Types of Data You Collect
If your business collects personal data, you may be required by state law or federal guidance to itemize the types of personal data you collect. Let your customers know all types of data collected, including the following:
- E-mail address
- Mailing Address
- Phone Number
- Credit Card Information
Many businesses collect information from their customers for varying situations. Privacy laws require businesses to collect only personal data that is needed and indicate why they need it. For example, a mailing order would likely require the customer name, address and potentially phone number. Don’t forget about phone data, either. Customer service and sales are often required to gather private information from clients via telephone, so detail why data could be collected from those calls.
Beyond the Policy: If your company collects data through other devices, be as transparent as possible about it. Disney, for instance, collects user data through its MagicBand wristband, and it has an entire section of its site built to answer user questions about what data that system collects and why.
How the Data Is Used (Including Cookies)
Beyond the Policy: The EU’s recent privacy regulation update led to a lot of companies being more up front about their cookie policies in the form of homepage popups, but not every company does it well. Follow Channel 4’s example (which you can see at the top of its homepage), and create cookie notifications that are transparent and understandable.
Storage and Security Policies
On top of how data is used, don’t forget to let users know if your company stores their data and, if so, what security measures you’ve taken to keep that information safe. This point is especially crucial for any type of payment information. The Payment Card Industry Data Security Standard was designed so merchants who accept and process credit card payment information do so in a secure environment. If you accept payments via website for services or products, ensure you are PCI compliant and list the compliance on your site. Best practices range from encryption to employee procedures, so mention your compliance in the footer of your site and advise your customers during their checkout.
Beyond the Policy: If your company regularly deals with or processes sensitive information, consider adding a dedicated page to explain your security protocols. Mailchimp’s Security page is a good model to start from.
Opt-Out Procedures & Company Contact Info
Beyond the Policy: If you haven’t already, consider setting up a reliable and accessible customer support line and make the line hours and contact information easily accessible online. Go Verizon has a good example of a dedicated customer service page with clearly posted hours and phone number.
Indicate the Effective Date
About the Author: Elaine is a digital journalist whose work has been featured in various online publications, including VentureBeat, Women's Health, and Home Business Magazine. She writes about sustainability and tech, with emphasis on business and personal wellness. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.