Strategies for Creating and Implementing a Solid Privacy Policy

Knowing personal information about constituents in the online sphere allows organizations to provide visitors with more personalized and meaningful communications and services. But with this benefit comes the danger that the personal data you collect could be misused or its security breached.

Donors know the dangers inherent in providing an organization personal information and will be reluctant to do it unless the organization can ensure them of its safety and intended use.

In the whitepaper “The Growing Concern for Privacy Online” for the National Association of Colleges and Employers Technology Committee, authors Judy Applebaum, Shirley Marciniak and Paula Quenoy recommend that all “Web sites that gather identifiable information clearly spell out how personal information will be used and what steps Web site owners have taken to protect it.”

Each organization’s privacy policy will be different, as it’s based on each organization’s practices regarding collection, use and sharing of personal information. And within some organizations, there may be the need for various departments to have their own online privacy policies, the authors write.

They advise to keep the following criteria in mind when creating a privacy policy:

* Why and how you collect certain information;

* How constituents can view and edit personal information; and

* Who you disclose personal information to and by what method.

The overall purpose of the policy, they write, is to be informative and clear about how you intend to use personal information, develop trust with constituents and create a policy that will be read. Some other tips of note in the whitepaper include:

* Be sure to involve upper management and staff/employees responsible for key operational functions in the development of your privacy policy.

* Draft the policy keeping in mind long-term goals of the organization.

* Have legal counsel review it.