In the era of consumer tracking and data breaches, individuals have become more and more concerned about who has their data and what is being done with it. A privacy statement gives them that information. Its an explanation, posted on a website or app that explains how shared personally identifiable information will be collected, used, disclosed, and managed.
So what exactly is personally identifiable information, or PII? It’s a lot more than you might think. It’s not just a social security number or a name coupled with an address. It’s anything that could be used to identify someone: e-mail address, phone number, date of birth, personal preferences, location data, even a pet’s name. If the information could be used to identify, contact or locate a single person, they have a right to know what you’ll be doing with that information, even if the answer is nothing at all.
- Your Identity: who you are and contact details
- Data Collected: what specific types of personal data will be collected
- Choice: what options (if any) the customer has about how/whether data is collected or used
- Access: how a customer can see what data has been collected and how they can change/correct/remove such data
- Security: how data will be stored/protected
- Storage Justification: why the data processing is necessary
- Disclosure: Whether the data will be disclosed to third parties
- Do Not Track Policies: how the operator responds to “do not track” signals and whether information is collected across websites and devices
- Updates: how changes or updates will be communicated
- Effective Date: the date the policy was last amended