These days there is a large to do about privacy on the internet. Many web sites require identifying information, personal or otherwise. Yet many users are hesitant to give out information to sites that they do not trust or have not had any experience with. There are many stories of identity theft, fraud, and other scams. In order to help users fears and protect sites legally, it is a good idea for sites to have a privacy policy.
Privacy policies can help both users and site managers have a clear idea of how information will be used, if it will be shared, and other things pertaining to potentially sensitive information on users. A good privacy policy should be easy to access and read by both users that visit the site and people that would have access to the information. If there are clear expectations, then users will be more likely to give information.
There are a few good guidelines to follow when asking for information that will make the user more comfortable. Do not ask for more information than is absolutely necessary. When asked for a lot of information, a user can feel overwhelmed or suspicious. If you don't have a good reason to have information, don't ask for it. The simpler and more concise an entry form is, the more likely that the user will bother to fill out the entire form. In general, if you can get by with an email address and name, then go with it. If you need more accurate information, be sure to tell the user exactly what you are asking for and why it is required. Often times users will enter bogus information, so it's important to let the user know if accurate information is needed.
A good privacy policy can protect a site and its owners from legal action should you use the information in a way that your users may not agree with. Like with any statement, and open declaration of the intents and practices of the sites will give users a heads up as to what to expect. I users are told what will be done with the information they choose to give, you can avoid a large number of legal issues.
What should privacy policies contain? And how should they be written? Privacy policies should be written in a clear and understandable way, so that the uses can understand what the policy describes. They generally should not be written in legal terms, since most people who will be reading and writing them will not have any form of legal training. A lengthy document is less likely to be read, defeating its purpose.
Privacy policies need to do many things. A privacy policy needs to spell out what will be done with the information provided. Will it be used to contact the user, or to conduct studies? The user most likely will want to know if the information will be sent to other parties. Some sites may attempt to collect information about people and sell that information to other companies, or they may simply be more honest sites attempting to collect data for another's study. It is very important to differentiate your site from other less honest sites and let the user know exactly what will happen to the information that they give about themselves.
A good privacy policy will also state how long information will be kept on the user. While it is normal for sites such as forums to maintain login information on users for several years, a user may not want more sensitive information kept for so long after they have discontinued an online service.
You will want to put you privacy policy in a place that is unobtrusive to the main content of the page, but is not hidden or made difficult to access. Generally a good place is that of a link at the bottom of every page, so that the user can review it at any time but not be distracted by it. There may be times when you want to make the policy more prominent, such as when filling out a form. In cases such as these it may be prudent to add a prominent link to the privacy policy page so that the user can view the policy before entering potentially sensitive and valuable information about themselves.
It is also good to notify the user if any precautions will be made to keep the users information secure. In reality, the safest was to protect users sensitive data is to not have any at all. If sensitive data must be kept, make sure that you have the means to protect whatever data that you may ask for. Simple information, such as an email address, may not need much security, but other kinds of information such as social security numbers and credit card numbers will need significant protection that may need to meet certain legal standards. Because our site will only require a name and email address, a secure database and connection are probably good enough for our purposes.
In terms ot web site design, make sure that public information and private information is well separated. Users may not mind information such as their usernames displayed in public, but email and other forms of contact information might be more sensitive. Give users the option of displaying their identifying information, and make sure that other public users cannot see the private data of others.
In addition to keeping the display of information separated, it may be a wise choice to separate private and public data on the database itself. Keeping all private data in one secure place will make it easier to maintain, protect, and delete in the case that the user terminates online service and wished that the information they submitted to be removed. Having private data in one place also makes it much easier to limit access to it.
Avoid using cookies, Java, Javascript, or other similar features excessively on your website. These features are not always secure and can be used to harm both users computers and your own website if proper precautions are not taken. Because of this, some users may disable these features completely. While they may be used to enhance the features of your website, be prepared that not all computers will support them.
In the end, it is the users responsibility to protect themselves in terms of privacy, and to not give out information that they would not voluntarily give out. As web designers, it is out responsibility not to make that task harder. Users need to know what information they may be required to give, how that information will be used, if it will be shared, and how long it will be kept. Web developers need to be responsible in keeping the information users have submitted safe and secure, so that it will not fall into the hands of those that would abuse that information.
References:
www.wikipedia.com
www.w3schools.com
www.facebook.com
Contact Me | Policies | Colophon
© 2009, Jonathan Dunstan, All Rights Reserved.