Privacy is often treated as a legal obligation for a business . Privacy is more than a legal obligation, it is at the heart of the relationship between the business and its customers. Confidentiality and the customer expectations of confidentiality must be aligned in order to build trust in customer relationships. Privacy policy is often regarded as a requirement to comply with government regulation rather than an aid to better customer relations.
Privacy requires thought about a business and its interaction with external entities. Let me pose a simple questions. Should the privacy policy of a website and the organisation that owns the website be the same policy? How does all of this relate to terms and conditions of use of a web site? Sorry that was another question that came to mind. What about web site cookies?
How should privacy policy be presented to external entities, individuals, Companies and Agencies? A summary statement would seem to be a good idea (please don’t include the words ‘we take your privacy seriously’, devalued from over-use), a good summary should incorporate your business approach to privacy, particularly important if you have many individual customers who have rights under the privacy act. Various parts of the policy can then address individuals, other businesses and agencies and areas that cross all of these such as data retention.
Another area that is often ignored is paper records, most businesses of any size acquire paper documents. If you are lucky you have retention and disposal policies for paper records, if not they should reflect your electronic standards. But that’s a whole other area; however it does need to be considered in your privacy statement.
Of course this is just my opinion, but next time you look at your privacy policy, just think, what is this doing for our business? have we looked at this recently?