This Q&A; was originally posted in the ThinData Email Strategies newsletter:

As a National media firm, we have several different online initiatives and each has its own privacy requirements and related policies. We want to make sure that our privacy policy is strong from a marketing perspective as well as compliant from a legal perspective. Can you provide any recommendations – particularly since we plan to dramatically increase our focus on email?

Here is my answer:

You are wise to make your privacy policy marketing-friendly in addition to legally sound. Here are a few guidelines:

The Message. From a marketing perspective, your privacy policy should convey the messages that you:

– Are genuinely respectful of private information;
– Have processes in-place to protect private information; and
– Welcome inquiries about your privacy policies and procedures.

The Content. To convey these messages, at a minimum, answer the following:

– What private information you will track and collect
– How you will collect private information
– How you will use the private information you collect
– Whether you will share with, or sell private information to, anyone
– How you will store private information
– How and when you will update private information
– Who can be contacted if there are questions or concerns about how private information is being used

You should also include:

– Instructions for how to opt-out of email/subscriptions
– The date your privacy policy was last updated
– How people will be updated when privacy policies are changed

The Language. Make your policy clear and concise. If your policy is convoluted, you can inadvertently send the message that you are hiding something.

Other Sources. Make sure your online marketing privacy practices and initiatives reflect the rules set out in PIPEDA. Download The Marketer’s PIPEDA Checklists