Live From DMD New York: Creating a Common Sense Privacy Policy
Honoring customer privacy gives a company an opportunity to build its brand image; loyalty and trust of customers; and profit, said Barbara Lawler, chief privacy officer at Hewlett-Packard Co., at a DMD New York session on Tuesday.
And establishing a good privacy policy is not rocket science–it’s just good common sense, concurred Judy Kincaid, president of JK Associates LLC.
“You don’t have to get lawyers to write fine print,” Kincaid warned. Instead, take a common sense privacy test. In the ethical area, if you were a customer at your Web site, how would you feel if a certain action were done to you? In the public relations area, “How would you feel if the way your privacy policy works were on the front page of the Wall Street Journal?” Kincaid asked.
In the legal area, be sure that nothing you are doing can send someone to jail. And, be certain you know what your customers are worried about.
Hewlett-Packard used this privacy test in a number of situations. In one, the company had collected 40,000 customer names over four years. Before sending an e-mail to this list, Lawler said, staffers wondered if some of the records were too old to contact people who had agreed years ago to receive e-mails from Hewlett-Packard. Also, they were concerned about the fact that the list represented many different customer segments.
The computer marketer has been using opt-in for two years in the consumer side, and is moving that way in the business-to-business side, Lawler said. But in this case, the company decided it was best to send an invitation to this group of 40,000 asking them to opt in. They were offered an incentive for doing so.
In another situation, the company was faced with how to handle the data from a large business unit that was being sold. “Are we legally required to tell those customers what was happening to their data?” Lawler asked.
Hewlett-Packard determined that there was no law that required notification, “but we decided to do what we thought was right.”
The company sent a letter to the customers of that business unit telling them about the acquisition and suggesting they contact their sales representative if they no longer wanted their data to be used.
“Privacy isn’t just about legal issues, an annoyance or PR, it’s about good, ethical business practices,” Lawler said.
The privacy policy should contain the basic privacy policies of notice, choice, accuracy and access, security and oversight, but these must be expressed in simple, clear language, Kincaid said.
“Actually write your online privacy policy,” she said. “Be honest. Say what you are really doing: you may not have the capability to let customers update their data, for example. Be honest about that. Say what you are doing to overcome that.”
Other ways to use common sense in the privacy policy include providing a way for customers to contact your company. And, include a date when the policy will be revised.
