Put Customers at Ease with a Strong Privacy Policy

Having a policy makes sense whether your business is online or not

By Jeff Wuorio

Thanks to spammers, spyware purveyors and others who seek to pilfer personal information for identification theft purposes, privacy concerns are perhaps the biggest drawback to using the Internet today.

Customer concerns about privacy affect all businesses, not just those online. If you gather information at all from your customers — and what business can afford not to? — you need to have an effective privacy policy in place.

Such a policy means more than just declaring that everything you know about both your customers and employees will be safeguarded forever. Here are seven guidelines to help you to develop a sound privacy policy, or possibly improve the one you have.

1. Review existing privacy practises
The first step in devising an effective and comprehensive privacy policy is reviewing what privacy parameters may already be in place. Check out what sort of data you collect, how it's gathered, where and how it's stored, and other elements pertaining to personal information. Do you use cookies, for example, that will identify those who visit your Web site? Find out who in your company is gathering private information, and who has access to it.

2. Determine legal requirements
What you put into your privacy policy may not be exclusively up to you. As public concern over privacy has grown, so have the number of formal government regulations dictating elements certain privacy policies have to contain. For instance, businesses involved in health care or financial issues often need to address very specific compliance requirements in regard to patient or client privacy.

3. Give your customers specifics on how you will use their information
Make sure to include those issues that you're not obligated to mention — but are in your best interest to raise. Although privacy policies will differ significantly from one business to the next, here's a brief checklist of issues you should take into consideration:

•	Telling customers and clients as precisely as possible what sort of personal information you gather and why
•	Why and how you will use information from surveys, contests, special offers and other events and programs
•	How information collected is stored, both online and off
•	If, how and why the information is shared
•	Offering customers the choice of "opting out" of certain programs
•	Why and how you will use information specific to customers' activity on your company's Web site
•	How customers may access whatever personal data you may have about them

4. Get an attorney or privacy specialist, if necessary, to draft or review your policy
Once you have a sense of what you want to include — and what you legally must include — in a privacy policy, start putting your thoughts in writing. Be sure to check the Internet; there are a number of sites that offer useful guidelines on what sort of content you may wish to consider for your privacy policy. You can try drawing up a privacy policy yourself, but if you do, it's prudent to have an attorney or an expert on privacy matters review it. Another option is to hire a lawyer or privacy specialist to draft the policy for you.

5. Don't overlook employees in your privacy policy
For many, privacy policies are exclusive to clients and customers. But it may be just as critical to have written parameters on how you use personal information about your employees. Some companies choose to build employee privacy parameters into the same document that covers customers. However, if the issues are distinct enough it may be wise to have an employee-specific privacy policy. Get advice here from an attorney or privacy specialist.

6. Appoint an employee to oversee privacy on an ongoing basis
Privacy isn't an issue that is going to go away. And that, in turn, mandates ongoing attention on your part. If yours is a small company, that may mean adding privacy to an employee's existing responsibilities. In some countries, doing so is mandatory depending on the size of the business.

7. Adhere to your privacy policy at all times
One final element to an effective privacy policy supersedes the paper on which it's written. If and when you have a privacy policy in place, make certain that you and any and all employees follow it to the letter. You may find that involving employees in the creation of the policy is a smart way to get their cooperation because they'll feel some ownership.

But again, having an employee responsible for privacy issues can make this task easier too. And even if it's a matter of holding weekly meetings to remind staff about the importance of adhering to privacy policies, don't assume that simply having a privacy statement is enough.

PRODUCT LINKS

•	Microsoft Windows XP Pro
•	Microsoft Office Small Business Edition 2003
•	Microsoft Windows Small Business Server
•	Microsoft Customer Relationship Management

TOOLS

•	Security Checklist
•	Product Advisor
•	Solution Advisor

Top of page

Quick Tips

Once you have a privacy policy, make sure your customers can find it. Provide a prominent link to it on your Web site, particularly on pages where you request information from customers, such as a newsletter sign-up or e-commerce page. Also include it on any forms or other printed materials you use to gather information about your customers.