Customers and employees don’t want to be surprised by how your organization uses and protects their personal information. A simple way to avoid surprise is to create a privacy notice that lays out, in easy to understand language, your organization’s approach to privacy.
Some SMBs make the mistake of taking another company’s privacy notice, putting their own organization’s name on it and then publishing it as their own. A similar practice would be to search the web for a template privacy notice and fill in the blanks. Neither of these approaches give much thought to what the company actually does to collect and protect personal information. In fact, they might be making statements that do not reflect how they do business making the privacy notice they just published to be considered deceptive practice.
To create a meaningful privacy notice begin by creating an inventory of all personal information you collect, how it is stored, how it is protected, when it is shared with a third party, and the names of those third parties. Do not limit this inventory to what is collected on-line as a privacy notice should cover all of personal information you collect in any form. With this inventory collected you can begin constructing your privacy notice. In fact, you may want to create one notice for your customers and a second for your employees.
Keep the privacy notice simple and easy to read. One way to accomplish this is to focus on a few topics:
- Why personal information is collected
- What personal information is collected and when it is collected
- How personal information is used and protected
- When and with whom personal information is shared
- What someone should do if they feel their personal information may have been compromised
I guarantee that your legal advisers will want to provide feedback on the content of your privacy notice. The lawyer’s contribution is extremely important, just remember to keep the privacy notice easily understandable and meaningful for your customers and staff.
From a marketing perspective the privacy notice provides an opportunity to differentiate yourself from your competitors. If you do not share information make sure you say that, it is a powerful statement. If a someone can opt-out of providing information but still take advantage of your services let them know.
Properly setting privacy expectations through a comprehensive yet easy to understand notice will enhance your relationships with your customers and employees. Have you seen great examples of a privacy notice?