Back to Blog
website privacy

Press And Media Why should my website have a privacy policy?

October 29, 2010

It’s easy to forget about things as you focus on the look and feel of the website and a good privacy policy could quite easily be one of them. But a privacy policy is essential for your website, as data protection and other laws give people a right to know how you’re going to use their personal information.

A privacy policy protects you and indicates to your visitors what they’re agreeing to by using your website. If you’re running an eCommerce site or any site that registers visitors and collects their information then your website must have a privacy policy. At its most basic a newsletter subscription form involves collecting personal details from individuals.

Reassures site visitors
A privacy policy is all about providing reassurance to your customers. Basically the message it communicates is this: We collect this type of information, we have security measures in place to keep your information safe, and this is how we use the information we hold about you.So it’s really all about being up front and fair.

Some key elements which the policy should cover are:
•    Who is operating the site.
•    Who is collecting the information on the site.
•    How the information is used.
•    Whether cookies are used.
•    How personal information is protected and kept secure.
•    Whether you are processing information that is classed as sensitive, such as medical records.

You will need to find out whether your website gathers transaction data to identify visitors, and explain how you use that information within your company or if you are sharing it with anyone else outside of the company. For example, will you use the identification data to come up with new offers or to sell names to merchandisers?

Are your online operations secure?
Explain how users can work out when they are in a secure area – namely, when the url changes to https:// and the little lock symbol appears. Focus on the benefits that a secure area gives to users. People should be reluctant to give their credit card information in an eStore that is not secure.

Unsubscribe policy
When people read your privacy policy they will want to know how they can start or stop receiving email from you. You will need a system in place so that you can explain how they may unsubscribe from your communications. Reassure them that they will be able to do so at every point if they receive your communications.

This is the single most important step to take care of when setting up your database system – to have an effective way of keeping track of unsubscribes and updating your list.

Using an ‘opt in’ or ‘opt out’ box at the point of collection is a useful way to build trust and lower barriers and is sometimes necessary, for example if you intend to sell their information. Email validation is a good idea when people sign up on your site, as a way of checking it really was that individual who requested to be added to your newsletter list. But as long as you have a solid unsubscribe system in place, it is the best way to prevent your emails being experienced as spam.

Viewing and editing personal information
Clarify your users can edit their data. For example, say “You will be able to update all the personal information you give us online by logging into such and such an area”.

Registering with the Information Commissioner’s Office
A crucial step which is often overlooked is to register with the Information Commissioner Office (ICO). Anyone processing personal data of individuals (name, number, address) has to register. Most online businesses will be processing such data just by having a website so the scope of this requirement is much broader than what may be thought. That said, the registration procedure is relatively straightforward. You can follow the explanation provided by the ICO here. In essence you download the notification form, complete and return it. Depending which category of business you would fall under, you pay the appropriate fee to register.

Getting a Privacy Policy for Your Business
While there will be many provisions in a privacy policy that are common to all businesses that have a website, (for example, 90% of websites will probably be using Google Analytics) it is important to understand that you need to read any standard privacy policy document you intend to use for your business, and make sure it is true for you. For example, it may not be true to say that you are using all appropriate security and technical measures (such as passwords, firewalls etc), if you are in fact not doing so.

FREE Privacy Policy Template
A privacy policy is so essential to the running of an online business that we have decided to make available a free template for you to use. Please visit our website privacy policy page to request your FREE template.