The Five Practices Of The Privacy-Sensitive
The Tor Project, Ghostery, BugMeNot and a thousand other tools and techniques that help users remain anonymous online are spreading like wildfire. These were once the bastion of the hacker elite but now are being adopted by the middle-aged business man, the stay at home parent and everyone in between. This expansion is fueled by growing concerns over a loss of privacy.
People are concerned about losing control over their personal data, and in some cases with good reason. Whether you agree with that statement or not, the one indisputable fact is that it’s the small startups that will suffer the greatest pain from the cultural shift. Humans are instinctual herders so we don’t have a problem handing over personal information to Facebook (everyone’s doing it) but JoeNewGuyOnTheBlock.com doesn’t enjoy that same benefit.
To follow are five things you should do, and as a bonus, if you do them you will comply with most privacy laws and regulations around the world.
Tell users what you’re doing with their data
Always get users’ permission
This pairs up nicely with the goal to be transparent. Once you’ve told the users what you’re doing with their personal information, then you need to ask their permission to do it. Or in legal terms this would be getting their explicit consent. This could be a simple checkbox or button asking them if they agree to your site’s terms but remember this is only really effective if you execute transparency well.
Give users control of their data
One great way to alleviate user’s fears is to give them as much control over their own data as possible. At the very least you should allow them to edit and update any personal data you have collected from users, but you can take it a step farther and allow them to delete it altogether. This is often referred to as the “right to be forgotten.”
Protect users’ personal data
There are many reasons to protect your data stores properly and privacy concerns are among them. There are too many examples to cite where a data breach has sent the company straight to ruin. Follow information security best practices and minimize your risk of a data breach.
Do as your policies say
That’s it. Do these five things and not only will you earn the trust of your users but you will be compliant with privacy laws and regulations worldwide. Of course the devil is in the details and some of these items are difficult to execute properly, but the sooner you start trying the better off you will be in the long run. If you want more information on tackling privacy issues, you will find more detailed guidance in my book Startup Privacy: The Entrepreneur’s Guide to Privacy.