P3P Components, Deployment, Policy Creation - Part 1 of Chapter 5 from Web Privacy with P3P (6/6)
Web Privacy with P3P, Chapter 5: Overview and Options
- The Direct Marketing Association's guide to creating privacy policies (http://www.the-dma.org/library/privacy/creating.shtml)
- The Online Privacy Alliance Guidelines for Online Privacy Policies (http://www.privacyalliance.org/resources/ppguidelines.shtml)
- The Better Business Bureau's sample privacy notice (http://www.bbbonline.com/privacy/sample_privacy.asp)
- The TRUSTe Privacy Resource Guide (http://www.truste.org/bus/pub_resourceguide.html)
- The Privacy Leadership Initiative's Privacy Manager's Resource Center (http://understandingprivacy.org/content/pmrc/)
- The Privacy Diagnostic Tool (PDT) Workbook from the Information and Privacy Commission/Ontario (http://www.ipc.on.ca/english/resources/resources.htm)
Once you have figured out what your policy should be, take some time to draft it in a way that will make it readily understandable to the general public. If it is a lengthy policy, include a short summary at the beginning, and use language that avoids jargon and legalese. You may want to write it as a series of questions and answers or include headings to highlight each of the major points. For example, the Better Business Bureau suggests using the following headings:
- Our Commitment to Privacy
- The Information We Collect
- How We Use Information
- Our Commitment to Data Security
- Our Commitment to Children's Privacy
- How to Access or Correct Your Information
- How to Contact Us
If your web site includes content in multiple languages, make sure you post your policy in each of these languages.
From "The ABC's of Privacy," by the Direct Marketing Association. Reprinted with permission.
What information do you collect about me and my family and is it secure?
It is important that you disclose to your online customers what information you collect from them while they visit your site and how you assure the security of that information. Consumers want to know if you collect their domain names and e-mail addresses, or keep records about pages they visited on your site. If you combine the information given to you by the consumer with information from other sources, tell the consumer. If you have a site that is frequented by children, urge them to get a parent's permission before collecting any identifiable data online. If they are 12 and under, get a parent's consent first before collecting or using data.
How do you use the information collected, and how does it benefit me?
Consumers need to know how your organization uses the information that is collected about them on your Web site. They may or may not be comfortable with some of your information collection practices. They need to know if information about them is used to improve or customize your Web site content or customer service, or for marketing purposes, or if it is distributed to third parties for marketing purposes.
What choices do I have about your use of information about me?
Customers want to have choices over how information about them is used. Part of this empowerment involves providing consumers with a way to remove themselves from the marketing process. An example of this might be an e-mail address for consumers to request that information collected from them is not used to develop marketing lists.
Created: December 23, 2002
Revised: December 23, 2002