Some tips for being more transparent with respect to your privacy practices:
Provide information that is relevant to your users/customers
Avoid templates and boiler-plate language. Outline what personal information your organization collects and why (including secondary purposes such as marketing), how you will use such information and under what circumstances you will disclose it. Other organizations’ privacy policies may serve as useful references for style, formatting, and/or approach, but your policy should be unique to your organization.
2. Be specific and provide meaningful information:
Avoid talking in generalities and “catch-all” terms – this is your opportunity to clear up any potential confusion before issues arise. Don’t simply re-state your PIPEDA obligations. For example, make clear what personal information is collected (e.g. identification documents/numbers, date of birth, video surveillance images or cookies) for what purpose (e.g. identity verification, security or marketing). If you disclose personal information to “third parties”, explain who those parties are, or what services they provide.
3. It’s about more than cookies:
4. Privacy choices:
Tell customers about any choices you offer regarding the collection, use or disclosure of their information (e.g. opting out of the use of personal information for marketing purposes), and clearly explain how they can exercise those choices.
Provide a clear explanation of how people can obtain access to their personal information held by your organization, and how they can request correction or deletion of this information.
6. Update your online privacy information regularly:
Provide contact information
7. Make it easy to contact you:
Provide people with multiple, privacy-specific contact options (ideally including email, phone number and mailing address) so that they can easily raise privacy questions or complaints, or request access to their personal information. Make this information available in one or more prominent locations on your site.
Make privacy information accessible
8. Make privacy information easy to find:
9. Use plain language:
Avoid writing in a ‘legalistic’ manner. Explain your practices in language that will be understood by the average visitor to your site. Consider providing plain-language summaries or explanations for complex subjects, while linking to or otherwise including the full description. Keep the document as short as possible, while providing the information people need to know.
10. Structure your policy for ease of reference:
How to Learn More
Our website includes guidelines, fact sheets and other tools to help organizations to meet their obligations under PIPEDA. A good starting point is our Guide for Businesses and Organizations. You may also be interested in:
- Privacy and Online Behavioural Advertising - Guidelines
- Accessing Personal Information under PIPEDA: What businesses need to know - Fact Sheet
The Office of the Privacy Commissioner of Canada is here to help. If you have any questions, please call us at 1-800-282-1376 or visit priv.gc.ca.
- Date modified: