As a business, you deal with a lot of personally identifiable information on a daily basis. It can come from anybody who interacts with your business. It could be your clients, your vendors, employees, etc. You need to have a privacy policy declaring how you, as a business entity, will be using that data. There are 5 key elements that a privacy policy must touch upon. They are
Information about the data you are collecting
Your privacy policy needs to spell out what kind of PII you are collecting. Make sure you cover all possible data –right from something as ambiguous as first names to the more important ones like credit card information.
Information about how the data you collect will be used
The next step is to state how you will be using the data you procure and for what purposes. For example, if you will be using the data to reach out to customers at a later date to market your products and services, you need to state that.
Information about data sharing
Who will you be sharing the data with? You need to identify who you will be sharing the PII with. For example, it is possible that your vendors or partners may have access to it. You need to declare this clearly in the privacy policy.
Information about data security and storage
Your privacy policy should identify how you will be storing the PII. You also need to discuss the security measures you will be taking to keep it safe.
A bit from the customer’s perspective
The first 4 elements discussed here pertain to disclosure of information regarding data collection, sharing, storage and security. These are all from the business’s perspective. The final item in the privacy policy covers the rights of your visitor. Your privacy policy must mention
- How visitors can see what PII of theirs has been procured
- Correct or update their PII
- What recourse visitors can take if there’s a breach of the privacy policy
Be sure to cover all these 5 areas when drafting your privacy policy. You can also run it by a credible MSP or ask them for a template or draft.
- NOTE: This blog is for informational purposes only and designed solely to encourage awareness of this complex topic. To learn more, contact legal and technical professionals for advice.