Best Practices: Online Privacy Policies
1. Be Factual
Avoid exaggerating the nature and extent of privacy you provide. Ensure that anything you say in the policy can be verified or is a true reflection of your organisation’s data handling practices. Outline in clear detail the following matters:-
- the methods you use to collect personal data;
- the purpose for collection of the information;
- if you share the information with third parties, who are these parties, and what safeguards do you and the third party have in place for the shared information?
- how will you store the information? for how long will you store it?
- what rights do users have in relation to their personal information?
2. Make it clear and simple
3. Obtain User Consent
5. Demonstrate Accountability
6. Follow Data Minimisation Approach
Collect only the amount of personal data that is relevant for the purposes that you have identified in your policy. In the context of your online business/website/app, ask yourself what is the absolute minimum information you require and how do you intend to use it? For example, if it is a blog, you may need only email addresses so you can alert your followers of new posts or you can send them newsletters on the latest topics or trends. Telephone numbers and IDs may not be necessary. On the other hand, if you are selling products through your app or website, you may need a host of information for purposes of the contract. This may include full names, email, phone numbers, credit/debit card information etc. But even here, be careful to seek only what you require. The bottom line, be clear on why you need the information you are collecting. Avoid collecting data on the off-chance that it may be useful in the future.
Disclaimer! Venturelawkenya contains only general information about legal matters. It is not legal advice and should not be treated as such. You must not rely on the information on this website as an alternative to legal advice from your lawyer/advocate or other professional legal services provider. If you have specific questions about any legal matter you should consult with your advocate or any other suitable professional legal service provider.
Disclaimer: The information on this blog is available for informational purposes only and is not considered legal advice on any subject matter. By viewing blog posts, the reader understands there is no advocate-client relationship between the reader and the blog publisher. The blog should not be used as a substitute for legal advice from a licensed professional advocate, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation. The information on the blog may be changed without notice and is not guaranteed to be complete, correct or up-to-date. While the blog is revised on a regular basis, it may not reflect the most current legal developments.