Home Tags Posts tagged with "privacy policy"

privacy policy

Owning and operating a website today has many new levels of complexity many wouldn’t have considered at all a few years ago. One of these complexities, internet privacy, is a big talking point at the moment, so let’s take a look at a couple of considerations when you’re building your website to be privacy focused.

SSL is a Must

The first jumping off point of any discussion related to website security and privacy is how information is exchanged between your users and your website’s server. If you are collecting any information, particularly personal information, ensuring you have an SSL certificate that is valid for all your domains and subdomains is critical. It’s a huge sign of trust for your users and it’s required for many reasons, least of all because modern browsers are quick to inform users about any websites that aren’t using one.

Don’t Store Data You Don’t Need

Consider every piece of data you choose to store on your users, whether it be via a sign-up form or automatic data logging. Decide how important it is for you to have this information and stop logging or requesting information you don’t need. The less information you have on your users, the less trouble you’re likely to face with privacy issues. A general rule of thumb is to keep as little information as possible on your users.

You Must Have a Privacy Policy

A privacy policy tells users of your product, service, app or website exactly what personal information you collect from them and what you intend to do with it. Your website requires a privacy policy by law (like the GDPR in the European Union) and this law requires that you adhere to it. Because websites are global and anyone can access them, you need to make sure you’re compliant to the best degree possible. Including specific things in your privacy policy is important to cover these bases. At a minimum, your privacy policy should include the following:

  • A thorough list of all the information your website collects from your users, whether they are logged in or not.
  • How you intend to notify visitors to your website of any changes to your privacy policy.
  • A quick how-to for those who would like to access and/or change this information, delete their data, or opt out of any information being stored.
  • Explicitly state the age restriction for accessing and using your website.
  • An explanation on how any information you collect might be shared. Remember to include any third-party payment processors and other trusted third parties in this list too.

Your privacy policy should be easy to find and written in language that can be understood by anyone. If you need a privacy policy, you can use a privacy policy generator as noted here.

Protect the Data You Store

Your website needs to have steps in place to stop data breaches to the best of your ability. If you’re using a commercial CMS or online hosting service, they will do most of the heavy lifting for you and are thus recommended for the less technical minded. If you do host your own web server or platform, making sure that you’re always running the latest version of any web hosting software (like Apache or nginx), database software (like MySQL) and your actual CMS platform is critical. Having a working understanding of how to secure a webserver is also important, and if this is beyond your scope, rather opt for a web hosting company that can take care of this for you.

Use a Third-Party Payment Processor

The easiest way to deal with any privacy issues related to the processing of credit card data is to offload this responsibility onto a third party. While some information will still be sent to the credit card processor, like your user’s details, your website won’t be interacting with, storing or transmitting credit card data, which is a real benefit when it comes to dealing with privacy issues, as this is one of the most sensitive.

The most important consideration when you’re dealing with privacy issues is to be as transparent and open with your users as possible. Let them know each time you’re storing information or what you’re going to do with their information so that they’re never left surprised by anything.

Messaging app WhatsApp has been criticized over privacy policies following a joint investigation by Dutch and Canadian regulators.

Investigators said that when smartphone owners installed the app it asked to access their address books.

They said the problem was that it then transmitted all the contained phone numbers to its servers, and failed to delete those belonging to people who had not signed up to the service.

WhatsApp has not commented on the report at this time.

The Dutch Data Protection Authority has said that it could take punitive action if the Silicon Valley firm behind the product does not change it.

The Office of the Privacy Commissioner of Canada added that it would also continue to monitor the company, but said it did not have the power to issue sanctions despite its belief that the firm was breaking local laws.

Messaging app WhatsApp has been criticized over privacy policies following a joint investigation by Dutch and Canadian regulators

Messaging app WhatsApp has been criticized over privacy policies following a joint investigation by Dutch and Canadian regulators

WhatsApp was launched in 2009 and allows users to send each other text, image, video and audio messages.

It works across Android, iPhone, Blackberry, Windows Phone and Symbian platforms and does not charge a fee per message.

Instead some users pay its developer an annual $0.99 subscription, while others face a one-off cost to download the app. This has helped make it a popular alternative to SMS and MMS message services.

On installation users are asked permission to share their contacts so that the software can identify which of their friends are also on the service.

The regulators noted that only iPhone users running the latest version of Apple’s iOS operating system were given the option of manually adding contacts rather than allowing their address book to be scanned.

They noted that although it was not illegal for the firm to have copied over data belonging to non-users, the problem was that it did not delete the information after running the friend-identification check.

Instead, the investigators said, the data was kept in a hashed form – in other words the telephone numbers were transformed into a short code and stored.

“This practice contravenes Canadian and Dutch privacy law, which holds that information may only be retained for so long as it is required for the fulfillment of an identified purpose,” said the regulators.

The agencies added that the app’s developer had taken steps to address some of their other concerns.

These included the introduction of encryption to prevent third-parties eavesdropping on messages sent via unprotected Wi-Fi networks, and the adoption of a stronger authentication process to make it harder for scammers to hack accounts in order to send messages from them.