The days of asking "Why do I need an entire policy about privacy?" are long gone. Users regularly evaluate the trade-off between how their information is being used and the cost to personal privacy. Every company needs to be upfront about how user data is being used, shared, and stored.
A quick survey of well-known companies and their respective privacy policies display a fondness for clear, precise language:
The Online Privacy Alliance has a robust set of guidelines to assist companies in creating their policy. While these are not all-inclusive, the guidelines include:
- What's being collected, how that information is used, third-party access to the information, the organization's commitment to securing the data, and what steps are taken to protect users' data.
- What choices the individual has with respect to how their information is handled, where and how a user may opt-out of sharing their information, where and how user data (including cyberlog data) is being collected and used.
- How the information is collected, stored, and disseminated; what path a user may take to have a company correct incorrect information; and how the entity verifies that what it says is happening with the data is, in fact, happening.