The Benefits of Creating a Privacy Policy

Over the past twenty years, many organizations have collected data from their users and customers often with the intention of mining that data for every useful nugget of information.  However, most organizations did not consider that there were risks involved with collecting this data should it end up in an attackers hands.  The recently enacted European Union (EU), General Data Protection Regulation (GDPR) forced the industry to take data privacy seriously and  triggered other governments to create their own data privacy laws.   The State of California recently passed the California Consumer Privacy Act which will become effective in 2020, and more legislation is  certainly to follow. 

Whether you need to be  GDPR compliant or not,  creating a privacy policy to identify risk and define robust data collection and storage practices is critical in this age of data mining.  Establishing a privacy policy will ensure you meet future compliance mandates and reassure users and customers that you are serious about the privacy of their data.

Attributes of an effective privacy policy include:

  1.  Description of what data is collected
  2.  Description of how the data is collected
  3.  Informing the user if the data will be shared 
  4.  Stating that the data will be disclosed if compelled by the law
  5.  Allowing the users to verify, correct, and remove their data
  6.  Provide the users a way to opt out of future communication
  7.  Communicate that changes may be made to the privacy policy in the future and how these changes will be shared with the users.

Privacy in Software Development - Building Privacy In.

Since applications are often the choice target for hackers, creating a privacy policy that includes data collection and storage guidelines helps software development “build privacy in” . Developers and testers are often not subject matter experts in regards to the data that they work with, so they may be unaware of the sensitivity of the data.  This could lead to sensitive data being copied to multiple locations or shared with other organizations without regard to current or future privacy laws.  By creating a privacy policy and documenting the data lifecycle and how the data flows through an application and an organization, the development team can ensure that privacy laws are being followed and lowering risk to the organization.

Learn more about Creating an Effective Privacy Policy in our next Webinar on Feb. 12:

  New call-to-action






Get the Newsletter

Every two weeks we'll send you our latest articles along with usable insights into the state of software security.

Posts by Topic

View Full Topic List