Basic Notice/Disclosure
- Make sure the privacy statement has a link and is easily discoverable from the home page.
- Place the revision date of the statement at the top of the page.
- Provide access to archived versions of the statement, allowing users to see what has changed.
- Use a simple layered and/or short notice designed to help consumers understand the statement.
- Use icons to help consumers navigate privacy statements in conjunction with layered/short notices.
- Write statements for the site’s target audience and demographics. Consider providing multi-lingual versions supporting non-English-speaking site visitors.
Key Compliance Policies
- Compliance with Children’s Online Privacy Protection Act (COPPA) or related regulations.
- Disclose whether the site honors Do Not Track (DNT) browser settings and preferably honor users’ DNT browser settings.
- Provide a summary of the data retention policy, including a specific timeframe and for what reason data is retained.
Protect Privacy and Define Protected Sharing
- Do not share personal data with any third party except to deliver service to the user. Provide a clear statement including details regarding if, what and for what purposes data is shared.
- Require vendor compliance by contract and notify consumers that service providers are prohibited from the use or sharing of their data for any purpose other than providing services on behalf of the site.
- Provide disclosure of cross-device tracking.
- Utilize tag management systems or privacy solutions to manage third-party trackers.
- Disclose whether data will be shared to meet legal obligations and make best efforts to notify consumers if their data is requested by third parties due to legal requirements.