Choosing Your Founding Principles
After laying out an approach with respect to PII, companies should identify and establish their convictions on the topic of information privacy and build a working policy around those principles. The Federal Trade Commission urges organizations to adopt the following three propositions as privacy pillars:
Privacy By Design
Privacy should be built in at every stage of product development.
Too often, consumer privacy issues are relegated to organizational back-burners. High-profile data breaches and widespread public concern over the security of personal information have made it perilous for companies to continue to ignore these matters. Institutional handling of such sensitive topics impact vital metrics of trust, accountability, and transparency. You should include privacy protections as essential ingredients in any services offered.
When engaging in transactions, consumers should feel empowered to make informed decisions about how their personal information will be used. Companies should build simple processes that allow clients to choose the extent to which their information will play a role in organizational actions, whether it be third-party data exchange or PII storage. Offer consumers clear options, and let them make the decisions.
When it comes to collecting and using customer information, companies should err on the side of transparency. It’s a bad idea to bury information policies in hyperlinked asides concealed by an avalanche of legalese. The more opaque the process seems, the less likely you are to gain the trust of your clients. Share openly, and make sure your customers know what is happening to their sensitive information.
Constructing An Elegant Statement
Avoid lengthy, unreadable privacy policies couched in technical jargon and obscure legal phrasing. Use plain language and intuitive formatting, such as “layered” statements that rank and explain issues in order of relevance. Where possible, standardize your use of terminology and strive for succinct declarations.
Make sure your organization’s policies regarding cookies and other online tracking methods are clear and easy to find. Where possible, ensure your customers are informed of the various “Do Not Track” protections available in most Web browsers, and describe your site’s response to “Do Not Track” requests.
Data Use & Data Sharing
Explain your use of personally identifiable information in simple, clear terms. Note any relevant storage or sharing procedures, and detail with whom and under what circumstances you intend to share PII, including how you intend to share information with law enforcement.
Individual Choice & Access
Where possible, describe the choices your customers have in how their personal information is shared, accessed, used and stored. Create opt-outs for certain non-vital uses of PII, and be sure to pinpoint your organization’s policies relating to unauthorized information use and the length of time sensitive details are stored in company servers.
Provide company contact information for customers who have questions relating to privacy issues, and highlight avenues of redress in the case of data breaches or other informational malfeasance.
Broadcast your intention to conduct regular privacy reviews. These reviews will ensure your company is living up to its promises, and will provide your customers with some much-needed peace of mind.
Privacy Certification Programs
Consider adopting privacy certification programs such as TRUSTe to better improve your institution’s handling of privacy-related matters and promote consumer trust as well as corporate accountability.
DISCLAIMER: The information in this article is provided for informational purposes only and should not be construed or relied upon as legal advice. This article may constitute attorney advertising under applicable state laws.