Privacy is a hot topic these days and still many people make it too technical or think that privacy is a thing they do not have to worry about. Yes you should worry about your own privacy and yes you should be paying attention to what privacy standards you put into place on your website.
First, lets talk about your own privacy. I hear all the time “I am not worried about my privacy because I have nothing to keep hidden.” Okay that is great, however, does the entire world need to know everything there is to know about you. Also, even those who say they are an open book I bet would rather not have their debit card information to fall into the wrong hands after you entered your information into a website to buy something. I personally would like to know before I buy from a website if they are collecting and saving my payment information.
However, let’s not confuse privacy and security. Security is taking measures to ensure your information is safe from hackers. Security is simply making sure the bad guys don’t get in. Privacy is the ability to control what information of yours is being shared, how it is being shared, and for how long it is being shared. Privacy is the ability to know what exactly you are signing up for when you are signing up. Internet privacy scammers equate to the long distance telephone callers of the late 90’s. They like to bait and switch you before you see what is going on.
The data that online privacy protects both personal and sensitive personal data. Personal data includes name, location, identification numbers (like your driver’s license), IP address, cookie data, and RFID tags. Sensitive personal data include health information, genetic and biometric data, race, ethnicity, political opinions, and sexual orientation. You can lump it up into anything that one can write down that makes you, you.
I want to now go back to the worry of privacy. Most of the world does not have any information that the government bodies or anyone of “importance” would want to know. It is true but no matter how great or boring your information is, you should want to keep it secure. You should want to know why the form is asking for that particular information for you and what they are going to do with it.
There is an website that was giving out something I was interested in and I have heard countless people speak about their services, so I signed up for their “free product” (first rule of privacy is nothing is ever free as you will be put on a mailing list) and I knew I was going to go on some list for emails. Eh that was cool as usually they are only 1-3 a week. Not this place! I was getting multiple emails daily from them and spamming my inbox. It did not take me long to start reporting them for spam and I had to remove myself at least 5 times to get them to stop.
No one should have to click unsubscribe to remove themselves from one site that they filled out one form for. This is why privacy should be important to you for your readers and customers.
Here are some things you should consider for privacy standards on your website.
Opt-out instead of Opt-In.
The checkboxes may not mean anything. Make sure the reader has to check that box to show they acknowledge what they are signing up for. Having the box checked by default can look slightly spammy and some people may not notice it.
Announce how often you plan to email them when they sign up for anything on your site.
Like my story above getting bombarded with emails, make sure the reader knows what they are getting into. If they are getting your free guide AND being put on your mailing list that will send them an email in the morning and at dinner every day, let them know.
Double Opt-In for Mailing Lists
If you are into using mailing lists to connect with people, turn on the double opt-in. People tend to use fake email addresses or other people’s emails to get the free item they are signing up for. Having the double opt-in ensures that everyone on that mailing list wants to be there.
Have a cookies notice on your site
Cookies are bits of your website saved on the reader’s browser to make it so the site will load quicker the next time they come to your site. There are a number of different styles of cookies that provide personalized user experiences or displaying ads. It is good practice to have a banner notifying the reader that yes your site does use cookies and what you do with the cookies.
Make sure to get parental consent if working with minors online
Always get parental consent when dealing with minors who are not your own. Online and offline. There are so many rules and regulations protecting children’s rights that this is one road you do not want to go down. If you gear anything to a child, have it set up so parents have to sign off on it first.
Have a Privacy Policy Page on your site that is easy to find
Have a Privacy Policy and make sure that it covers everything. Add in all the information you collect, how long you keep it stored, what you do with that information, if you use any third party services, and anything else you may do with information on your site.
If you are not sure how to write a Privacy Policy, there are some WordPress plugins that can assist you to draft one or you can find templates that you can manipulate for your own use.
Have a way for readers to be able to check and/or delete their information off your website.
This is imperative that you setup if your site does anything in the European Union up to and including being able to be accessed while in the European Union. (With the option of VPNs that means every external online website on the planet.
WordPress has made it easy now that they have that information setup in the Tools category in the Admin Dashboard if your website has a basic setup. They have a great tutorial on WordPress Support. You may have to use a GDPR plugin if you are using more specific information gathering functionality on your site.
If you do find yourself in a security breach, announce it.
By GDPR law you have 72 hours from the moment you find out you have had a security breach to disclose it. Plus it is good practice to be transparent with your readers and customers.
If I am not in the European Union, should I even care about GDPR?
Spoiler alert. Yes you should! Personally, I suggest that everyone follows the GDPR standards even if it is not the law where they are or where their site is hosted for a number of reasons.
- Even if you are in the states, people from the European Union may still be utilizing your site.
- You will be ahead of the curve once these laws start migrating into your own country’s laws.
- Showing that you care about your readers and customers private information will set you apart from your competitors who do not.
- Like taking security measures seriously, it is just a good idea.
The bottom line is to ensure that anything that your reader may do on your site, they know exactly what they are signing up for. It is all about having empathy for your site visitors on making their private information important to you.
In the European Union they already have the General Data Protection Regulation (GDPR) and the state of California is putting more privacy policies into law. It will be probably no time before these types of rule are global.
If you feel you are not qualified to set up your own privacy standards for your business, shop around for a local Data Protection Officer. They will help you get everything set correctly and be in your corner if ever you do need them.
Geek Speak Here