- The policy needs to define it’s scope upfront. Which Web sites does the policy apply to? Or more importantly which ones does it not apply to?
- The policy needs to be comprehensible to the everyday person. Far too many privacy policies have been written by corporate lawyers using terms that most regular people will not understand. Think of your mother or your brother or your child, could they read and understand it? If you need an example of what not to do, look at your bank. Most banks sites are atrocious. Using high-level principles to explain your policy often makes it easier to understand. Take a look at a rare financial example with ING Direct. Often times this requires that your privacy practices be very conservative about sharing data.
- When explaining the customer’s options, provide a link or information on how to exercise those options in the same place. If you give the consumer a choice about how their information is used, point them in the direction of how to tell you about their choice. If customers who want to opt-out can’t figure out how, you’ve now aggravated a potential customer who might then walk away.
Following these ideas can be easier said than done. How can you tell if you’ve met some of the above goals? Have someone else review the policy pretending to be a potential customer, such as a parent wanting to grant permission for their child to use your site, or to deny it; a customer who wants to know what information you collect or prevent you from sharing it with your affiliates.