In this article you will find information about:
– Why you should have one
– Guidelines for creating a policy
– Link to a free automated policy generator (free stuff, woohoo)
1. What cookies are
2. What info is collected
3. What is done with the information
4. How to reject / delete / accept cookies
5. Explain there are no harmful technical consequences/risks
1. A Better User Experience (UX)
Create a better electronic environment on the internet
Laws / legislation may pertain to your business
By letting people know what info is collected and what is done with that information, you can create a transparent environment in which people / consumers are more confident. You can eliminate stress and concerns about abuse of personal info.
2. Protect You and Your Reader
Various legislations and legal guidelines, for example in the US and in the UK, are being developed and may affect your website, depending on what information you collect, how you do it, and what you do with it. The European Union has developed similar guidelines that contain a bit too much legal rhetoric to be completely useful.
See resource list below for reference websites.
Your policy should be written in plain readable language. Consider the policy to be a part of your site. Design the policy and publish it like the rest of your site.
Design it as if you actually want people to read it. Make it short, friendly & intuitive. It should be easily accessible throughout your site.
www.mysite.com uses www.opentracker.net to collect visitor data and analyze traffic on our site. This information helps us understand customer interests and helps us improve our website. When you visit our site, the pages that you look at, and a short text file called a cookie, are downloaded to your computer. A cookie is used to store small amounts of information.
Tell your visitors why tracking cookies are good, why the information is beneficial, that it is used to improve websites and their content.
Give an example of a cookie
If you are collecting information, tell them what you do with that information.
Give people an opportunity not to have their info collected, for example by blocking cookies. Explain how people can block cookies. Also explain that cookies are not harmful and cannot introduce viruses or extract personal contact information.
Why all the fuss?
There is an important distinction to be made here between cookies and spyware. Spyware collects information about your surfing habits across the internet and sends this information out from your computer. Cookies collect information about your surfing habits only on the site of the provider of the cookie, in other words just on one site.
People want to know what information you are collecting and what you will do with that information
From our research it appears that most people are concerned that their personal information may be passed on.
In this case, there is an important distinction to make between Two Types of Information which are collected:
– Personally identifiable info/ personal contact info
– Clickstream / navigation info (how I’m using the site)
Specific to concerns about cookies, the information being collected does not contain personally identifiable information. Clickstreams are used to see if people return to the same sites, and identify patterns.
When databases are combined, for example a membership & login base, with a clickstream tracking system, it is possible to combine personal information, such as an email address, with clickstreams. This is where the main cause for concern seems to lie.
The companies that do this; with the resources to combine clickstreams, past purchases, and personal information, are household names, such as amazon.com, ebay, bbc, yahoo, etc.
Step 1 – Write in language that is easy to read and understand.
Step 2 – Explain what information will be collected and whether it will be identifying or anonymous. If it’s both, say so.
Step 3 – Without getting into lengthy detail, explain how it’s collected (such as search terms, sign-up, log files, clicked links, cookies).
Step 4 – If you’ll share information with affiliated, partner or other sites, be clear about this. Most people are concerned with who else is getting their information.
Step 5 – Simply state that if compelled by law to disclose, then you’ll comply with such orders.
Step 6 – Give readers the option of verifying, correcting, changing or removing personal registration information. I suggest having a separate email for this purpose so you know exactly the nature of this communication.
Step 8 – State that the policy will be updated periodically and how you will communicate such changes.
Creating, updating, monitoring or managing privacy policies and practices may not be your responsibility. But that doesn’t mean you should ignore possible missteps. More importantly, those who are responsible may not know the rules, regulations or best practices.
For those who are responsible, whether it’s part of your job because you’re an entrepreneur and everything is your responsibility, or you’re hoping to add this area to your book of knowledge, there are best practices to keep in mind.
#1 – Don’t ignore the FTC or state laws that provide minimum standards.
#2 – Write the policy in plain English. If you have a lawyer draft your policy, ask that it be written so your consumer or visitor will clearly understand.
#3 – Don’t cut and paste something you found for free on the Internet. Because the risk of penalties is very real, this is not the time to be cheap. Your policy should be your own and reflect the unique circumstances of your site.
#4 – Update your policy regularly to reflect changes in the online environment, what your company actually does with information and clarify areas that may be vague. And once it’s updated, communicate the update!
#5. Follow the policy! If there is only one thing learned from the FTC sanctions of Facebook, it is that you should follow your policy and not engage in deceptive practices.
#6. Allow consumers, readers, forum visitors or others to opt out of having their personal information retained. And then follow through with their wish.
#7. Make your policy easy to find and accessible. One of the biggest complaints I hear is that the policies are buried or inaccessible due to broken links.
#8. Ensure that the stored information is, indeed, secure. Security breaches are not only very costly in terms of having to invest in infrastructure, the potential disclosure or sale of private information can be devastating.
#9. Utilize a well-respected privacy certification program to add credibility.
#10. Do not ask for intrusive or excessively personal information unless it’s absolutely necessary. Consumers are getting savvier and are less willing to provide sensitive information if they don’t feel the situation merits such an intrusion. If you need this information, be clear as to why and include how you will protect the data.
Legislation in the UK:
Legislation in Canada:
Legislation in Australia:
Privacy policies are often not given the attention they deserve. Many companies churn them out, not realizing their true importance. While not everyone will read the policy, it’s these types of policies that say a lot about what the company stands for and what it wants to achieve. Information is key to future growth. It provides insight that can’t be replicated in other ways.
Most companies don’t have the resources or reputation that the largest social networking site has, and being singled out for deceptive practices could easily crush them.
Success tomorrow depends on not just doing the right thing today, but doing it every day. Most of us want our information kept secure. And our most valuable asset—our customers, users and community members—do too.