Keep it simple.
Your policy should be clear, concise and written in plain language so it is easy to understand. It should provide enough details to help your customers understand how you manage their information.
Review other privacy policies.
Collect only what you need.
You can collect only information that is needed for your business purposes—for example, to manage a commercial relationship and provide ongoing service, to bill and collect for products or services, to market to individuals, and to meet legal and regulatory requirements.
Be open about when personal information may be disclosed.
You must indicate in your policy if you intend to disclose customer information to an affiliate or partner organization, or any other third party. You needn’t necessarily name each organization, but provide a general idea of the types of companies in question. And you must give your customers the opportunity to consent.
Tell customers when information will be stored outside of Canada.
The use of a third-party information processor, such as a company that provides payroll services, increases the likelihood that information under your control will be stored outside Canada. You must be open with your customers about this possibility.
Be open about how you safeguard information.
The risk of identity theft and other unauthorized uses of personal information is always present and ever changing. It’s critical to keep the personal information in your care safe and secure. Customers and employees will appreciate your candour about how you intend to protect their information from such abuses.
Let customers know how long you will keep information.
Consider employees separately.
Make yourself available for questions.
Let individuals know how to contact your organization for privacy information, either through email or through a toll-free number. Also, tell customers they can contact the Office of the Privacy Commissioner at 1 800 282-1376 if they are unsatisfied with your response to their privacy concern.
In tomorrow’s blog post we will discuss your responsibilities when it comes to privacy complaints.
To access small business tools developed by the Office of the Privacy Commissioner of Canada, click on: http://www.priv.gc.ca/resource/sbw/2011/index_e.cfm