Tuesday, March 1, 2011 - Almanac Vol. 57, No. 24
Website Privacy Statements—More Important Than Ever
Website visitors—including members of the Penn community—who access information and services online are increasingly paying attention to online privacy and security issues. Their concerns are well-founded, since identity theft and other misuses of personal data are not uncommon. Recognizing these concerns, it is important to consider the expectations of website users and post a privacy statement when appropriate.
Guidance on when and where to post website privacy statements, and what to include in them, is available on the Privacy Office website (www.upenn.edu/privacy; click on the box entitled "Website Privacy Statements" on the right hand side). The guidance describes the value of posting privacy statements, as well as the need for caution about what is included in them.
In addition, the guidance includes a link to a template document that provides a starting point in drafting, or improving, a website privacy statement. The template suggests potential topics to cover in the statement, such as:
- what data is collected and why,
- whether cookies are used, and
- what security measures are in place.
The template also provides language that may be appropriate to use for these topics and others, depending upon your particular circumstances.
It is crucial to review your website privacy statement carefully before posting, to confirm that everything in it is accurate. Leave out any statements in which you do not have complete confidence; failure to comply with a posted statement erodes the trust of website visitors. Also, it is important to review your privacy statement periodically, to ensure that it continues to reflect your actual practices.
If you have questions about website privacy statements, or would like to have your draft statement reviewed, write to firstname.lastname@example.org