1. Set Clear Ownership
2. Review Other Ecommerce Privacy Policies
The key is to use what others do to build your baseline of knowledge. Don’t just copy other privacy statements. Taking that shortcut puts you at risk. What you are actually doing on your site is likely not entirely the same as others. You want your statements to conform to what you’re are collecting and using.
3. Audit Your Privacy Practices
Now that you have a baseline, you can dig into your own systems and procedures. Identify what types of data you collect from visitors when they browse your site and from customers when they purchase. For example, it is common for online stores to capture:
- Personally identifiable information like name, email, shipping address;
- Payments and financial data;
- User names and passwords;
- Site analytics and behavioral tracking, using cookies.
Then you should map where that data is stored and for how long it is kept. Sometimes the personal information simply passes through your site but is not stored on your systems, like credit card numbers that are secured by your payment gateway. You still need to know that.
And finally, how is the data used or shared with third parties. For example, email addresses are used in many different ways. What email system is used to send out triggered messages after a purchase is made? How is that different from sending out your email newsletter or promotions?
You should also keep your audience in mind. Something as complex and technical as privacy practices can quickly turn your statement into pages of legal jargon. Instead, organize your information clearly into brief, well-formatted sections that link to further details. Write in straightforward language that makes your policy easy to understand. Making your statement easy to read helps build trust.
Additionally, include phone and email contact information for privacy requests. Preferably that is a dedicated contact (like your privacy person from step 1, above), not the general support line. Readers of the policy may never use it, but their trust in you goes up significantly when they see a contact that is responsible for privacy.
5. Post and Communicate
6. Maintain and Update