How extensive your notice or statement must be will depend on the jurisdictions you are working within and the laws governing you and/or your customer – here in New Zealand we are governed by the Privacy Act, as is Australia, in Europe the General Data Protection Regulation (GDPR), and a range of legislation both federal and state exists in the United States as a few examples.
The GDPR says that the information you provide to people about how you process their personal data must be:
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, particularly if addressed to a child; and
- free of charge.
Which serves as a great set of guidelines.
Here in NZ the Office of the Privacy Commissioner won an Open Source Award for their nifty Privacy Statement generation tool “Priv-o-matic” – very cool you should check it out! Prov-o-matic generates a handy statement suitable for your website or app complete with guidance to help you complete the steps.
Their general advice states that a privacy statement ensures that people are aware:
that you’re collecting information about them (if it’s not obvious)
why you’re collecting the information;
what you’re going to use it for;
who you’re going to give it to (if anyone);
whether the person has to give you the information and what will happen if they don’t;
that they can access the information you hold about them, and they can correct it if it’s wrong.
Tips: Use plain English, be transparent and clear on What you are collecting, the Purpose you are collecting the information for and what your Intent is when using that data – What, Purpose, Intent – then do what you say you are going to do and you will be fine.
Next blog I will talk about the importance and role of GDPR.
Happy Privacy Statement writing. Vic.