When a person browses the internet, he is constantly providing personal data such as documents, addresses and browsing history. These data are very important for companies and can help to maintain a relationship with the customer, identify habits and behaviors of consumption and interaction , among other things.
However, it is important to keep in mind that personal data are sensitive elements, so they need to be handled responsibly and transparently.
1-Compliance with rules and regulations
In addition to being an ethical issue, there are legal obligations regarding the transparency of data use . The Consumer Defense Code already provides, since 1990, the special treatment of companies on customer information, prohibiting, for example, the transfer of information between companies.
In 2014, with the Marco Civil da Internet , the legislation gained a specific regulation aimed at the virtual world, in which it establishes rights and guarantees for the user, in addition to responsibility rules for organizations .
Thus, it was determined that the information could only be used for purposes that justify its collection and that are not prohibited by law.
The new General Data Protection Law (LGPD) , enacted in 2018, reinforces what was already provided for in the Marco Civil and establishes the Principle of Transparency , which determines that companies provide data subjects with clear, accurate and easily accessible information about the operations and practices carried out with the information.
2-Users’ perception of security
To better understand this factor, just remember some recent instances of security breaches and data leaks. After this type of exposure, the user is much more apprehensive about trusting websites, platforms and apps that do not have an adequate information protection policy.
3-Information leakage prevention
From the moment that companies turn their attention to the creation of terms and conditions of privacy, they also end up generating internal rules that regulate these relationships .
In this sense, if there is a document that determines the rights and duties of each party, it is necessary to take the necessary measures to put it into practice.
In this way, the implementation of the policy ends up reflecting more security in the protocols , confidentiality in contracts and respect for the rights of users, which helps to prevent information leaks.
1-Understand your business model
2-Respect the legislation in your sector
In addition to the Consumer Defense Code and the Marco Civil da Internet, there are other legislations that regulate data collection. In the case of the financial sector, for example, it is necessary to keep an eye on what the Central Bank says. So, don’t forget to check if there are specific standards in your industry .
3-Use simple and accessible language
4-Know your users’ concerns
A good way to determine what information will be used in the policy is to understand users’ key concerns. By knowing your audience well, it’s easier to establish policies and inform them correctly.
5-Collect and save only what is needed
As we have seen, the Marco Civil da Internet establishes that obtaining data that exceeds the need may be considered inappropriate . Therefore, ideally, you should collect and store only the information that will be really useful.
So keep in mind that the more data you have, the more responsibility you have should a security breach occur.
When writing the document, it is important to establish some main points, informing how the data collection and storage of each of them will be. Below, we list the main aspects that need to be included in the document, if they apply to your business.
1-Personally identifiable information
Identification data is not limited to the user’s first and last name . Today, with platforms becoming more connected, there are several important data that need to be treated with care and confidentiality. Among them are:
- identity document;
- personal image;
- IP (internet protocol) number.
Another piece of data that needs attention is the user’s address. This type of information is not only collected by online stores, but also by companies that provide services and need to issue tax documents .
4-Navigation patterns and cookies
Cookies are a kind of browsing history that allow a refinement of advertising suggested to the user. Through them, it is possible to identify interests and offer the public exactly what they are looking for.