Internet users are constantly expected to entrust the various websites they come across with some of their most sensitive personal data. This data ranges from their browsing history to their credit card numbers. If you own or manage a website, the more information you require visitors to your site to disclose, the greater the responsibility on your shoulders to ensure their privacy is protected at all times. You can create a strong foundation of trust with your website’s visitors by developing and implementing a privacy-friendly environment. A privacy-friendly website is founded on several building blocks. Here’s a look at eight of the most important ones.
1. Minimize the collection of personal data
Privacy begins with the nature of the interaction you have with customer data. The first and arguably most privacy strategy is keeping the collection of confidential personal information at the absolute minimum. The less the personal data you capture, the lower the risk that you could inadvertently violate privacy policies, regulations, and standards. You cannot misuse, abuse, or leak confidential information if it doesn’t exist in the first place. There are several techniques you could deploy to minimize the amount and depth of personal data in your organization’s possession.
First, only collect and process personal data from people that are directly relevant to your current goals. Second, exclude in advance the attributes and people you don’t need. Immediately discard any such data if you ever receive it. Third, get rid of any data you no longer require. You can do this by assigning a clear time frame for each piece of information you capture then configure automatic deletion once this period lapses. Fourth, permanently destroy personal data that you no longer need. Make sure the destruction is total and conclusive to the extent that the information cannot be recovered.
2. Separate data from different contexts
You should physically or logically separate personal data that originates or exists in different contexts. That ensures, for example, individuals whose job entails handling customer data from one context, aren’t privy to data within the same website but belonging to a different context. Separation reduces the chances of deliberately or accidentally combining or correlating data. There are two techniques you could use to implement separation on a privacy-friendly website.
First, capture and process different contexts of confidential personal information in different applications or databases. Second, have as much of the data collection and processing take place on the subject’s own equipment (computer, smartphone, tablet, etc.) and only store data on the webserver when you have no other option. The idea is to make it hard for anyone who gains full control of the end user’s device or the central web server to see the full extent of the personal data in your use.
3. Abstract confidential personal data as much as you can
Only use detailed views of personal data when absolutely necessary. The more you “zoom out” of personal data and abstract it, the lower the risk of privacy violation becomes. You can abstract data both at the subject attribute level and the subject level. Three techniques can help you do just that for a privacy-friendly website.
First, summarize attributes into a more general, coarse-grained form. For example, ask visitors to choose an age range as opposed to requesting them to specify a birth date. Second, aggregate data into associated groups before processing. So instead of processing each individual’s information separately, compile data into groups whose average approximately represent the individuals who comprise the group. Third, use approximations or rounded off values instead of the exact measurement of a personal data parameter.
Note that abstraction and grouping do not eliminate privacy risk. For instance, a certain group may be inherently associated with a particular financial risk profile or medical condition.
4. Conceal personal data
Concealment addresses the unobservability, unlinkability, and confidentiality of personal data. You can conceal the personal data of your website’s visitors in several ways.
First, establish a robust access control policy that limits data views to only those who need it to discharge their assigned responsibilities. Make it extremely difficult for any user to share or leak confidential data by accident. Second, encrypt and hash personal data to make it useless for anyone who doesn’t possess the decryption key.
Third, dissociate data by breaking the links and correlations between data, persons, and events. This would make it hard for anyone to identify an individual by connecting and analyzing two or more attributes. Fourth, anonymize data by hiding their origin or their association.
5. Notify website visitors about the handling of their personal data
It sounds like an oxymoron but transparency is a key ingredient for privacy. Let website visitors know what personal data of theirs you’ve captured, as well as how and why it’s processed. Armed with this knowledge, users can make decisions in their best interests fully aware of the consequences. You can employ three techniques to improve privacy-friendly website transparency.
Second, explain why you process specific personal data. Your explanation should use simple, easy-to-understand language that virtually anyone can comprehend. Provide links to more detailed, technical clarification for those who want to take a deeper dive into your privacy protection measures. Third, inform your users in real-time when you process, share, or accidentally disclose their personal data. Such notifications should be short and to the point.
6. Give visitors sufficient control over data processing
There is no true privacy if website visitors do not have reasonable control over the processing of their data. Remember that the objective of privacy laws, regulations, and best practices isn’t to prohibit the sharing and processing of sensitive data. Rather, it’s to ensure users understand how their data is handled and that they can stop the processing of their data whenever they choose. To yield the requisite control to your visitors, your privacy-friendly website procedures should include four elements.
First, obtain explicit consent from users for the processing of their data. This should include giving them the ability to withdraw consent at any point in the future. Second, give your users a choice depending on to what degree they are willing to share their personal data. Multiple product tiers would come in handy in this regard. You can, for example, avail a basic plan to those who don’t want to share any information at all and offer a premium plan to users who don’t mind providing as much personal data for processing as you need. Third, provide an avenue (such as a dashboard) through which users can review and update their personal data. Fourth, give users the means for retracting their personal data.
7. Enforce privacy-friendly website data processing
8. Do right — and appear to do right
Compliance with privacy laws and regulations isn’t something you do in secret under the pretext of “humility.” That does neither your website nor your visitors any good. It’s fundamental that the website demonstrates compliance to privacy regulators, users, partners, and vendors.
To do that, you must first document all the steps you’ve taken to enforce privacy. That includes collecting system logs, responding to privacy breaches, recording privacy impacting decisions, and motivating staff to comply. Second, audit system logs and privacy procedures regularly for relevance and currency. Third, file audit reports with the relevant regulatory authorities as needed.
A privacy-friendly website is good for business
Featured image: Shutterstock