But after all, how to prepare this document and what information cannot be missing? Solids explains everything about the subject in this post. Check out!
When a person browses the internet, he is constantly providing personal data such as documents, addresses and browsing history. These data are very important for companies and can help to maintain a relationship with the customer, identify habits and behaviors of consumption and interaction , among other things.
However, it is important to keep in mind that personal data are sensitive elements, so they need to be handled responsibly and transparently.
Compliance with rules and regulations
In addition to being an ethical issue, there are legal obligations regarding the transparency of data use . The Consumer Defense Code already provides, since 1990, the special treatment of companies on customer information, prohibiting, for example, the transfer of information between companies.
In 2014, with the Marco Civil da Internet , the legislation gained a specific regulation aimed at the virtual world, in which it establishes rights and guarantees for the user, in addition to responsibility rules for organizations .
Thus, it was determined that the information could only be used for purposes that justify its collection and that are not prohibited by law.
The new General Data Protection Law (LGPD) , enacted in 2018, reinforces what was already provided for in the Marco Civil and establishes the Principle of Transparency , which determines that companies provide data subjects with clear, accurate and easily accessible information about the operations and practices carried out with the information.
Users’ perception of security
To better understand this factor, just remember some recent instances of security breaches and data leaks. After this type of exposure, the user is much more apprehensive about trusting websites, platforms and apps that do not have an adequate information protection policy.
Information leakage prevention
From the moment that companies turn their attention to the creation of terms and conditions of privacy, they also end up generating internal rules that regulate these relationships .
In this sense, if there is a document that determines the rights and duties of each party, it is necessary to take the necessary measures to put it into practice.
In this way, the implementation of the policy ends up reflecting more security in the protocols , confidentiality in contracts and respect for the rights of users, which helps to prevent information leaks.
Understand your business model
Respect the legislation in your sector
Use simple and accessible language
Know your users’ concerns
A good way to determine what information will be used in the policy is to understand users’ key concerns. By knowing your audience well, it’s easier to establish policies and inform them correctly.
Collect and save only what is needed
As we have seen, the Marco Civil da Internet establishes that obtaining data that exceeds the need may be considered inappropriate . Therefore, ideally, you should collect and store only the information that will be really useful.
So keep in mind that the more data you have, the more responsibility you have should a security breach occur.
When writing the document, it is important to establish some main points, informing how the data collection and storage of each of them will be. Below, we list the main aspects that need to be included in the document, if they apply to your business.
Personally identifiable information
- identity document;
- personal image;
- IP (internet protocol) number.
Another piece of data that needs attention is the user’s address. This type of information is not only collected by online stores, but also by companies that provide services and need to issue tax documents .
Navigation patterns and cookies
Cookies are a kind of browsing history that allow a refinement of advertising suggested to the user. Through them, it is possible to identify interests and offer the public exactly what they are looking for.
As we have seen, the LGPD came to reinforce the Marco Civil information and established as a norm that companies should provide information on the use of collected and stored data .
Implementing the LGPD is extremely important for companies that rely on websites, applications and social networks. The deadline for regularization was January 2021, however, the penalties for those who do not comply with the new law will start to apply from August .
In this context, think of all the information collected from candidates during a recruitment and selection process or the amount of information the department has about the company’s employees, for example.