Strategies for Creating and Implementing a Solid Privacy Policy

Knowing personal information about constituents in the online sphere allows organizations to provide visitors with more personalized and meaningful communications and services. But with this benefit comes the danger that the personal data you collect could be misused or its security breached.

Donors know the dangers inherent in providing an organization personal information and will be reluctant to do it unless the organization can ensure them of its safety and intended use.

In the whitepaper “The Growing Concern for Privacy Online” for the National Association of Colleges and Employers Technology Committee, authors Judy Applebaum, Shirley Marciniak and Paula Quenoy recommend that all “Web sites that gather identifiable information clearly spell out how personal information will be used and what steps Web site owners have taken to protect it.”

Each organization’s privacy policy will be different, as it’s based on each organization’s practices regarding collection, use and sharing of personal information. And within some organizations, there may be the need for various departments to have their own online privacy policies, the authors write.

They advise to keep the following criteria in mind when creating a privacy policy:

* Why and how you collect certain information;

* How constituents can view and edit personal information; and

* Who you disclose personal information to and by what method.

The overall purpose of the policy, they write, is to be informative and clear about how you intend to use personal information, develop trust with constituents and create a policy that will be read. Some other tips of note in the whitepaper include:

* Be sure to involve upper management and staff/employees responsible for key operational functions in the development of your privacy policy.

* Draft the policy keeping in mind long-term goals of the organization.

* Have legal counsel review it.

* Post it on your Web site’s main menu or navigation bar “so it is available to users prior to the collection of personally identifiable information.”

* Provide a link to the privacy policy from any page where constituents enter personal information.

Once you’ve created a privacy policy and it’s OK’d by legal counsel, the authors of the whitepaper advise that you develop an implementation strategy to let staff know when the policy is in place, educate them on the practices described in the policy and keep them informed as changes are made.

In terms of educating staff on the privacy policy, the authors recommend the following tips:

* Inform all staff when the policy is in place.

* Review it with them.

* Educate staff on the importance of complying with the privacy policy in their day-to-day tasks and what that means in a real sense.

* Educate employees that have access to personal information on how and when this information can be used.

* Set up a means to track and respond to inquiries and complaints regarding privacy issues.

The complete white paper can be viewed by visiting www.naceweb.org/committee/whitepapers/privacy_online.htm