Developing effective privacy policies

Overton Bernard with surveying equipmentPrivacy is a hot topic this year, perhaps even more so than last year. The Protection of Personal Information Bill is slowly making its way through Parliament and will, when it is finally passed and signed into law, have quite a profound effect on our privacy law as well as how privacy and personal information is perceived by the general public and Business. The anticipated Act will be the first coherent piece of privacy law, certainly in a post-Constitution South Africa and will give the right to privacy much needed substance.

I’ve written about privacy a number of times in the past and about the central issues and considerations when it comes to developing a sound approach to personal information. The Protection of Personal Information Bill will, when passed, require structures, policies and procedures to be established within organisations to ensure and monitor compliance with the Act. This process takes some time given that an organisation typically collects and processes personal information both internally and externally and must have policies in place to address both.

Privacy and personal information protection is rapidly becoming an urgent theme for organisations who have laboured under the misapprehension that, prior to this Bill, South Africa has lacked a body of privacy law and those organisations could act with impunity when it comes to how they approach personal information. It feels a little like financial institutions’ rush to sign up as many credit card customers as they could before the National Credit Act went into force a few years ago. What many of these organisations (and, regrettably, some of my colleagues) forget is that both our Interim and Final Constitutions have privacy rights entrenched by their respective Bills of Rights and our courts have developed a body of privacy law at common law which is reinforced by the Protection of Personal Information Bill.

In any event, the sooner organisations develop effective privacy policies the better. It is helpful to consider current best practices and draw on these examples when framing privacy policies. One company which has an appealing approach to its privacy policy is the location service, Foursquare, which not only has a very accessible privacy policy but has also compiled a handy guide to privacy and personal information in the context of its service. Foursquare’s approach to privacy is remarkable because of the lengths the company goes to educate its users about the privacy implications of using its service. Foursquare’s efforts include:

These documents are presented in plain language and the emphasis is on accessibility by non-lawyers (in other words, a minimum amount of jargon) and transparency about Foursquare’s practices and how it collects and processes your personal information. This approach is essential because for users to give their informed consent to have their personal information collected and processed, they must understand exactly what that entails and be put in a position where they can make an informed decision whether to use that service.

Published by Paul Jacobson

Enthusiast, writer, Happiness Engineer at @automattic. I take photos too. Passionate about my wife, Gina and #proudDad.

%d bloggers like this: