10 Tips for a Better Online Privacy Policy and Improved Privacy Practice Transparency

10 Tips for a Better Online Privacy Policy and Improved Privacy Practice Transparency

Every organization subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) is required to make information available to individuals about its personal information management policies and practices. A good privacy policy is one of the important ways in which an organization can meet this obligation, foster public trust and strengthen customer loyalty.

Provide information that is relevant to your users/customers

1. Make your privacy policy about your business

Avoid templates and boiler-plate language. Other organizations’ privacy policies may serve as useful references for style, formatting, and/or approach, but your policy should be unique to your organization.

2. Be specific and provide meaningful information

Make it clear what personal information is collected and for what purpose. If you disclose personal information to “third parties”, explain who those parties are, or what services they provide.

3. It’s about more than cookies

While it is advisable to explain how cookies and similar technologies may be used on your site, don’t stop there. People also want to know how the information they submit will be used and/or disclosed.

4. Tell customers about privacy choices

Explain choices you offer regarding the collection, use or disclosure of their information (e.g. opting out of the use of personal information for marketing purposes), and how they can exercise those choices.

5. Explain how customers can access their data

Provide a clear explanation of how people can obtain access to their personal information held by your organization, and how they can request correction or deletion of this information.

6. Update your online privacy information regularly

Ensure your privacy policy and other notices reflect your current privacy management practices and let people know when the information is updated.

Provide contact information

7. Make it easy to contact you

Provide people with multiple, privacy-specific contact options so that they can easily raise privacy questions or complaints, or request access to their personal information. Make this information available in one or more prominent locations on your site.

Make privacy information accessible

8. Make privacy information easy to find:

Place a link to your privacy policy in a prominent location on your homepage. But don’t stop there — provide further information when and where website users may be faced with a privacy decision or question.

9. Use plain language:

Avoid writing in a ‘legalistic’ manner. Explain your practices in language that will be understood by the average visitor to your site.�Keep the document as short as possible, while providing the information people need to know.

10. Structure your policy for ease of reference:

Pay attention to the ‘user-friendliness’ of your privacy policy. This may include organizing your privacy policy into relevant sections with clear headings, a hyper-linked table of contents, an executive summary or FAQs.

Learn More

Visit our guide for businesses and organizations.

priv.gc.ca
1-800-282-1376
@privacyprivee