Posted by Lisa Thompson

If you’re a typical nonprofit, you probably collect a significant amount of sensitive information from your users—even if it’s simply the IP addresses gathered by your site statistics package. And after last year’s Target debacle and frightening data breach, millions of users are more skittish than ever about providing personal information to both businesses and organizations. Suddenly information that users have considered private and protected seems all too vulnerable.

In this age of data-driven marketing, it’s more important than ever to position yourself as a safe and trusted organization. Your privacy policy can no longer be an afterthought—it needs to be a prominent feature on your website and written in words that the average user can understand without hiring a lawyer.

First, let’s talk about why this is so important.

It shows that you’re transparent and trustworthy. If a visitor or supporter wants to know the details of your policies, it should be available and easy to find on your website. Even the users who don’t want to read your whole privacy policy in its entirety will take comfort in the fact that you actually have one and are willing to share it online.

It helps you plan ahead. A well thought out policy will help your visitors know what to expect, yes.  But it will also help you think through what information you routinely collect and how you plan to keep that data safe. Planning ahead can help you avoid difficult situations down the road.

It provides basic legal protection. Hopefully this will be a nonissue for your organization, but if you ever end up in a dispute involving your website, the fact that you have a privacy policy displayed on your site will work in your favor (assuming that you have actually adhered to the standards in your policy).

Now let’s address the “how” question.

Here are some best practices and general guidelines for how to develop and publish a privacy policy that actually matters to your visitors.

And finally, what you need to include.

Once you determine specifically what information you will collect—email, cookies, subscription information, credit card, login, gender, age, etc.—and you state your legitimate reason for collecting this info, you need to identify what you will do with it.

Here are some things to be sure to include in your policy.

One key thing to remember in regards to privacy: Do not ask your visitors for intrusive or sensitive personal information unless it’s absolutely necessary. Internet users are getting savvier and more reluctant to provide sensitive information if they don’t understand the need for it. Whatever information you need to collect, be clear as to why and include how you will protect the data.