4-Step Internet Privacy Policy Process

A privacy policy is not a static document – it needs to grow and adapt alongside your business practices. New technologies and partnerships result in changes to your data collection and sharing that might take your team by surprise. Only regular monitoring of your site and services will ensure that your policy continues to meet your needs and privacy practices match your policy.

The right tools and a simple, regular review of your website and mobile apps will help you protect your customer’s trust and your reputation. These 4 steps outline a process for keeping your privacy up to date.

Step 1: Monitor and Evaluate Practices
Websites and apps that feature advertising or third-party services may collect data and share it with others. A website scanning tool can be used to identify unauthorized third party tracking technology and other privacy risks. If you have a mobile app you need to understand what data it collects.

You should also consider conducting a risk analysis comparing your business privacy policy with industry and regulatory requirements. The effectiveness of the analysis depends on the experience of those conducting it and the quality of the tools used to identify the risks. Factors may include:

•	The technology you use and the trackers deployed.

•	Where you do business and who your customers are.

•	The type of information you collect, how long you keep it and what you do with it.

Step 2: Remedy Issues
Reducing risk may be as simple as updating language in a privacy policy to reflect current practices. Or it may require changes to your website or application design to enhance privacy options and increase transparency. Some regulations that might apply to your business:

•	The EU Safe Harbor Framwork requires third party resolution services and has strict data retention policies.

•	The EU Cookie Directive requires websites to obtain prior consent before EU citizens view web pages with cookies and other tracking technologies.

•	Children’s Online Privacy Act (COPA) requires verifiable consent from a parent before collecting information from a child under 13 years old.

Step 3: Vet New Partnerships
Any new partnerships or technologies that are integrated into your website or app should have vetted privacy policies. Advertising networks, email partners, shopping carts services, and others may be collecting, processing or storing customer data on your behalf. Their privacy standards have to meet or exceed yours to maintain compliance with your own policy.

Step 4: Monitor Consumer Feedback
A privacy misstep or misunderstanding deserves prompt attention and a quick response. No one wants to see a negative customer experience or privacy violation “go viral” and make headlines. In most cases, simple customer education solves the problem. If a data or policy change is required, it is better to make the fix sooner than later before more customers are affected. A simple email to customers when you make a change to your privacy policy can close the feedback loop and show them that you're paying attention to their needs and interested in their feedback.