1. Be forthright

In crafting your privacy policy, avoid tricks and weasel language. Such practices are entirely unnecessary for the protection of the business.

Paragraphs commonly plugged in by lawyers and marketing types originate from motives that can cause more harm than good.

Remember that your lawyers are paid to protect you at all costs. They are ethically bound to disregard the interests of your customers and users to the fullest extent possible if it means even a tiny bit more protection for you.

Near-sighted marketing practitioners want to preserve the possibilities of using any and all information about any and everyone, even if they have no good idea right now about what they might profitably do with that information. If this attitude finds its way into your privacy policy, it will show through your business.

Here are typical clauses that you should avoid, with notes about achieving the necessary protection without being abusive.

“or other permitted by law”

This and similar phrases are often added at the end of statements that explain “How we use your information.” It is a legal catch-all that makes all that precedes it and all that comes after it irrelevant. It literally means that if a use of your customers information is not explicitly illegal, then you retain the right to use it that way. In that case, why bother listing things like “to administer your account, to contact to introduce you to new products and services…” all of which are permitted by law.

The only reason this language is included is to create a “safe zone” in the event that someone in your business uses personal information in a way that has not been disclosed, but is not strictly illegal.

It is always proper to try to limit liability for unforeseen circumstances. But this is not unforeseen and there are much better ways to handle it that will add value to the entire business.

Your policy instead should include a proscription for employees, agents, contractors and others who have or may gain access to your businesses information.

Sample

“We view all customer, employee and prospect information as proprietary trade secrets. Any information we collect about individuals must be treated with the greatest of confidentiality. We restrict access to such information to those for whom it is necessary in the conduct of their work for us. All employees, contractors, agents or others who may legitimately come into connect with your information are required to read and accept this privacy policy and are held personally and severally liable for any breach of privacy resulting from their failure to adhere to this privacy policy.”

A clause such as this achieves a number of objectives. It shows a commitment not only to customer information, but to employee information. In doing so, you assist employees in understanding the importance of handling customer and prospect information responsibly. You let employees and customers know that you will act to hold responsible anyone who breaches their privacy, so it is a win-win commitment.

You still need to cover off eventualities which genuinely are unforeseen. You should simply say that in your privacy policy.

Sample

“We attempt to cover all eventualities in this privacy policy. We do not now, nor do we have any plans to use information in any way other than disclosed in this policy. But there may arise circumstances which we have not foreseen. In such a case, we will obviously limit our actions to those that are lawful, but more importantly, we will amend this policy at our earliest opportunity to reflect the new circumstances. We will promptly disclose such unforeseen practices to those whom the practices affect and we will limit any new uses of your information to those necessary to address the unforeseen eventualities. In such eventualities, we disclaim any legal liability.”

It is a lot simpler to just add “or permitted by law,” but the simpler method servers no confidence building role and no ethical hardening of the business, both of which pay dividends over time.

Our samples, on the other hand, do drive ethics into the business, demonstrate that your business can be trusted, and still provides the safe zone in the event you need to use personal information in a way that you do not now realize.

Of course, it puts a cork in the marketing tricks bottle. But that is not a serious matter. If your marketing people or you come up with something that benefit the business but  that would be contrary to your privacy policy, you simply need to first disclose it and amend your privacy policy. This is not a real barrier to innovative thinking. Take a moment and consider exactly what could we want to do that would be contrary to our privacy policy? In our practice we have never come across a single case where executives or marketers could in fact think up any practice that was both ethical and contrary to their own privacy policy.

As for the lawyers’ objections, have them expand the disclaimer of liability or incorporate by reference the disclaimer that almost certainly already exists in your Terms of Service.

The critical point here is making a public declaration beyond the “allowed by law” in such a way as to infuse your business with respect for the information that, after all, is essential to your continuing success.