How to write a Privacy Policy

Comments (20)

How to write a Privacy Policy

By: Anti Spam League

A Privacy Policy can be defined as the policy under which a company or organization operating a web site handles the personal information collected about visitors to the site. For most of us consumers, privacy involves protecting our integrity and our right to disclose or not our personal information to third parties, without letting anybody bother us with unsolicited communications if we do not want to be contacted.

Why has privacy become such a big deal for consumers over the last few years? The answer is that customers need reassurance before giving out their personal information to someone they do not know. They might really like your web site and even visit it often, but as soon as you ask for their name, they get suspicious. Moreover, if you also ask for their address, phone number, credit card number, bank names, account numbers, health history, or current job information, they start worrying about what you are going to do with all that information. Can you blame them? Of course you cannot. What you have to do is ensure you address some basic but critical aspects of their concern, through a clear and efficient Privacy Policy.

Below are some important issues you should take into consideration when writing your company's Privacy Policy:

1) Explain what types of information you collect and how you use it

Provide reassurance. Clearly explain what types of information you ask from your visitors for and what you are going to do with such information. Besides personal information, what other information do you keep track of? Do you collect information from children? How do you verify parental consent for information about their children? Remember that information is power and although about two thirds of Internet users might be willing to accept a guarantee that you will not abuse their privacy, the other quarter feels extremely nervous about the way their personal information might be used. Therefore, if your web site mines raw transaction data to identify visitors, to come up with new offers, or to sell their names to merchandisers, you will need to explain how you share that information within your own family of companies and outside, or else you will very likely face serious legal problems.

2) Explain why your server and online operations are secure

Now you have already told people what information you ask for and what you do with it, but that is just the tip of the iceberg. Next you will have to explain what makes your server and online operations secure. You probably do not want to be caught with no answer when confronted with questions such as, 'How do you make sure nobody steals my credit card information?' or 'How do you protect the privacy of my emails to your customer support team?' Point out how your consumers can tell if they are really on a secure server, i.e. the change in the URL, the icons that show up on the status bar, etc. You may even take a shot at explaining encryption, and the Secure Sockets Layer. Most importantly, concentrate on the benefits to the consumer, for in the end, most of them will not care less about all the security measures you take and all the money you spend to make your website secure, unless that translates into some specific benefits to them.

3) Let customers out

When people read your Privacy Policy for the first time, they will want to know how they can start or stop receiving email from you. Giving customers an opt-in and opt-out option is a great way to build trust and lower their personal barriers. However, you must be aware that people's needs, desires and interests might change over time and despite the fact that no one likes to lose a customer, you must let them go if they state that they are no longer interested in receiving your emails. In order to protect your customers' privacy, you must give them access to their personal profile or account, and let them delete themselves. Since one of the biggest invasions of privacy is spam, one of the organizations created to fight spam called The Anti SPAM League considers that it is a good idea to allow people to opt into your e-mail newsletter twice - once by clicking the checkbox and Submit button, and again by responding to the e-mail notification that they can subscribe if they reply -. Double opt-in makes it more likely that people know what they are doing when they volunteer for the email. Remember to include an 'unsubscribe' option at the bottom of each newsletter you email to your customer base. Of course, if most of your customers request to be removed from your mailing list then you will have a much more serious problem because your business will be in danger. But still, you must always give your customers a way out.

4) Let customers view and edit their personal information

If you give people the opportunity to view and edit their information, chances are they will provide even more. The reasoning under this is pretty basic: almost no one destroys his or her own data. Therefore, whenever you display customers' personal information, place clear and visible labels indicating how they can edit it. Be clear about how they can view and edit their information, i.e. 'You can access all your personally identifiable information that we collect online by logging in and clicking the 'Change User Info' link in the box on the right-hand side of every page'. Also, answer questions that might be of extreme importance to some customers such as, 'Can I review information you have about my child?'.

5) Inform customers about policy changes

Most businesses revise their Privacy Policies from time to time. If you are among these businesses, inform your customers how they can have access to those changes and revisions. For example, include a sentence in your Privacy Policy such as, 'New versions will be posted on this web site, so please check back periodically for updates'.

6) Tell your customers who to contact in case they have questions about privacy

Sometimes people might have some specific questions that are not explicitly covered in your Privacy Policy. For example, where they can learn more about their right to privacy or who they can talk to if they have a question about their privacy. Always include one or more ways in which customers can contact you regarding privacy issues. This contributes a lot in terms of reassurance.

7) Write a privacy policy that people can understand

Last, but not least, this issue can make the whole difference between a trusted business and one that may look OK, but deep inside you feel you cannot trust. Unfortunately, most Privacy Policies are written by lawyers and consequently, contain way too many technicalities. We do not question the value of legal terminology, but we greatly emphasize the fact that a Privacy Policy does not need to sound too serious or elegant. It just needs to be clear and simple, so that any average consumer can understand it without much effort. If you use industry or in-house jargon without explanation you make readers suspect that you are trying to pull the wool over their eyes and the final result debilitates the whole purpose of the policy, which is to build trust. Sure you will have to talk about your security precautions, but refer to them in plain English before you mention tech words that most people do not understand.

Our advice regarding how to write an efficient Privacy Policy can be summed up in just two sentences: 'Keep it simple', and 'Do not lie to your customers'. If you want to learn more about this and other related topics, check out This organization offers free membership and the chance to access a wide amount of relevant information on privacy, spam, email abuse, Internet fraud, responsible marketing and several other topics.

About The Author

The purpose of the Anti SPAM League is to help consumers and business owners reduce the amount of SPAM they receive. In addition, our Anti SPAM organization believes that educating site owners in the area of SPAM prevention and ways to successfully and responsibly market their sites, is key in making a difference.


granny 12.08.2009. 01:11

What has to be addressed in the Hipaa Privacy Policies? Are there requirements for covered entities to have written privacy policies under the HIPAA Laws? If so what has to be addressed in the policy?


Admin 12.08.2009. 01:11

You didn't ask the question exactly right...They don't have to have privacy policies,,,that's what the law does. But yes, they must have a written policy as to how they assure that they comply with law. This includes staff training, document access, record retention, document handling, security and storage. RJ


Jimena R 25.04.2008. 00:01

Are there requirements for covered entities to have written policy? quistion 1. Are there requirements for covered entities to have
written privacy policies? question 2. If so, what has to be addressed in the policy?

can i need some help here please? i know its my research project but i didn't get it . each of these question need at least four sentences of explanation, and a concluding sentence. or just give me a site and pages...Please help us...I really appreciate it.

Jimena R

Admin 25.04.2008. 00:01

Wow, seems like everyone is stuck on this question because I am too... I've read the PDF file 4 times and I still haven't figured it out....


Bill 15.09.2011. 20:20

Do I have the right to demand privacy policy? my HOA application asking many personal questions on the move in questions. I wonder I have the right to demand to see the written privacy policy on how they plan to use and protect the information.


Admin 15.09.2011. 20:20

They have no legal duty to have such a policy, so ask away.


Norman P 17.04.2013. 05:54

Who prepares the Terms of Service and Privacy Policy for web sites? Are the Terms of Service and Privacy Policy for a web site something I can write up on my own, or do I need to turn to a lawyer or some other professional to do these? Who are the guys who do the Terms of Service and Privacy Policy for web sites? How does one go about doing this?

Norman P

Admin 17.04.2013. 05:54

It's prepared by lawyers. It's best you get one to prepare yours for you. With all this tracking of cookies, phishing, hacking, etc going on, you don't want to be sued for something you didn't even know could happen.


JK 19.05.2006. 21:27

how to write a privacy policy? What to have in consideration to write a privacy policy. Guidelines for the policy.


Admin 19.05.2006. 21:27

Look at other business' privacy report to get an idea of what is important. About 2 years ago a Federal law was passed that mandated medical records holders, like doctor's offices and insurance companies, to have a printed privacy policy and to distribute it to all people whose records they handle. Ask a Doc or hosp. or insurance company for a copy of theirs. They will be happy and are required to give it to you.


Jason 31.08.2006. 02:57

What can I do after Roadrunner broke their own privacy policy? They gave name, address and account info to a detective who had no court order.. He just called them and they faxed him my account info and it's in the police report.

The detective and 2 cops came to my house today with it and a posting off of my blog where I had listed someones home address which he thought was a crime. It was a major embarassment, but after like an hour when I explained to him the address is a matter of public record that anyone can get off of the countys own internet system and that it was a free speech issue he was satisfied and left.

I looked up Roadrunners privacy policy and it says they will only give out users account information if there is a court order to do so- and in this case there was none... What can I do about it?


Admin 31.08.2006. 02:57

You can sue for breach of contract, but the question then becomes damages, of which you suffered none, at least not in what you wrote down, so with out a compensatory claim you can not even hope to get punitive damages, so; what you will get is a verdict in your favor worth no monetary value and a bill for your lawyer's costs. Then again if you take this public, you may get some money out of the story without the expense of a lawyer. This is what might be considered a nuissence complaint. Sometimes they pay you just to go away. If they do, take it and be glad.


adi 30.09.2008. 20:25

Regarding HIPAA, are there requirements for covered entities to have written privacy policies? It it is required what has to be addressed in the policy? Or if you know of a website where i could find this information please let me know. Thank you.


Admin 30.09.2008. 20:25

Most covered entities must provide patients a written notice of how their PHI will be used by the provider. See the site below to find out if you're covered and what the notice must include.


Lyndreia D 08.09.2008. 14:58

Are there requirements for covered entities to have written privacy policies? if so what has to be addressed in the policy?

Lyndreia D

Admin 08.09.2008. 14:58

What type of covered entities are you referring to?

Generally speaking, yes there are requirements for covered entities to have written privacy policies. One example of which would be HIPAA (the Health Insurance Portability and Accountability Act of 1996), which covers individual medical information and includes specific information regarding who/what a covered entity is as well as what/when privacy policies must be obtained.

Privacy policies generally include the extent to which the individual is guaranteed privacy, as well as what and when there are exceptions. An example of which would be with medical coverage, an individual is not guaranteed privacy in the event that he/she reports a specific intent to harm self, someone else, or in the event that a minor is in danger. In these cases, a professional may legally violate the privacy policy in order to alert the proper authorities as specified by local and federal laws. However, the individual is guaranteed confidentiality in almost all other situations.

There are other times and places when privacy policies are used, and I am sure that many of these situations have similar requirements as the HIPAA. Additionally, the American Psychology Association (APA) contains similar guidelines that are geared specifically to all mental health professionals. I hope this helps!


Kelly 24.01.2013. 20:19

Would you like to vote on my invention to enable patients to visit with hospital staff and visitors? I've entered this invention on Shark Tank that enables patients that have breathing tubes to be able to communicate with hospital staff and visitors. Up until now, many patients that can't talk or can't tilt their heads, lift their arms or can't write on a notepad just can't communicate more than to nod their heads yes or no.

My invention, called "Patient Chat" uses a presentation type remote control to wirelessly control a laptop. The "Patient Chat" software displays letters like a keyboard or a texting cell phone on the upper part of the screen. The patient uses the remote to enter up, down, left, right or enter to select letters that are displayed in the lower screen text box.

The patient can select another tab, which brings up a screen like the first screen, but this screen has two text boxes. This screen enables the patient to communicate with remote users that are using a cell phone or are on their computers.

The way Shark Tank decides on products is to talley votes on the various products. Please go to if you are interested. I'm behind in the voting right now. Shark Tank says in their privacy policy that registration of your email won't be used for publicity or phishing.

Thank you.


Admin 24.01.2013. 20:19

Yes  ?


Big Bird 07.05.2012. 14:09

How do you write a privacy policy and terms of service for a social website? Should one consult a lawyer about this or are there templates that one can follow and add in special information as needed in relation the the uniqueness of my site. Please help.

Big Bird

Admin 07.05.2012. 14:09

Usually privacy policies are based off of Privacy laws and stating that your company will be complaint with them and terminating the account of users who decide to violate them in accordance OF the laws and no refunds issues due to those laws being broken....


Write a comment

* = required field





* Yes No