However, recent researches reveal that only a few actually read privacy notices. With the average privacy notice taking ten minutes to read (at most 42 minutes), it is no surprise that only 16% of internet users take the time to read them, based on the Internet Society’s Global Internet User Survey. The figure may even be lower in the Philippines where the concept of data privacy is just emerging. This prompted the NPC to compile the following tips on how to effectively craft your privacy notice.

Easy-to-read

Privacy notices should be concise and written in plain language as you write for a diverse audience. A segment of your audience may not be familiar with data privacy. Thus, it is important to communicate the content clearly. To keep notices brief, you may use a layered approach. The privacy notice should be the first, shortest and simplest layer that is intended for consumers. The next layer should be the full privacy policy or the privacy management manual that use standard legalese and has all the details including the technical information. Hyperlink the term in the notice to a definition. Maximize the second layer to fully explain technical terms mentioned in the privacy notice. The notice should be simple, straightforward, direct, affirmative and respectful. Use short sentences, in active voice, which are easier to understand. If you are enumerating several items, use bullet points. Each section of the notice should have an informative heading to accurately describe what follows.

Transparent

To reduce legal risks, privacy commitments in your notices should be aligned with your actual privacy practices. Various resources reveal that while notices should try to avoid using bold statements, they should not also be too generic. Notices should cover both current and prospective privacy practices, which necessitates strategic planning involving everyone in the organization. The key is to conduct factual and legal due diligence. According to the International Association of Privacy Professional, factual due diligence allows you to determine what information your organization uses. The legal due diligence allows you to determine what laws govern the use of that information. Conducting a privacy impact assessment may help you achieve due diligence.

Compelling

Gaining public trust has been considered a barrier to continued growth among public and private organizations offering products and services. Online, consumer spending only accounts for about 1.7% of overall retail revenues due to this barrier, among others. Thus, it is important to maximize the use of privacy notice to increase your trustworthiness among your clients. To make a privacy notice compelling, it should instantly show what is in it for your clients. At the minimum, it should highlight the types of personal information you collect, how you use it, how you protect it, how your clients can access and correct their personal information and how they can contact you. You may use this template to map out and analyze your personal data collection and processing. Lastly, note that studies reveal that “legally mandated or imposed privacy policy statements resulting from regulation are unlikely to significantly reduce consumer reluctance to provide personal information”. The type of information and privacy statement determines consumer willingness to submit information to a greater degree. Hence, it is important to provide a feedback mechanism through which your clients can suggest and comment on your privacy notices.