With the development of technology and e-commerce, the related problems are also on the rise. While websites are growing more interactive and user-friendly, the need for a privacy policy in place that ensures the data security is also becoming essential.
Web users have the right to know that the personal details that many business websites, blogs and online shopping sites ask them to fill out are in safe hands. It is not just to fulfill legal demands, but also an effective tool of transparency towards customers. It is a global norm that such a legal document be exhibited online wherever collection or sharing of personal information is involved.
The India context
India is the biggest platform of data outsourcing and has, in the recent past, faced a lot of cyber crime, data theft, etc. Therefore, there is a need for a regulating mechanism to deal with these crimes effectively and ensure highest security of internet databases.
The Information Technology Act of 2000 is the consolidated document that lays down guidelines for the development and maintenance of websites, electronic records and digital signatures. The Act defines cyber crimes such as hacking, infusion of virus, unauthorized copying of, tampering with information and also prescribes penalties for them.
An amendment to the Act, in 2008, brought such activities as circulation of offensive or obscene content, identity theft, impersonation, cyber terrorism, voyeurism and child pornography into the criminal domain.
A further amendment in 2009 states that any negligence while handling sensitive personal information is likely to pay penalty and is liable for punishment. This includes disclosure of sensitive personal information without consent of the person.
What is a Privacy Policy?
A privacy policy is a legal document, aimed at protecting online consumers against many unlawful activities and misuse of personal data. It is a very important document and must be crafted in simple terms so as to be easily understood by anyone without any obscurity.
A website privacy policy would consist of the following sections: – Introduction: A brief about the organization, the business and any other specifics about the website.
– The Information: The users need to be clearly told what information is being collected, e.g. forms to purchase, subscribe and sign up. Other information such as hostnames and IP addresses should be mentioned here.
How the data is collected: Here, the method of collection of information is to be described. Is it automated? Is the user asked to fill forms or refer other names, addresses, etc.
– Storage of data: The location of the database and any country or region specific laws that apply are to be mentioned.
– Third party sharing: Almost all websites share the information in their databases with others, such as courier services, or banks. The user needs to be informed that their information maybe shared within the legal domain.
– Website contact details: Email addresses, postal addresses, phone numbers, etc. have to be mentioned so as to allow users to get in touch in case of queries or grievances.
Sensitive Personal Information According to The Information technology Rules, 2011 sensitive information includes the following.
• Passwords
• Financial information such as bank account, credit card or debit card details.
• Information describing physical, physiological or mental health condition of a person
• Sexual relationship and orientation
• Medical records
• Biometric data.
Creating, updating, monitoring or managing privacy policies also involves certain best practices. For those who are responsible, whether it’s part of your job because you’re an entrepreneur and everything is your responsibility, or you’re hoping to add this area to your book of knowledge, there are certain best practices to keep in mind. Some of the points are given below:
1) The policy must be written in plain English. If a lawyer is drafting the policy then you must ask it to be written in simple language which will be understood by the consumer or visitor.
2) Something found free on the Internet should not be just cut and pasted as your own. The risk of penalties is very real and therefore your policy should be your own and reflect the unique circumstances of your site.
3) The privacy policy should be updated regularly to reflect changes in the online environment, what your company actually does with that information, and clarify areas that may be vague. This updation must of course also be communicated to the visitor.
4) Follow the policy! Do not deceive the consumers by not following the policy. What is written should be followed.
5) Consumers, readers, forum visitors, or others should have the right to opt out of having their personal information retained.
6) A privacy policy should be easy to find and accessible.
7) The information that you take from consumers should be secure too. The potential disclosure or sale of private information can be devastating.
8) Try and get a well-respected privacy certification program for credibility.
9) You should never ask for intrusive or excessively personal information through a privacy policy unless absolutely necessary.
Consumers are becoming increasingly intuitive and will refuse to provide information that they feel is not required. If you do ask for extremely personal information, be clear on why you need it and how secure it will be.
What we post on Facebook, Twitter or other online social media all constitute personal information and we cannot imagine how this kind of data can be used or misused. Privacy policies are often not given the attention they deserve. A company may dish out a policy without even realizing its actual merit.
We must make an effort to read these policies as consumers and these policies also say a lot about what the company stands for and what it wants to achieve. Information is key to future growth and it gives insights of what cannot be replicated any other way. We all want our information to be safe and secure and a well-written privacy policy is the first step to doing just that!
Get in touch with us at hello@ventureasy.com if you would like us to draft a Privacy Policy for your startup.
- Subsidiary Registration in India: Navigating the Legal Landscape - December 8, 2024
- Incorporation of Foreign Subsidiary in India - November 30, 2024
- Compliances for Subsidiary Companies In India - November 23, 2024