Communicating the importance of privacy without making it an issue?
September 21, 2017 3:58 PM Subscribe
My business frequently handles organisational and personal data. As a business, how do we communicate that we take privacy seriously without making it a huge issue?
For example, if I went into a car showroom and the salesperson said to me “You can trust me”. My instinct would be NOT to trust him or her simply because they said that in the first place. That salesperson would have been better off saying nothing about trust. My fear is that If I make a big issue of privacy on company websites and company literature etc., – existing and potential clients might have a similar response! I feel we need to communicate our strong emphasis on privacy but without making it a huge issue?
For example, if I went into a car showroom and the salesperson said to me “You can trust me”. My instinct would be NOT to trust him or her simply because they said that in the first place. That salesperson would have been better off saying nothing about trust. My fear is that If I make a big issue of privacy on company websites and company literature etc., – existing and potential clients might have a similar response! I feel we need to communicate our strong emphasis on privacy but without making it a huge issue?
Another way is to have a clearly developed privacy policy online and then have a link to it at the bottom of each page of your site, or in the footer of external emails. The company I work for does this for this very reason.
posted by scrute at 4:16 PM on September 21, 2017 [4 favorites]
posted by scrute at 4:16 PM on September 21, 2017 [4 favorites]
Every business that is regulated by Federal agencies now is required to develop and disseminate a written privacy policy.
You should consult with a lawyer to find out whether you are included, or whether there are similar requirements at the state level.
Even if not required, such a written policy is a Very Good Idea. Most of the clients will do what normal people do with the policy - pay no attention to it, and throw away the form - but they are not the intended audience.
posted by yclipse at 4:48 PM on September 21, 2017 [1 favorite]
You should consult with a lawyer to find out whether you are included, or whether there are similar requirements at the state level.
Even if not required, such a written policy is a Very Good Idea. Most of the clients will do what normal people do with the policy - pay no attention to it, and throw away the form - but they are not the intended audience.
posted by yclipse at 4:48 PM on September 21, 2017 [1 favorite]
You don't have to make it a big deal at all. Instead, document and publish what you do to protect your customers' privacy in the usual places--Terms of Service, Privacy Policy page, maybe a very matter-of-fact FAQ item.
Surely there are actual legal regulations regarding security and privacy you're required to comply with, so explicitly stating that you comply with those is good because curious customers will know that there are consequences for you if you don't.
I work for a company that handles sensitive financial and personal data. We document the specifics of our privacy practices in the usual places on the website, and have additional documentation and talking points for people who want to know what we're doing to keep them safe and comply with the relevant regulations. Nothing else is required.
Well, you should definitely consult your business' legal counsel.
posted by rhiannonstone at 6:50 PM on September 21, 2017 [1 favorite]
Surely there are actual legal regulations regarding security and privacy you're required to comply with, so explicitly stating that you comply with those is good because curious customers will know that there are consequences for you if you don't.
I work for a company that handles sensitive financial and personal data. We document the specifics of our privacy practices in the usual places on the website, and have additional documentation and talking points for people who want to know what we're doing to keep them safe and comply with the relevant regulations. Nothing else is required.
Well, you should definitely consult your business' legal counsel.
posted by rhiannonstone at 6:50 PM on September 21, 2017 [1 favorite]
Agree with rhiannonstone that the best way to communicate how serious you are about privacy is not to tell them about it but to show all the steps you have taken.
posted by d. z. wang at 7:29 PM on September 21, 2017
posted by d. z. wang at 7:29 PM on September 21, 2017
Well, most companies are pretty up front with 'we take customer privacy very seriously and here is our policy, etc'. I don't think people are weirded out by that.
If your organization deals with an area of people's lives that is maybe more personal than credit cards, like let's say a dating site or something, I think at sign up you would have a link to 'about your privacy' one could click on and you would then be a little more direct and less corporate than a bank to the tune of "As a company and as individuals, we take personal privacy very seriously. As a matter of internal policy, protection of private information is the highest priority in our organization."
Or some such.
And yeah, get a lawyer to read it before you put it up. If it's not the highest priority, don't say it is.
Your instinct of 'less is more' is a good one but I do think you want to say something--but exactly what is dependent on the information and industry.
posted by A Terrible Llama at 5:34 AM on September 22, 2017 [2 favorites]
If your organization deals with an area of people's lives that is maybe more personal than credit cards, like let's say a dating site or something, I think at sign up you would have a link to 'about your privacy' one could click on and you would then be a little more direct and less corporate than a bank to the tune of "As a company and as individuals, we take personal privacy very seriously. As a matter of internal policy, protection of private information is the highest priority in our organization."
Or some such.
And yeah, get a lawyer to read it before you put it up. If it's not the highest priority, don't say it is.
Your instinct of 'less is more' is a good one but I do think you want to say something--but exactly what is dependent on the information and industry.
posted by A Terrible Llama at 5:34 AM on September 22, 2017 [2 favorites]
If a huge number of car salesman had been busted for screwing their customers recently, it would not be weird for one to bring up trust and integrity. People's personal info being leaked is huge news right now. "Don't bring it up" is not an option.
posted by soelo at 10:20 AM on September 22, 2017
posted by soelo at 10:20 AM on September 22, 2017
When I'm concerned about how a company deals with privacy, I want to know two things:
1) What security measures are they taking to make sure their data doesn't get stolen/leaked/otherwise thrown to the public internet?
and
2) Are they going to demand an actual warrant before handing over customer data, or will they comply with a request without legal authority? Will they hand over data to a private investigator? To a law firm gathering info for a civil suit against a customer?
Sort out the answers to those, and put those answers in your privacy policy. You don't need to describe all the details of your security measures, but something more than "we take customer privacy seriously" would be nice - too many companies use that phrase to mean "we don't want our competitors to get access to our money-making data" rather than any actual care for their customers.
posted by ErisLordFreedom at 10:43 AM on September 22, 2017 [2 favorites]
1) What security measures are they taking to make sure their data doesn't get stolen/leaked/otherwise thrown to the public internet?
and
2) Are they going to demand an actual warrant before handing over customer data, or will they comply with a request without legal authority? Will they hand over data to a private investigator? To a law firm gathering info for a civil suit against a customer?
Sort out the answers to those, and put those answers in your privacy policy. You don't need to describe all the details of your security measures, but something more than "we take customer privacy seriously" would be nice - too many companies use that phrase to mean "we don't want our competitors to get access to our money-making data" rather than any actual care for their customers.
posted by ErisLordFreedom at 10:43 AM on September 22, 2017 [2 favorites]
« Older A way to find all the movies that got a certain... | Is it appropriate to request a woman use her full... Newer »
This thread is closed to new comments.
posted by cpatterson at 4:03 PM on September 21, 2017