How to Create a Privacy Policy | Part 5

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!
This entry is part of a wonderful series, [slider title="How to create a Privacy policy"]Entries in this series:
  1. How to Create a Privacy Policy
  2. Creating a Privacy Policy
  3. Create Privacy Policy How-To: Part III
  4. How to Create a Privacy Policy Part 4
  5. How to Create a Privacy Policy | Part 5
[/slider]

 

Hello and thank you for reading this final installment in the How to Create a Privacy Policy series of mine.

Here is what we accomplished so far:

 

Sample Privacy Policy

Purpose:  To define privacy expectations of visitors to the ArielSilverstone.com website.

What We Collect and How

We respect the privacy of our visitors.   We generally do not collect personally-identifying information on this website.   We do, however:
a) Employ certain automated tools that collect statistical information visitors to our site.
b) Provide you with the option to leave comments, or contact us, by entering your email address and, optionally, other contact information as you may choose to share with us.
c) From time to time, we may offer you to opportunity to participate in surveys or polls, and we may be provided with such information as you choose to provide us.

Cookies

In general, we do not use persistent cookies, unless you request that our site remember you.   Other cookies that we use are session based and expire or set to be deleted when you close your browser window or restart your computer.  Our cookies are not made to be read by other sites, and maybe refused by setting your browser options to do so.  Refusing some cookies may alter your site experience, and especially movement between pages that require authentication.  We do not use the values stored in cookies for any other purpose beyond those declared above, in the What we collect section.

How Do We Use Information We Collect

We use the privacy-related information we collect solely to deliver the services referenced on the website.  We do not currently, nor do we have plans to, sell or license any of the collected information to any other party, in any form.  From time to time we may evaluate items such as reach, content, theme and language and use statistical information to improve on our content.   We may also use collected privacy-related information to communicate with you, in sole relation to the services provided on and referenced by this website.

The sole exceptions to our policy are if we are ordered by a court of competent jurisdiction, or related law enforcement agency, to reveal such information; or to prevent what, in our sole good-faith discretion, might constitute a credible threat to your life or health or to the life or health of others.

 

Today, we will end the series by discussing updates to our privacy policies.  I postulate the following rule:

 

Ariel’s Privacy Rule #6: Decide IF you want to give a “heads-up” before changing your policy and, if so, how you going to achieve that and stick to it.

 

Currently, very few rules demand prior-notification to your visitors about changes to your privacy policy.  It is also true that policies ought to be revisited, reviewed, and adjusted from time to time.   That said, it would be “wrong” if, for example, we promised our readers to email them before change and then we did not follow through.  I have seen quite a few site that had a “we shall let you know if you only register” policy, only to replace it, post-change, with “come visit us and we will show you” that the privacy policy was changed.   Besides being wrong, it might also put you in hot water legally.

I therefore suggest the (Again, simplest) manner of announcing privacy policy change:

Changes to our privacy policy

From time to time we may change our privacy policy.   The best way to find out about such changes is to visit our site and look at this policy again.  We date our policies, so you can easily ascertain when it was last changed.

 

And that’s it.  We do not ask people to register, deal with email or “snail mail”, and offer an easy way to our visitors to b informed.  So here is the entire policy:

 

 

Sample Privacy Policy

(current as of September 22, 2009)

Purpose:  To define privacy expectations of visitors to the ArielSilverstone.com website.

What We Collect and How

We respect the privacy of our visitors.   We generally do not collect personally-identifying information on this website.   We do, however:
a) Employ certain automated tools that collect statistical information visitors to our site.
b) Provide you with the option to leave comments, or contact us, by entering your email address and, optionally, other contact information as you may choose to share with us.
c) From time to time, we may offer you to opportunity to participate in surveys or polls, and we may be provided with such information as you choose to provide us.

Cookies

In general, we do not use persistent cookies, unless you request that our site remember you.   Other cookies that we use are session based and expire or set to be deleted when you close your browser window or restart your computer.  Our cookies are not made to be read by other sites, and maybe refused by setting your browser options to do so.  Refusing some cookies may alter your site experience, and especially movement between pages that require authentication.  We do not use the values stored in cookies for any other purpose beyond those declared above, in the What we collect section.

How Do We Use Information We Collect

We use the privacy-related information we collect solely to deliver the services referenced on the website.  We do not currently, nor do we have plans to, sell or license any of the collected information to any other party, in any form.  From time to time we may evaluate items such as reach, content, theme and language and use statistical information to improve on our content.   We may also use collected privacy-related information to communicate with you, in sole relation to the services provided on and referenced by this website.

The sole exceptions to our policy are if we are ordered by a court of competent jurisdiction, or related law enforcement agency, to reveal such information; or to prevent what, in our sole good-faith discretion, might constitute a credible threat to your life or health or to the life or health of others.

Changes to our privacy policy

From time to time we may change our privacy policy.   The best way to find out about such changes is to visit our site and look at this policy again.  We date our policies, so you can easily ascertain when it was last changed.

 

The final step is, of course, to post it!

 

Thanks for reading!

 

 

Create Privacy Policy How-To: Part III

This entry is part of a wonderful series, [slider title="How to create a Privacy policy"]Entries in this series:
  1. How to Create a Privacy Policy
  2. Creating a Privacy Policy
  3. Create Privacy Policy How-To: Part III
  4. How to Create a Privacy Policy Part 4
  5. How to Create a Privacy Policy | Part 5
[/slider]

Create A Privacy Policy – Our Story So Far

Let’s take a look at what we accomplished so far, in the previous article:

 

Sample Privacy Policy

Purpose:  To define privacy expectations of visitors to the ArielSilverstone.com website.

What We Collect

We respect the privacy of our visitors.   We generally do not collect personally-identifying information on this website.   We do, however:
a) Employ certain automated tools that collect statistical information visitors to our site.
b) Provide you with the option to leave comments, or contact us, by entering your email address and, optionally, other contact information as you may choose to share with us.

 

Today, we will continue by focusing on the How and discuss cookies.

How do we collect personally identifying information?

When creating a privacy policy, we must consider all elements of our web site.  These include both automated means and human activated techniques.  For example, without even intending to, you probably are collecting IP addresses, browser versions, and the location (web site) the visitor came from, and other miscellanea.  In addition, certain tools, for example Overture, collect other information, some of which is not even shown to you without a direct request.

In the non-automated department, each web site has its own reason d’etre.  Do you have a contact form?  Survey?  Do take credit cards?  Do you ask for email address?

So now, let’s compile a list of all we ask for and all that we automatically get.  Let’s review that list for PII and add the items to our policy.

 

The Cookie Jar

Many web sites, and many programs running on web sites, collect certain information and deposit such information in Cookies.   Cookies are small files that reside on the computer visiting such sites.    There are generally two types of cookies:  Session based and permanent.

As the name suggest, a session cookie exists for the duration of the visit to that specific site or program.   The permanent variety is typically stays on the visiting computer until deleted by the user or by another program.   Cookies can be either human-readable or machine-readable, and could be encrypted.   The “dirty” secret of cookies is that sometimes cookies can be shared between multiple sites.   That means that if you put information into one site, that information can be carried by a cookie and give to another site, even to a site that you have not given permission to – to have this information!

Be careful when using cookies.  There are many tools out there to tell a visitor if you are embedding cookies in their machines, and the savvy visitors will be suspicious of permanent cookies and cookies which are able to be read by multiple sites.   I know I would.

If you use cookies, make sure that you inform your visitors:

Sample Privacy Policy

Purpose:  To define privacy expectations of visitors to the ArielSilverstone.com website.

What We Collect and How

We respect the privacy of our visitors.   We generally do not collect personally-identifying information on this website.   We do, however:
a) Employ certain automated tools that collect statistical information visitors to our site.
b) Provide you with the option to leave comments, or contact us, by entering your email address and, optionally, other contact information as you may choose to share with us.
c) From time to time, we may offer you to opportunity to participate in surveys or polls, and we may be provided with such information as you choose to provide us.

Cookies

In general, we do not use persistent cookies, unless you request that our site remember you.   Other cookies that we use are session based and expire or set to be deleted when you close your browser window or restart your computer.  Our cookies are not made to be read by other sites, and maybe refused by setting your browser options to do so.  Refusing some cookies may alter your site experience, and especially movement between pages that require authentication.  We do not use the values stored in cookies for any other purpose beyond those declared above, in the What we collect section.

 

In the next article in this series, we will discuss calling out disclosure and sharing of collected information, and we will then close by discussing updates to our privacy policies.

See you soon!