How to Write an Effective Privacy Statement for Websites
Privacy statement for websites must accurately reflect the site’s data collection and use:
- Your privacy statement should be clear, direct and easy to understand
- If you decide to modify how you use personal information, you must inform your users
- Keep technical jargon and legal terminology to a minimum
7 easy steps on how to write a Privacy Statement for Websites to reflect data collection and use
1) Determine what types of information you collect from visitors to your website. Is the information personally identifiable? For example, does your site collect:
- identification numbers
- phone numbers
- e-mail addresses
- IP addresses
- access dates and times
2) Why is this information collected? Is the data collection appropriate to the activity or transaction? If not, why do you collect it?
3) By what means is this information collected?
- web forms
- registration for an event or course
- newsletter sign-up
- when placing an order
4) What will this information be used for and who will have access to it?
- How long will the collected information be stored?
- Do you have the user’s consent to collect and use the information?
- Does the user have the option to prohibit such collection and use?
- Is the site hosted by an outside vendor? What will they do with the information?
- Does the site use any kind of analytics? If so, have you informed the user and provided directions to disable analytic tracking?
5) How will users be informed if your privacy policies change (including changes to how the information will be used)?
- Via email?
- Will you post a privacy statement modification date?
6) How can visitors with questions about your site’s privacy statement contact someone?
- Have you provided a webmaster contact address or telephone number?
- Have you provided the Business Contact Information of your Data Protection Officer?
7) How is user information protected?
- Computer safeguards?
- Secured files and physical access controls?
- If the site is not intended to handle confidential information, have you informed users?
- Are there alternate ways for users to provide confidential information, such as via staff phone numbers?
- Is SSL activated?
Also Read: The impact of GDPR and PDPA in Singapore
Here’s a list of questions that can guide you when drafting your Privacy Statement for website:
- What kind of personal information do you collect?
- What kind of personal information is collected automatically, e.g. via the web server?
- What kind of third parties are collecting personal information from your users?
- How are you using that personal information?
- Do you send promotional emails/newsletters? If yes, can users opt-out? If so, how?