Perfunctory note that I’m not a lawyer…
Privacy policies are hard to make. This site has one I’m not thrilled with.
I’ve recently tried to help a number of my clients with making one or improving an existing document. It’s led me to realize that I think they are uniquely tricky documents to make, especially for small organizations.
- Privacy policies have to be specific about legal, technical, and business practices. They have to account for an organization’s IT, back office procedures, and other technology choices.
- Privacy policies sit in between a bunch of organizational roles. That makes it especially tricky because any one person involved won’t have all the necessary knowledge.
- Much like a good accessibility statement, privacy policies aren’t fixed documents. They need to be kept up to date, and new staff have to be onboarded to make sure they are aware of it and follow what it says.
So my experience, especially with small organizations, privacy policies end up being nobody’s job because they involve everyone’s job. And therefore, we get crappy privacy policies at best and no privacy policies 90% of the time.
Back to the Basics
At least for right now, it feels like great is the enemy of the good enough. We need to at least try, do our best, and continue to improve our practices as we go.
Where’s My Template?
Because privacy policies are specific to the technologies you use and how you use them, it’s basically impossible to write an accurate template that one can use off the shelf.