1. Set Clear Ownership
2. Review Additional Ecommerce Privacy Policies
The trick is to use what others do to build your baseline of knowledge. Do not just copy other privacy statements. Taking that shortcut puts you in danger. What you’re actually doing on your website is probably not entirely the same as others. You need your statements to conform to what you are are using and collecting.
3. Audit Your Privacy Practices
Now that you have a baseline, you can dig into your own systems and processes. Identify what sorts of information you collect from visitors when they navigate your website and from clients when they purchase. For example, it is common for online shops to capture:
- Personally identifiable information like name, email, shipping address;
- Payments and financial information;
- User names and passwords;
- Website analytics and behavioral monitoring, using cookies.
Then you need to map where that info is stored and for how long it’s kept. Sometimes the personal information simply passes through your website but isn’t saved in your own systems, like credit card numbers which are secured by your payment gateway. You still must know that.
And lastly, how is the information used or shared with third parties. By way of instance, email addresses are used in several distinct ways. What email system is used to send triggered messages after a purchase is made? How is that different from sending out your email newsletter or promotions?
It’s also wise to keep your audience in mind. Something as complex and specialized as privacy practices can quickly turn your announcement into pages of legal jargon. Instead, organize your data clearly into short, well-formatted segments that link to additional details. Write in straightforward language which makes your policy simple to understand. Making your statement effortless to read helps build trust.
Furthermore, include email and phone contact information for privacy requests. Preferably that’s a dedicated contact (such as your solitude individual from step 1, above), not the overall support line. Readers of the policy might never use it, but their hope in you goes up significantly when they see a contact that’s responsible for privacy.
5. Post and Communicate
6. Maintain and Update