Drafting Your Website Privacy Policy

Before jumping in to create your own privacy policy, remember what a privacy policy is: the agreement where you disclose how you collect, keep and process your users’ personal information. Privacy policies are not Terms of Service agreements: Terms of Service are rules which users must agree to in order to use your service or your website.

What is personal information (or personally identifiable information)?

In the context of U.S. privacy laws, for example, it’s information that can be used to identity an individual; that is information either used on its own or with other type of information.

The number one personal information collected by most websites is the email addresses. Then follows the phone numbers, the names (first and last name) and so on.

When drafting your website privacy policy agreement, consider the following:

1. What personal information do you collect?

The first purpose of a privacy policy is to disclose what type of information your business collects from visitors or members: personal information submitted by the member itself, information collected automatically by third party tools your website may use (such as Google Analytics), cookies files stored on users’ computers, and so on.

Your policy must clearly specify what type of information you collect. This usually includes the following:

  • email address
  • date of birth
  • billing information
  • phone number
  • first and last name
  • and so on

In this section you should also add if you store cookies on users’ computers. Go to our recent article on Business2Community for the Cookie clause example and other 4 important privacy policy clauses that you need to consider.

2. What do you do with the information?

A second purpose of a privacy policy is to disclose what do you do with the personal data you collect and keep from your users. A called “Personal Information Usage” clause would include what do you plan to do with the  data, such as “We use your Personal Information for improving our Site” and so on.

But, what do you use your users’ data for? Include that in your privacy policy.

3. Do you allow access to children under 13?

The Children’s Online Privacy Protection Act, or COPPA, has a list of detailed requirements of websites that are collecting personal data from users under the age of 13.

Among the list of requirements, a business must obtain verifiable parental consent before collecting (collecting, use and/or disclosure) any kind of personal data from a children under 13.

If your website is not intended for children under 13, make sure your policy includes a statement for this.

4. Do you cover a merger or acquisition event?

Your privacy policy should also disclose what happens in the event your business is going through a merger or is getting acquired and what happens with the personal data of your users after this event.

You can download a free privacy policy template to get started faster with your privacy policy.

Another recommended tip is to share your first draft of privacy policy with your Chief Developer, Programmer or System Administrator to confirm what personal information your website is collecting to make sure you haven’t left anything out before publishing.

More Business articles from Business 2 Community:

See all articles from Business 2 Community

Friend's Activity