Donate
‹ Back
Privacy 16 April 2019

Best Practices: Privacy

Basic Notice/Disclosure

  • Make sure the privacy statement has a link and is easily discoverable from the home page.
  • Place the revision date of the statement at the top of the page.
  • Provide access to archived versions of the statement, allowing users to see what has changed.
  • Use a simple layered and/or short notice designed to help consumers understand the statement.
  • Use icons to help consumers navigate privacy statements in conjunction with layered/short notices.
  • Write statements for the site’s target audience and demographics. Consider providing multi-lingual versions supporting non-English-speaking site visitors.

Key Compliance Policies

  • Compliance with Children’s Online Privacy Protection Act (COPPA) or related regulations.
  • Disclose whether the site honors Do Not Track (DNT) browser settings and preferably honor users’ DNT browser settings.
  • Provide a summary of the data retention policy, including a specific timeframe and for what reason data is retained.

Protect Privacy and Define Protected Sharing

  • Do not share personal data with any third party except to deliver service to the user. Provide a clear statement including details regarding if, what and for what purposes data is shared.
  • Require vendor compliance by contract and notify consumers that service providers are prohibited from the use or sharing of their data for any purpose other than providing services on behalf of the site.
  • Provide disclosure of cross-device tracking.
  • Utilize tag management systems or privacy solutions to manage third-party trackers.
  • Disclose whether data will be shared to meet legal obligations and make best efforts to notify consumers if their data is requested by third parties due to legal requirements.

‹ Back

Related articles

2015 Online Trust Audit and Honor Roll
Building Trust1 October 2017

2015 Online Trust Audit and Honor Roll

The 2015 Online Trust Audit includes a composite analysis focusing on three major categories; a company’s data protection, security and...

2017 Online Trust Audit and Honor Roll
Building Trust20 June 2017

2017 Online Trust Audit and Honor Roll

The 2017 Online Trust Audit is the 9th year OTA will be conducting an independent analysis and benchmark report of...

2016 Honor Roll Methodology
Building Trust15 June 2016

2016 Honor Roll Methodology

The 2016 Online Trust Audit has evolved over the past 8 years and includes a composite analysis focusing on three...

Join the conversation with Internet Society members around the world