Privacy Policy Best Practices

Privacy Policy Best Practices

The rapid change in technology and the constant push to make all things digital in today’s world, has forced individuals to release their personal information to hundreds of companies, servers, and people around the globe. As personal information data is increasingly shared, pushing identity theft to an all-time high, the need for every consumer to protect their personal information is essential. As required by law, all companies that collect, store, or share consumers’ personal information, need to implement a privacy policy. The policy should specifically outline what information will be requested, how the information will be collected, why the information is needed, and include the company’s procedure to safeguard each consumer’s personal information.

Why is a Privacy Policy Important for Your Company?

There are two main reasons why every business, regardless of its size, that collects personal information from customers is required to implement a privacy policy. First, privacy policies are mandatory if your product or service collects, stores, or shares personal information data. Secondly, applying a privacy policy will protect your company from liability if a customer claims his or her data has been mishandled. If all data practices are listed clearly in the privacy policy, without ambiguity, and the customer agreed to the terms, there will be little to no room for a case against your company. With an easily accessible privacy policy, visible to all customers, your product or service will generate more credibility because customers will feel secure releasing their information and therefore be more likely to trust the product or service you sell.

Importance of Privacy Policy for Small Businesses

Small businesses have more to lose from poor data practices, data breaches, or customer allegations. With a privacy policy in place, a small business can avoid the prospect of an expensive and time-consuming legal battle, or worse yet, a liability. Implementing a well-written privacy policy will improve information protection practices, and prove the company’s commitment to security, privacy, and minimizing identity theft. Even if your company or website does not collect personal data, it is still recommended that a privacy policy be written to blatantly state that no information will be stored. Most importantly, when companies who do not collect data create a privacy policy, customer loyalty will be built.

Tips for your privacy policy

  • Make it visible
  • Be specific
  • Customize the policy for your business
  • Avoid jargon
  • Outline a list of personal information requested
  • Describe how the information will be collected
  • Disclose why the information is needed
  • Explain the procedures to protect a customer’s personal information
  • Declare what information, if any, will be shared or sold to third parties
  • Provide directions for customers to access and update information
  • Articulate how updates to the privacy policy will be announced
  • Offer an opt-out option
  • Create a place for customers to accept and agree to the terms

This article was also featured in our newsletter The Bottom Line Vol. 18

Kelly Napolitano

Kelly Napolitano

Senior Accountant

Kelly is a senior accountant of Cerini & Associates’ audit and consulting practice. She works with nonprofit, special education and school district clients.

Font Resize