Providing individuals with information about how you or your organisation propose to use the information they provide has been a requirement of the data protection & privacy legislation for many years.
However a recent initiative by the Global Privacy Enforcement Network (GPEN) indicates that many privacy policies, whether from an ‘off the shelf’ template or individually crafted are neither necessarily adequate nor compliant.
The international initiative included 24 data protection regulators from around the world and was led by the UK regulator, the Information Commissioners Office (ICO).
Fuller findings can be found on the ICO website, but here are the main bullet points of the findings in so far as the 30 UK websites checked are concerned:-
- 86% of sites failed to specify how and where information would be stored.
- 86% did not explain adequately whether they shared data with third parties and who that data would be shared with.
- 79% provided no information to users about how they could request deletion or removal of their personal data.
What Information must be supplied?
Well, before the what, it’s important to understand how.
- Concise, transparent, intelligible and easily accessible
- written in clear and plain language, especially if addressed to a child
- free of charge