more, contact legal and technical professionals for advice.