P3P Components, Deployment, Policy Creation - Part 1 of Chapter 5 from Web Privacy with P3P (3/6)
Web Privacy with P3P, Chapter 5: Overview and Options
Developing a Privacy Statement
The following is an excerpt from Roger Clarke's Privacy Statements web page (http://www.xamax.com.au/DV/PStatemts.html), used with permission.
It is advisable that your organization first develops a Privacy Statement within the context of a broad strategy relating to privacy and other consumer matters. The following steps then need to be taken:
- Determine the scope you want your Privacy Statement to have. In particular, the statement might be a complete customer charter covering terms and conditions, and addressing transactions undertaken over the counter, and by telephone and mail; or it might be restricted to privacy, and to the specific context of Internet communications.
- Consult relevant laws, Codes of Conduct, and corporate policies that affect your organization's dealings with its customers.
- Consider current Government policies, emergent privacy principles, and draft legislation.
- Determine your organization's intentions in relation to data collection, data storage, data usage, and data disclosure.
- Define the approach your organization takes, or intends to take, in relation to privacy-related questions and complaints from the public, from public interest representatives and advocates, from industry associations, and from regulatory bodies.
- Express your organization's intentions in a draft Privacy Statement.
- Undertake consultation with representatives of the organization's clientele, privacy advocates and regulatory bodies.
- Promulgate your organization's Privacy Statement, on your web-site, and through other channels.
A well-designed Privacy Statement is of course a significant opportunity to gain coverage through appropriate media, in order to project the organization's desired image to its clientele, and to project an image of corporate responsibility to regulatory bodies.
Created: December 23, 2002
Revised: December 23, 2002