6 Tips for Creating an Airtight Privacy Policy Erin Posey Laws affecting online business owners differ from jurisdiction to jurisdiction, but one thing is abundantly clear: Everyone with a website who’s collecting information from their visitors needs a privacy policy. You could be a booming e-commerce site featured in Forbes or a blogger sharing interior decorating tips for a small community of friends, family, and fellow design enthusiasts. If you’re collecting data, you’re affecting a visitor’s privacy. Now, modern online marketing relies on visitor and customer data. Bloggers collect email addresses, e-commerce sites store financial transaction details and B2B businesses store email addresses captured from lead magnets. And most people on the internet know websites collect information about them. That said, they want to know what exactly they’re collecting and what they’re using it for. So long as you’re straightforward about your data collection and usage, the tips below should help you write a solid privacy policy. Keep in mind, however, that if your business operates in a regulated industry (i.e. insurance, health care) you may have stricter privacy guidelines and would be well-advised to consult a legal expert. Don’t confuse your readers. When you hear “privacy policy” the words that come to mind are likely “dense,” “complicated,” “legalese.” This is not what you want for your privacy policy. A site visitor should be able to read your policy and leave confident that they know what you’re doing with their information. Write your privacy policy in a clear, straightforward manner. This advice doesn’t just apply to your wording. It applies to your formatting as well. Avoid tiny, poorly spaced text that makes your privacy policy a struggle to read. It implies you have something to hide, which is not what you want your visitors to think. State what information you’ll collect and where you’ll get it from. There’s a tremendous amount of information you can collect, and if you know what to do with it you can gain a competitive advantage. That said, you don’t want your customers to be surprised when they find out you’re also tracking their online browsing habits when they’re logged on to your site when they just thought you were collecting emails. Be transparent. Are you collecting email addresses? Does your website use cookies? Will you keep track of a customer’s buying habits? Outline these activities in your privacy policy, so you aren’t accused of being sneaky. Explicitly state if you share visitor information with third parties. This is probably one of the biggest concerns for internet users. Your audience may trust you, but that doesn’t mean they’ll be thrilled you’re sharing their information with advertisers. The good news is that most online product and content consumers understand the game and they recognize that there’s sometimes a need to share their information with third parties. What they’re not a fan of is perceived sneakiness. Keep your users informed so they retain a sense of agency about their data. Try not to leave it at that though. Share the reasons why you hand their data over to third parties. Is it to facilitate transactions? Improve the customer experience? Show your readers or customers why this data-sharing benefits them. Additionally, let them know what steps you take to protect their information and vet third parties. Provide an option for visitors to opt out of sharing their data. Again, people are largely okay with data usage, but they do want to know they have options. Giving users a say in how their information is used builds trust between you and your community. In fact, when it comes to communications like email newsletters U.S. companies must give subscribers the option to “unsubscribe” from email communications without paying a fee or providing information other than their email address. This is one of the requirements of the CAN-SPAM Act, enforced by the Federal Trade Commission. Include a note in your privacy policy that says you’ll let visitors know when there’s changes. Stay on top of changes to your data usage. Each time your data collection activities change, update your privacy policy and be sure to shoot an email to all of your members to alert them to the changes. Notice how companies like Twitter or Apple send you an emails with updates and ask you to accept them? Notifying your community of updates fosters a digital community of transparency and also protects your reputation. Don’t copy someone else’s privacy policy word for word. Yes, this is a huge time saver, but it may come back to bite you in the butt and cost you double the hours. This is because every business is different and your data management may not be the same as that other company’s data management, leaving your privacy policy with holes. That said, there’s nothing wrong with using other privacy policies as a guide for how to structure your own. Just make sure your final product reflects the unique considerations of your website. A privacy policy protects your reputation and fosters trust in your online community. Any business that collects information about its online users should take the time to write one.