Rob Swystun, Pristine Advisers
The Federal Trade Commission, which oversees privacy laws and policies as they pertain to consumers, has been protecting consumer privacy for over 40 years, meaning companies have always had to have privacy policies for their interactions with customers. Obviously, over the past several years more and more of those companies have moved online or are completely online.
Why it’s important
The FTC is diligent about responding to consumer complaints about privacy and has already gone after companies for illegally collecting information, like when it reached a settlement in February of this year with an app developer who was found to have collected children’s personal information without the consent of their parents. Despite new technologies coming out fast and furiously, the FTC is doing its best to keep up.
1. Use easy to understand language. Ah, the point that you see over and over in regards to communicating with customers. And for good reason. Using accessible language keeps things simple and promotes the reading of documents that people should read but usually don’t (mostly because they’re hard to understand). If your target market is under 13, write the policy for the parent or guardian and if your target market’s primary language isn’t English, have your policy translated into any appropriate languages and post them.
2. Determine what information you want to collect. The excuse that your interface was collecting information that you didn’t know about won’t fly so make sure you know exactly what info you are collecting. This might mean bringing people in to look at the back end of your consumer interface and fill you in on what is being collected, which is fine. Ignorance won’t be a useful defense if your interface is collecting information that you are unaware of. And, to add to that, once you know what it’s capable of collecting, you either have to disclose what will be collected or give people a means to opt out of it. What level consumers are able engage with your platform (like video and image sharing, for example) will also help determine what information you collect and what will be required to be collected for legal reasons.
3. Explain how the information is to be collected. This is the area where things can get really technical, so it’s important to go over this section and make sure it’s not full of technobabble that will leave people scratching their heads. As in point number one, just use plain language so people can understand how their information is being collected.
4. Explain your obligations for cooperating with law enforcement. Make it clear that if you are compelled by law, the information your consumers provide might have to be shared with a third party.
5. If you plan to share information with third parties, make it clear what will be shared and with whom. If you plan on selling information to a third party, first off; shame on you and secondly; even if the information is aggregate and will not be personally identifiable, make sure you tell people in the policy. And if individually identifiable information is to be sold, make sure it’s especially clear.
6. Give your consumers a way to opt-out of having their information collected. And make it easy for them, even if it means they won’t be able to access your site. Make sure you also update your records so people who have opted out have their information purged from your system.
7. Give consumers the option to update and/or change their information. It’s a good idea to have a separate email or specific form for this purpose.