Table of Contents
Personally identifiable information (PII) is anything that can be used to identify someone. This could include:
- their name,
- their birthday,
- their marital status,
- their address,
- any other contact information,
- medical information, and
- credit card information.
Depending on what information is collected, companies may need to include special clauses that pertain to that information specifically. Privacy policies are used to protect both customers and the company that is using them.
A privacy statement may be a physical document or it may be housed on a website. In today's world, however, you are more likely to see it on a website than anywhere else because the Internet is so prevalent and many people use it as their way of communicating with the companies that they do business with.
- Use plain English – Even though it is a legal document and you should include some legal language, you should also make sure that you keep it as easy to read as possible. Keep in mind that the people who will be reading this will be your customers and website visitors so you want to make sure that they can understand everything that you have listed in your privacy statement. Most people may not understand legal jargon, and while you may need to include this terminology, you should do your best to make it as easy to read as possible.
- Determine the kind of information you will be collecting – You should have a good idea of what information you will be collecting and why. You cannot collect information for the sake of collecting it. You must have a legitimate reason for collecting this data; if you do not, then you should cease collecting it as a result. For every piece of information, you must have a good reason and be able to identify your plans for the information, including whether or not you will be sharing it with another party or a third-party vendor.
- Do not ask for information you do not need – While it may be easy to simply ask for a lot of information from people, you should only ask for the information that you need. Additionally, you should not ask for information that is intrusive unless it is necessary. If you do need something more personal, you should explain why it is necessary.
- Make sure the data you store is secure – If you plan on storing information, you must make sure that all of the data is secure at all times. Security breaches are becoming more and more common every year and you do not want to be the next victim simply because you did not do your due diligence to ensure that the information was secure. You should consider investing in a strong infrastructure as well as always looking for new ways to make it even stronger. If the data is breached, it could lead to a lot of other potential issues that you will have to deal with.
- Allow users and visitors to opt out – You cannot force everyone to provide you with their personal information. You need to make sure that you provide your users and visitors with a way that they can opt out of sharing their information with you if they wish to do so.