What are you doing with the data you collect when users visit your website? Are you using third-party cookies to mine session information for advertising purposes? Are you collecting data about browser versions, browsing history and search behavior?

If you want to stay relevant in an online-first world, the answer should be "yes" — but what are you telling your website visitors? Do you have a website privacy policy, and if so, what does it say? Here's why every business owner needs one and how to get it right the first time.

Website Privacy Policies Provide Much-Needed Clarity

C-suite executives, advertisers, sales staff and even IT pros want access to website data, which includes everything from links clicked to pages viewed and time spent on the site. And, as noted by CNet, the rise of Bluetooth-enabled devices has made it possible to push location-relevant content to consumers and collect information about where users are and what they're doing with their devices. Not surprisingly, this has generated some pushback, with sites being questioned about how they'll use Bluetooth data and where it will be stored. In at least one case, this resulted in changes to privacy policies that removed any mention of Bluetooth data collection.

This is the value of a solid website privacy policy: It specifies what you will collect and how it will be used and indicates what information won't be stored or used by your organization or third parties.

Privacy Basics

So what goes into making a good privacy policy? First, it should be detailed. Decide exactly what type of data you want to collect and what you're planning to do with this information. For example, you might collect data about user browsing habits and products viewed then leverage this information to create a more curated user experience. If that's the plan, lay out these details in the privacy policy and give users the chance to decide if they're comfortable with this arrangement.

Next? Be clear. Don't equivocate. Speak plainly about the data you'll be collecting, how you'll collect it and who will have access to it after users leave the website. Also, be prepared to change and update your privacy policy as necessary. ZDNet points to the example of Twitter: Five years ago, the company supported the Do Not Track (DNT) initiative, which would theoretically protect users by ensuring that DNT-compliant websites and services wouldn't collect or store their information. Unfortunately, many companies opted for a broad view of the idea and, while they stopped serving up targeted ads, they continued collecting and monetizing data. Twitter has since dropped DNT, since it didn't live up to expectations.

Remember that it's one thing to write a solid website privacy policy and another to follow through. It works like this: If you say it, do it. If the collection tools you're using don't support the separation of data streams, or you've made an agreement with advertisers to share consumer data, don't claim the opposite in your privacy policy. Users are both tech-savvy and privacy-minded, meaning you could face both legal and social backlash if policies don't match best practices. As always, it's best to consult with legal counsel when crafting a policy. Review your new policy and practices with a knowledgeable privacy attorney.


Stay up-to-date on all the latest trends and insights for small and midsized business owners: Subscribe to our monthly e-newsletter.

Tags: Network Security Policies data security Cloud Security