If you ask for, track, or retain any information about a user, you need to tell them. This includes tracking Google Analytics, allowing blog comments, having a Contact Us form, taking online donations, using an email subscribe form, etc.
*In some cases privacy policies are required by law. Please check with your friendly neighborhood Juris Doctor for more information.
Sort of, and not quite. Your website is unique, and so is the information you collect – figure out what information you collect from your users, then determine what promises your organization wants to make about how you use that information.
You are making commitments to your users – it matters that you say what you mean, and mean what you say. All the reassuring in the world means nothing if it’s not true. For example, saying “We will not share information with any third parties” but collecting donations, means you are sharing information with the third part processing system, as well as any database vendors that information feeds into.
- Be honest. Know what you collect, and figure out what you are doing with that information. This may mean checking with different people in your organization – do you track Google Analytics? Where do email signups go? What third party vendors store information? Who processes credit card donations? What partners or other stakeholders have access to information?
- A good resource for a baseline template is available here.
Photo by Vintagedept.