Writing a Privacy Policy

All BBB Accredited Businesses are required to have a privacy policy posted on their websites

Online privacy policies have taken center stage as social networking sites and search engines have come under fire for sharing user information. Even if you think your business is too small to merit a privacy policy, the Better Business Bureau advises that all businesses who have a website or web presence should have a privacy policy.

When drafting your website’s privacy policy, BBB recommends using simple language to answer the following questions:

  • What information do you collect? – Outline the types of personal data you collect from customers. This includes home address, e-mail, phone numbers and credit card numbers.
  • How do you collect the information? – Websites collect information from customers in many different ways. Even if you don’t actually sell goods through your site you might have an email sign up for a newsletter, application, or install cookies on the visitor’s computer to track activity.  Disclose how data is being collected.
  • How do you use the information? – Include background on how you share customer information with third parties such as to process orders. If you sell customer information to marketers, explain what information is sold and how it could be used.
  • What control does the customer have over their personal information? – Customers need a way to contact your business and control their personal data, whether it’s changing a password or their account or taking their name off of a mailing list. Plan to include a direct phone number or email address that customers can use to manage their information with you.
  • How do you protect the information? – Explain how you protect customer data including, but not limited to, website encryption, limiting employee access to sensitive customer data and server accuracy.

There is no one-size fits all privacy policy. Your business is unique and your privacy policy should be too. Seek legal guidance before you finalize your policy. You are legally liable if you fail to abide by your privacy policy statement of if the statement does not comply with local and national laws.  As your business changes, so should your privacy policy. Plan to review and revise you policy as your web activities evolve, and alert your customers when you make revisions affecting their personal data.