The privacy policy is meant to be a clear and concise statement explaining your product’s data collection, handling, security and deletion practices, yet for many, the process of putting the statement together is anything but clear and concise. Policies are either copied from others or created through “policy in a box” products that may provide a starting point, but aren’t necessarily meant to cover all the bases. The result is often policies that are inaccurate, overly complex (or missing critical information), difficult for consumers to understand and out of alignment with regulatory requirements.
It doesn’t have to be that way. Here are a few tips for elevating your compliance practices and ensuring that your privacy policy reflects your brand properly.
- Make it yours: It’s tempting to cut and paste from the policy of a company you trust. However, there’s no guarantee that the policy you choose to imitate will be compliant, and it definitely doesn’t make it the right policy for you. Your policy needs to reflect your unique data collection and handling practices. To that end, it is almost impossible to write a complete and accurate privacy policy without benefit of a thorough manual and technical assessment of your product. If someone offers to write your privacy policy without that information, think twice about the offer, as you will likely need to have the policy rewritten.
- Experience matters: It’s not uncommon to see policies missing key ingredients, or with information that – while accurate – reflects practices that aren’t compliant. If you’re not equipped to write the policy yourself, work with someone who is fluent in applicable federal and state regulation, self-regulation and your industry norms. All areas of expertise are important. You’ll want someone who can put all the required elements into the policy and help you address any practices that step outside the lines.
- Look ahead: Consider not only what you’re doing now, but what you might do in the future so that you can avoid rewriting the policy with every product change. Are there features on your roadmap that have implications for data handling practices? Planning to run a promotion in the next few months? It’s OK to craft the policies around these now, as long as the end results accurately explain what you will do in the future.
- Keep it simple: Can the average reader understand your privacy policy? If not, rewrite it. There may be some technical and legal jargon that needs to be included, but there’s nothing that can’t be explained in plain language. Your privacy policy is meant to be a helpful tool for consumers. Distinguish yourself by crafting something your audience can actually use.
- Stay informed: Your policy may be complete, but the work isn’t done. Industry is always moving forward. Your business and products will evolve over time, and regulatory changes are on the horizon as well. Know what’s coming next and be sure that your policies and practices remain accurate and up-to-date.
Now that you have a framework for creating a privacy policy that’s compliant and reflects your brand well, don’t forget to display it prominently! Include the required links in your product, wherever you’re collecting data, and when possible, in a place that consumers can review it before they decide to enjoy your product.