Turbocharging your privacy policies: putting them into context

In this article - the last in a series of three - we set out some more handy tips how you can make your privacy policies work for you and your customers.

In our previous article, we looked at the report on the relatively simple techniques that any business can deploy to improve their privacy policies: Improving consumer understanding of contractual terms and privacy policies: evidence-based actions for businesses.

In the article before that, we discussed the draft guidelines from the European Data Protection Board on data protection by design and by default.

But these two reports only get you so far.

Many businesses are missing a trick by forgetting that their privacy policies are actually read by their customers, as opposed to a panel of esteemed data protection experts.

The result?

All too often such policies are full of impenetrable blocks of text and legalese. All too often, they stand out like a sore thumb in comparison with other key customer-facing documents.

Privacy policies are living documents that need to work and inform. Customers shouldn’t have to wade through legal treacle to understand where you send their data or what they need to do to if they want their data to be rectified or deleted.

Of more concern, of course, is that failure to get this right can mean non-compliance with data protection laws and could result in fines being issued by the relevant supervisory authority such as the ICO.

So here are a few tips to be more accessible and inviting:

• Start at the basics. Ask yourself:

• who are our customers?
• what tone of voice should we adopt?
• how can you make your brand’s values, tone and style shine through?

• Speak to your customer, not over them. Use ‘you’ as opposed to, say, ‘data subject’ or ‘customer’
• Look at your other marketing materials. Does your policy stand out or blend in?

• websites
• social media
• blogs
• direct marketing material
• brochures and flyers
• posters
• retail displays
• advertisements

• Look at any key internal guidance:

• brand dictionary
• word bank
• corporate brand guide

• Don’t be standoffish. Consider adding a bit of personality to your policy: ‘We don’t like when things go wrong. However, in the unlikely event that something is amiss, we will … ’ Tread carefully though. There’s a fine line between friendly, engaging language and language that cloys or feels contrived
• Finally, don’t forget the visuals:

• Consider adding a picture of a person at the top of the policy. Many businesses have stock photos that can be used for branding purposes. Research shows that it helps people to engage with the content and increase trust
• How is the policy presented? Is it cluttered? Does it make sense as a whole?
• Have you used headings, sub-headings and bullet points well?
• You could also consider using drop-down menus to present further information relevant to the data subject

It can take time to get right, but taking your privacy notice to the next level can create greater transparency and ultimately trust with your customers.

What do you think? Are privacy policies improving? Or getting worse? What do you think businesses should be focusing on in their policies? Do you have any useful tips you’d like to share?