BBB Logo

Council of Better Business Bureaus ®
Start With Trust®
Council of Better Business Bureaus
BBB Small Business Advice: Writing a Privacy Policy
December 07, 2010
Even if you think your business is too small to merit a privacy policy, the Better Business Bureau advises that if you have a website, you will benefit by having a comprehensive privacy policy.
Online privacy policies have taken center stage as social networking sites and search engines have recently come under fire for sharing user information. Even if you think your business is too small to merit a privacy policy, the Better Business Bureau advises that if you have a website, you will benefit by having a comprehensive privacy policy.

“Privacy policies are about transparency and are key to building trust between your business and your customers,” said Alison Southwick, BBB spokesperson. “While it’s easy to get intimidated by the scope and legalese, the bottom line is, you will increase consumer confidence in doing business on your website if you have a clear privacy policy.”

When drafting your website’s privacy policy, BBB recommends using simple language to answer the following five questions:

  • What information do you collect? – Outline the types of personal information that you collect from customers. This includes home address, e-mail, phone numbers and credit card numbers.

  • How do you collect the information? – Websites collect information from customers in many different ways. Even if you don’t actually sell goods through your site you might have an e-mail sign-up for a newsletter, an application for credit or install cookies on the visitor’s computer to track their activities. Disclose how data is being collected to show you have nothing to hide.

  • How do you use the information? – Include background on how you share customer information with third parties such as to process orders. If you sell customer information to marketers, explain what information is sold and how it could be used.

  • What control does the customer have over their personal information? – Customers need a way to contact your business and control their personal data, whether it’s changing a password on their account or taking their name off of a mailing list. Plan to include a direct phone number or e-mail address that customers can use to manage their information.

  • How do you protect the information? -  Explain how you protect customer data including, but not limited to, website encryption, limiting employee access to sensitive customer data, and server security.

There is no cookie-cutter privacy policy. Your business is unique and your privacy policy should reflect that.  Seek legal guidance before you finalize your policy. You are legally liable if you fail to abide by your privacy policy statement or if the statement does not comply with local and national laws.

As your business changes, so should your privacy policy. Plan to revise your policy as your web activities evolve and alert customers when you make revisions affecting their personal data.

For additional free advice on keeping customer data safe visit BBB’s Data Security -- Made Simpler.