Developing a Privacy Policy

If you haven’t done so already, it’s time to develop and publish a privacy policy for your managed services business. Depending on the jurisdiction(s) within which you do business, you may be required by law to post a privacy policy. This is not generally required under U.S. federal law, but is mandated for those in certain fields or industries (such as healthcare and financial services) or if you collect personal information from children under the age of 13.

A privacy policy may also be required under some state laws. For example, California’s state law requires this of any business that collects personal information from California residents, regardless of where the business itself is located. In addition, some business contracts (for example, the agreement that you execute if you display Google Adsense advertising on your web site) may require you to post a privacy policy.

Even if none of the above applies and your MSP is not required to post a privacy policy, you should do so for your own protection and to reassure your customers that the information they entrust to you is safe. But just copying a standard privacy policy and slapping it up on your web site or mailing it to your customers isn’t enough.

You can find many privacy policy templates and policy generators on the web to help you get started, but these should serve as a starting point only. A privacy policy isn’t a “one size fits all” document. Your policy needs to address how your particular business collects and uses personal information. By personal information, we generally mean information that can be used to identify individuals, such as:

  • Names
  • Physical addresses
  • Email addresses
  • Telephone numbers
  • Social security numbers
  • Other unique identifiers

Your privacy policy should disclose the means by which you collect information. For example, do you use cookies on your web site to store information about users? Your policy also should clearly disclose what you do with the information. Do you sell mailing lists of customer names or exchange such lists with your partners?  Do customers and other visitors to your web site have the ability to opt out of this? What must they do in order to opt out? Make the opt-out process easy; there is nothing more frustrating than to be told you can opt out of something and not be able to figure out how to do so.

A privacy policy is a document with legal implications, so it’s a good idea to have an attorney look over your policy, even if you don’t feel it’s necessary to have it drafted by an attorney. There are many pitfalls that someone trained in contract law can help you avoid. This is an older article but still contains many valid points that you should consider before you finalize your privacy policy.

Once you have the privacy policy fine-tuned, you should make sure that it’s easily accessible on your web site. Don’t bury it deep within the layers of pages on your site. There should be a link to it on the front page, prominently displayed, as well as on other pages where it’s relevant, such as on online forms that request personal information.

It’s frustrating to those who do business with you (or who are considering doing business with you) to not be able to get answers to any questions they might have about your policy. The policy should provide a contact email address, phone number, and/or physical address where they can contact you. And those messages, calls or letters should be answered promptly.

Now that you have a good privacy policy, and have made it accessible to your customers and site visitors, be sure to follow it consistently. Do what you say you’re doing, without exceptions. Implement the security procedures that are necessary to protect the information. Even though you may not be required to have a policy, if you do post one, you are required to adhere to it.

In the U.S., the Federal Trade Commission (FTC) can enforce compliance with your policy; your company could be sued for deceptive business practices under federal and/or state laws if you don’t follow your policy. At the very least, failing to follow your own policy is likely to cause bad will and lose you customers. Today, individuals, organizations and governments take privacy very seriously, and you have to do the same to protect the reputation of your business.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top