As a business, you deal with a lot of personally identifiable information on a daily basis. It can come from anybody who interacts with your business. It could be your clients, your vendors, employees, etc. You need to have a privacy policy declaring how you, as a business entity, will be using that data. There are 5 key elements that a privacy policy must touch upon.
Information about the data you are collecting
Your privacy policy needs to spell out what kind of PII you are collecting. Make sure you cover all possible data –right from something as ambiguous as first names to the more important ones like credit card information.
Information about how the data you collect will be used
The next step is to state how you will be using the data you procure and for what purposes. For example, if you will be using the data to reach out to customers at a later date to market your products and services, you need to state that.
Information about data sharing
Who will you be sharing the data with? You need to identify who you will be sharing the PII with. For example, it is possible that your vendors or partners may have access to it. You need to declare this clearly in the privacy policy.
Information about data security and storage
Your privacy policy should identify how you will be storing the PII. You also need to discuss the security measures you will be taking to keep it safe.
A bit from the customer’s perspective
The first 4 elements discussed here pertain to the disclosure of information regarding data collection, sharing, storage, and security. These are all from the business’s perspective. The final item in the privacy policy covers the rights of your visitor. Your privacy policy must mention
- How visitors can see what PII of theirs has been procured
- Correct or update their PII
- What recourse visitors can take if there’s a breach of the privacy policy
Be sure to cover all these 5 areas when drafting your privacy policy. You can also run it by a credible MSP or ask them for a template or draft.
NOTE: This blog is for informational purposes only and is designed solely to encourage awareness of this complex topic. To learn more, contact legal and technical professionals for advice.
How can Xterra help my business?
Xterra has developed the people, process, and technology to deliver white glove IT services for a fraction of the cost of hiring a full-time staff. We are focused on helping San Francisco Bay Area clients accelerate their adoption of technology solutions to create measurable business value. If you are interested in learning more about how Xterra can help your business, schedule a free consultation.
Aaron is a Partner and Principal Network Architect at Xterra Solutions, Inc. With over 20 years experience, Aaron’s practice areas include security, networking, unified communications, and business continuity. Xterra is a leading managed services provider located in downtown San Francisco.