Privacy 16 April 2019

Best Practices: Privacy

Basic Notice/Disclosure

  • Make sure the privacy statement has a link and is easily discoverable from the home page.
  • Place the revision date of the statement at the top of the page.
  • Provide access to archived versions of the statement, allowing users to see what has changed.
  • Use a simple layered and/or short notice designed to help consumers understand the statement.
  • Use icons to help consumers navigate privacy statements in conjunction with layered/short notices.
  • Write statements for the site’s target audience and demographics. Consider providing multi-lingual versions supporting non-English-speaking site visitors.

Key Compliance Policies

  • Compliance with Children’s Online Privacy Protection Act (COPPA) or related regulations.
  • Disclose whether the site honors Do Not Track (DNT) browser settings and preferably honor users’ DNT browser settings.
  • Provide a summary of the data retention policy, including a specific timeframe and for what reason data is retained.

Protect Privacy and Define Protected Sharing

  • Do not share personal data with any third party except to deliver service to the user. Provide a clear statement including details regarding if, what and for what purposes data is shared.
  • Require vendor compliance by contract and notify consumers that service providers are prohibited from the use or sharing of their data for any purpose other than providing services on behalf of the site.
  • Provide disclosure of cross-device tracking.
  • Utilize tag management systems or privacy solutions to manage third-party trackers.
  • Disclose whether data will be shared to meet legal obligations and make best efforts to notify consumers if their data is requested by third parties due to legal requirements.

,

Related Resources

Privacy 24 September 2019

2019 Online Trust Audit Methodology 

The 2019 Online Trust Audit will represent the 11th independent analysis and benchmark report of the adoption of security standards and responsible...

Internet of Things (IoT) 19 September 2019

Policy Brief: IoT Privacy for Policymakers

Introduction The Internet of Things, or IoT, is the latest wave of integration of technology into our lives and...

Building Trust 16 September 2019

Are Organizations Ready for New Privacy Regulations?

Based on 1,200 privacy statements, many are not prepared for coming regulations.