Should you do so?
In the service
of those web users who are increasingly concerned with issues of
organization's website can go a long way to building trust.
Who Cares about Protecting Personal Data?
A new study from the Pew Internet and American Life Project — "Digital Footprints: Online Identity Management and Search in the Age of Transparency" (December 2007) — reports that a staggering 60% of internet users are "not worried" about how much of their personal information is available online, and feel no need to limit it. In fact, most internet users are not sure exactly what personal information is available online, which may account for the apparent widespread lack of concern about "digital footprints" left behind on the web.
Yet, the same study found that 19% of adult internet users have searched online for information about co-workers, professional colleagues or business competitors; 11% have "googled" someone they are thinking about hiring or working with; and 9% have used the internet to check out their partners in romance.
This isn't the first research to identify a "disconnect" between what web users say is important and the way we actually behave when on the internet. It's been widely attributed to a lack of consumer education to create an understanding of the issue — consumers may believe that privacy protection is desirable, but may not be fully prepared to sacrifice convenience for caution when dealing with "trusted" sites online.
Whatever the cause of the disparity, the number of adult internet users who are
concerned about privacy issues is significant, and it's a number that seems to be growing.
survey data, released in conjunction with Data Protection Day in the
European Union, January 2008, indicated that almost 75% of respondents
were worried about leaving their personal
information on the Internet. Although EU privacy standards are notably
strict, the Commission that oversees data protection
in the EU is currently debating even stronger measures. Meanwhile,
leading American corporations such as Microsoft, Proctor & Gamble,
Hewlett Packard and others are voluntarily adopting the stricter
European standards for privacy protection in their own operations.
Online privacy issues, clearly, are not simply going to fade away.
Given the obvious importance of the issue to online business, it follows that privacy protection cannot be overlooked by nonprofit organizations that rely on reputation and relationships in order to raise funds, to build membership, to spread the word about their activities, or to carry out other basic functions of their missions.
The first step is to know what your organization's data collection practices are:
- What personal information do we collect?
- How do we collect it?
- How is the information used?
- Who has access to the information?
- Do we share the information we collect?
- If so, with whom and under what conditions?
- How long do we keep the information?
Hammering out those details may call for a meeting between board members, website
administrators, marketing people, and volunteer
coordinators — or, in a smaller organization, it may be as simple as a
conversation among a few colleagues. Whichever is the case, do be sure you have a clear picture of
the current situation (and of any changes that are likely to emerge in
the short and medium term) before moving on to craft a written statement of your policy.
If the budget allows, certainly the first choice would be to ask your group's lawyer to
appropriate and accessible reading level and purge it of 'legalese' and
unnecessary jargon, then pass it by your lawyer once more to ensure
that the meaning has not changed.
As an alternative, however, you can create a privacy
policy for your website with the aid of the Direct Marketing
HTML format, ready to add to your website. (Those outside the United States, in particular, may
want to pass this form-generated draft text to a lawyer, just to check that it meets
all the legal requirements for data protection in your jurisdiction. )
- Make the language as clear and simple as possible. Too many privacy policies are written by in dense legal terms that are beyond the average reading level — or at least will make the average reader's eyes glaze over.
information gathering or sharing that may be carried out, rather than
as a real aid to informed use of the website. If the goal is to