Does Your Nonprofit Website Need a Privacy Policy?

Lori Halley 11 February 2008 4 comments

If your organization collects information from the users of your website — and the odds are that it does, if little more than the IP addresses scooped up by your site statistics package — have you posted a site privacy policy? Should you do so?

In the service of those web users who are increasingly concerned with issues of data protection, a clear and simple nonprofit privacy policy posted on your organization's website can go a long way to building trust.

Who Cares about Protecting Personal Data?

A new study from the Pew Internet and American Life Project — "Digital Footprints: Online Identity Management and Search in the Age of Transparency" (December 2007) — reports that a staggering 60% of internet users are "not worried" about how much of their personal information is available online, and feel no need to limit it. In fact, most internet users are not sure exactly what personal information is available online, which may account for the apparent widespread lack of concern about "digital footprints" left behind on the web.

Yet, the same study found that 19% of adult internet users have searched online for information about co-workers, professional colleagues or business competitors; 11% have "googled" someone they are thinking about hiring or working with; and 9% have used the internet to check out their partners in romance.

This isn't the first research to identify a "disconnect" between what web users say is important and the way we actually behave when on the internet. It's been widely attributed to a lack of consumer education to create an understanding of the issue — consumers may believe that privacy protection is desirable, but may not be fully prepared to sacrifice convenience for caution when dealing with "trusted" sites online.

Whatever the cause of the disparity, the number of adult internet users who are concerned about privacy issues is significant, and it's a number that seems to be growing. 

In a survey of the adult online population, conducted by the Customer Respect Group in February 2004, one in six respondents said that their primary reason for choosing to abandon a website was because they were not comfortable with the company's privacy policy or with the transparency of its business practices. 

Eurobarometer survey data, released in conjunction with Data Protection Day in the European Union, January 2008,  indicated that almost 75% of respondents were worried about leaving their personal information on the Internet. Although EU privacy standards are notably strict, the Commission that oversees data protection in the EU is currently debating even stronger measures. Meanwhile, leading American corporations such as Microsoft, Proctor & Gamble, Hewlett Packard and others are voluntarily adopting the stricter European standards for privacy protection in their own operations.

Online privacy issues, clearly, are not simply going to fade away.

Given the obvious importance of the issue to online business, it follows that privacy protection cannot be overlooked by nonprofit organizations that rely on reputation and relationships in order to raise funds, to build membership, to spread the word about their activities, or to carry out other basic functions of their missions.

How to Create a Nonprofit Privacy Policy

The first step is to know what your organization's data collection practices are:

  •      What personal information do we collect?
  •      How do we collect it?
  •      Why?
  •      How is the information used?
  •      Who has access to the information?
  •      Do we share the information we collect?
  •      If so, with whom and under what conditions?
  •      How long do we keep the information?

Hammering out those details may call for a meeting between board members, website administrators, marketing people, and volunteer coordinators — or, in a smaller organization, it may be as simple as a conversation among a few colleagues. Whichever is the case, do be sure you have a clear picture of the current situation (and of any changes that are likely to emerge in the short and medium term)  before moving on to craft a written statement of your policy.

If the budget allows, certainly the first choice would be to ask your group's lawyer to draft a privacy policy for your website. Check the text for an appropriate and accessible reading level and purge it of 'legalese' and unnecessary jargon, then pass it by your lawyer once more to ensure that the meaning has not changed.

As an alternative, however, you can create a privacy policy for your website with the aid of the Direct Marketing Association's Privacy Policy Generator.  Fill in your association's name and mailing address, and tick off the appropriate check boxes in the online form. The Privacy Policy Generator will deliver your customized privacy policy in plain text or HTML format, ready to add to your website. (Those outside the United States, in particular, may want to pass this form-generated draft text to a lawyer, just to check that it meets all the legal requirements for data protection in your jurisdiction. )

Tips for a User-Friendly Nonprofit Privacy Policy

  • Make the language as clear and simple as possible. Too many privacy policies are written by in dense legal terms that are beyond the average reading level — or at least will make the average reader's eyes glaze over.
  • Make the privacy policy complete. In simple terms, lay out exactly what information is collected, how, and for what purpose.  Be prepared to revise the policy if your practices change — and decide how to handle any information that has already been collected, if your information-sharing practices, for example, do change. (In fact, a statement of this might be a very useful addition to your privacy policy!)
  • Keep the door open. If you plan to use your visitors' information for marketing purposes or even just to send out an occasional simple update, do make that intention clear in your  privacy policy. Provide an opt-out option (or several) on the site itself, within the privacy policy, and as a link in every email message. This is especially critical if your organization shares or plans to share information with other organizations or companies.
  • Link to your privacy policy in a very visible way, perhaps in the footer of each page, so readers won't have to hunt for it.  A percentage of people may never read the "fine print," but the truly user-centred website will make every reasonable effort to display the privacy policy where it will be noticed.
Sometimes a nonprofit privacy policy may serve as no more than a disclaimer for information gathering or sharing that may be carried out, rather than as a real aid to informed use of the website. If the goal is to establish a climate of trust with your website users, however, your privacy policy will be designed first and foremost with the best interests of website visitors in mind. 

Get a Special Report on Simplifying Membership Management

Enter your email and receive this special report in your inbox.
Lori Halley [Engaging Apricot] Lori Halley [Engaging Apricot]

Posted by Lori Halley [Engaging Apricot]

Published Monday, 11 February 2008 at 11:59 PM

Get a Special Report on Simplifying Membership Management

Enter your email and receive this special report in your inbox.

Comments

  • L. Mitchell said:

    Tuesday, 12 February 2008 at 9:06 AM

    TRUSTe also has good information about privacy practices. On its home page, you can find links to its Privacy Policy Whitepaper and its Model Privacy Disclosures. http://www.truste.org/.

  • Lori Halley [Engaging Apricot] Lori Halley [Engaging Apricot]

    Lori Halley [Engaging Apricot] said:

    Thursday, 21 February 2008 at 7:13 AM

    Thanks for your note about TRUSTe, L. Mitchell -- that's a helpful resource. And you've reminded me that for Canadians, in particular, the federal Office of the Privacy Commissioner (http://www.privcom.gc.ca) is another good resource.

  • gail said:

    Monday, 13 April 2009 at 10:25 AM

    As I started the task of creating a privacy policy for our new wild apricot powered site I discovered that there are some questions or issues I did not know how to address. The subject of cookies is one I am unfamiliar with (except a general understanding of how they work).  I do not know if wild apricot powered sites leave cookies or if they can be enabled to do so.

    I also wonder if we use pay pal to process transactions do we have to have a policy about online purchases or is that Pay Pals issue?

  • Lori Halley [Engaging Apricot] Lori Halley [Engaging Apricot]

    Lori Halley [Engaging Apricot] said:

    Tuesday, 14 April 2009 at 4:00 PM

    Hi Gail. Glad to hear you're tackling the task of creating a privacy policy! It's not always an easy job, but website users have a right to this information and are increasingly looking for a privacy policy, so it's an important feature.

    For issues directly related to the website software, you can drop an email to Wild Apricot support with your questions: they'll get you sorted out there.  

    As for the online purchases, I think there are basically two ways you can go. One is to include the privacy details for online payments in your own privacy policy; and the other way would be to add a link to PayPal's policy so your site users can read the details themselves. Either way that you decide to go, do remember your goal is to be upfront with your website users about what information is gathered and how it will be used - so it's good to make it as simple and readable as you can, as far as that is consistent with making it complete.

Sorry, this blog post is closed for further comments.

Search: WildApricot.com 

About results ( seconds) Sort by: 
Sorry, an error occured when performing search.