|One Step Ahead
September 25, 2007, Volume 54, No. 5
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Website Privacy Statements
Website visitors—including members of the Penn community—who access information and services online are increasingly paying attention to online privacy and security issues. Their concerns are well-founded, since identity theft and other misuses of personal data are not uncommon in today’s wired world. Recognizing these rising concerns, it is important to consider the expectations of website users and post a privacy statement when appropriate.
New guidance on when and where to post website privacy statements, and what to include in them, is available on the Privacy Office website (www.upenn.edu/privacy; click under “What’s New.”). The guidance describes the value of posting privacy statements, as well as the need for caution about what is included in them.
In addition, the new guidance includes a link to a template document that provides a starting point in drafting, or improving, a website privacy statement. The template suggests potential topics to cover in the statement, such as:
• what data is collected and why,
• whether cookies are used, and
• what security measures are in place.
The template also provides language that may be appropriate to use for these topics and others, depending upon your particular circumstances.
It is crucial to review your draft website privacy statement before posting, to confirm that everything in it is accurate. Leave out any statements in which you do not have complete confidence. Failure to comply with a posted statement erodes the trust of website visitors and can potentially create liability for the University.
If you have questions about website privacy statements, or would like to have your draft statement reviewed, write to email@example.com.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.