Is it Time to Revisit Your Online Privacy Policies?

by Ross Dyer

A recent study by Deloitte found that nearly half of Brits don’t read the privacy policies of the websites they visit. No surprises there, you might think. Yet if that stat is true, online businesses are missing out by failing to go beyond a mere tick-box compliance approach to data protection. There are lessons to be learned here; those who take a more proactive stance are likely to find themselves reaping considerable business benefits.

Policy blah blah

The consultancy interviewed over 2,000 UK citizens to compile its Data Nation 2014 report. It found that 47% don’t read privacy policies or terms and conditions on websites, which effectively means they have no idea how their data is being used. Only 34% said they thought these policies were clear. Deloitte went further, analysing the 100 most popular sites amongst UK netizens, and found that said policies took an average of 26 minutes to read and understand.

That means if someone were to read the T&Cs of all 100 top sites it would take them nearly two whole days to do so.

Clearly most B2C online businesses are only paying lip service to the idea of data protection – doing the minimum necessary to tick the legal compliance box which requires them to display a privacy policy.

Going beyond

If online firms were to take a step back and think this through, there are potentially significant gains to be made from taking a more proactive approach to customer privacy. Some studies have shown that, far from being apathetic and fatigued by the sheer volume of data breach stories in the news, customers are genuinely concerned about where and how their data is used. In fact, Deloitte claimed that 63% had responded to say that they don’t have “much or any” confidence that their personal information will be kept safe by the companies they interact with.

Now, not many people refuse to visit a website because they haven’t read or can’t understand its privacy policy. But if firms were to get more creative and transparent about how they convey this information, they could actually build a much closer relationship with their customers. Think about designing quirky, easy-to-understand videos, graphical or animated content, for example, to get across the gist of your T&Cs. These pages can always link to the original privacy policy, allowing those who want to get more info to do so.

Make privacy a differentiator for your organisation. It could do wonders for the reputation of your business in the ultra-competitive world of the web, where user reviews are king and customer loyalty minimal. Get the user on board, reassure them about your data privacy policy and they may be willing to share more information with you, which could then be used to improve the customer experience and even launch new business models.

Data security 101

Behind those policies, of course, should be a serious data protection strategy. Here are a few must-haves:

  • Encryption for the most sensitive data
  • Data loss prevention to minimise deliberate or accidental leakage
  • Extended Validation SSL for secure data transfer/transactions
  • Scan your site and systems daily for malware
  • Comprehensive endpoint, email and web security
  • Keep all systems patched and up-to-date

Leave a Reply

Your email address will not be published. Required fields are marked *