Privacy statements – getting the basics right

By
Victoria Maclennan
April 4, 2018

If you collect data or information about anyone, for any purpose, with any intended use – you need a privacy notice or privacy statement.
Depending on what you collect, how your customers interact with you and what you do with their information you will likely need other policies and terms of use.
How extensive your notice or statement must be will depend on the jurisdictions you are working within and the laws governing you and/or your customer – here in New Zealand we are governed by the Privacy Act, as is Australia, in Europe the General Data Protection Regulation (GDPR), and a range of legislation both federal and state exists in the United States as a few examples.
The GDPR says that the information you provide to people about how you process their personal data must be:

  • concise, transparent, intelligible and easily accessible;
  • written in clear and plain language, particularly if addressed to a child; and
  • free of charge.

Which serves as a great set of guidelines.

Here in NZ the Office of the Privacy Commissioner won an Open Source Award for their nifty Privacy Statement generation tool “Priv-o-matic” – very cool you should check it out! Prov-o-matic generates a handy statement suitable for your website or app complete with guidance to help you complete the steps.
Their general advice states that a privacy statement ensures that people are aware:

  • that you’re collecting information about them (if it’s not obvious)
  • why you’re collecting the information;
  • what you’re going to use it for;
  • who you’re going to give it to (if anyone);
  • whether the person has to give you the information and what will happen if they don’t;
  • that they can access the information you hold about them, and they can correct it if it’s wrong.

Tips: Use plain English, be transparent and clear on What you are collecting, the Purpose you are collecting the information for and what your Intent is when using that data – What, Purpose, Intent – then do what you say you are going to do and you will be fine.
Next blog I will talk about the importance and role of GDPR.
Final thought: You may remember the “Worlds worst Privacy Policy” went a little viral some years ago (wow how time flies it was in 2012) from Skipity with statements about their love of profiteering “If we can use any of your details to legally make a profit, we probably will”, their love of bacon and chocolate chip cookies – here is the full text. Who knows how real this company was or whether it was a joke but does point out in plain English what could be done to exploit the data and information businesses are collecting.
Happy Privacy Statement writing. Vic.

Victoria spends much of her time focusing on Digital Inclusion, Digital Literacy and Digital Rights.  

You can read her OptimalBI blogs here, or connect with her on LinkedIn.

Copyright © 2019 OptimalBI LTD.