Every time the subject of updating the privacy policy comes around, I try to find a quick hiding spot. As director of customer care, I was assigned the role of privacy advocate more than a year ago. I am one of 11 departmental advocates, and I also contribute to our privacy oversight committee that supports the chief privacy officer.

As part of customer service, I have the opportunity to have direct conversations with our readers and subscribers regularly. Our readers are passionate, smart, and vocal. As such, it’s important to use plain and clear language when redacting any documentation that will pertain to readers’ personal information.

As we stand now, privacy policies amongst media publishers have similarities but none follow a particular architecture.

With the objective of creating a privacy policy framework in mind, we reviewed five publishers and looked at their respective privacy policies in detail. We reviewed The Globe and Mail (updated December 2014), The Guardian (updated February 2015), the New York Times (updated December 2014), Fairfax Media (updated February 2014), and the South China Morning Post (last update unknown).

Based on the above mentioned publishers, here’s a solid construction plan media organisations can use to create a privacy policy from.

Privacy policy (further abbreviated here as PP)

  1. HEADER
    1. Last update (date).
    2. Jurisdiction covered (country).
    3. Publications covered under this policy (name them all).

  2. EXECUTIVE SUMMARY
    1. General information about guiding principles.
    2. What’s included in the PP (table of contents/hyperlinked).

  3. MAIN BODY

I have observed different styles that worked well. You can formulate a question or make a statement. Below shows the topic to be covered – style it as you wish! Each of the following can be multiple paragraphs or even pages. Check out the PPs of the publishers we reviewed for inspiration. Below each section you can see a list of potential examples to consider addressing, depending of your situation.

  1. The reason we collect personal information (why?).
    1. To manage and administer your account/subscription.
    2. To deliver the newspaper.
    3. To better understand our audiences.
    4. To provide personalised products and services.
    5. To monitor the use of our products and make improvements.
    6. To sell advertising space on the Web site.
    7. To offer select e-mail newsletters or unique offers.
    8. If permitted, to market services to readers.

  2. The personal information we collect about you (which information?).
    1. Name, address, postal code/ZIP code, phone number, subscribed product.
    2. Vacation starts/stops, credit card information, purchase history, service types.
    3. Web browsing information including IP address; articles read, clicked, and so on.
    4. Supplementary information like date of birth, income, etc.
    5. Social media identifiers.

  3. The ways the information is collected (when and how?).
    1. Cookies (what are cookies and what do they store?).
    2. OBA (what can be collected and how).
    3. Time of subscription.
    4. When making comments on the Web site.
    5. Etc.

  4. What we do with the information collected or how the information is used.
    1. Data mining.
    2. Personalising your experience.
    3. Offering relevant advertising.

  5. With whom the information is shared.
    1. Carriers and agents.
    2. Advertisers.
    3. Third-party service providers like an replica service or data mining service.

  6. The safeguards and protection in place (how do we protect?).
    1. Explain your IT security infrastructure.
    2. Explain your contractual provisions.

  7. Updating and controlling your personal information.
    1. Accessing your “profile” (if one exists).
    2. Unsubscribing to e-mails.
    3. Using the AdChoices tools for OBA (if it exists).
    4. Disabling cookies.

  8. What is not covered.
    1. Aggregate data.
    2. Not personally identifiable information like computer type and browsers.
    3. Personal information for editorial purposes.

  9. Contact us information
    1. E-mail address/phone number/physical address of chief privacy officer.

  10. Log book of changes to the privacy policy.
    1. A quick summary of the changes over time.

  11. Seals of approval if any.
    1. The New York Times showed the Truste Certified Privacy seal.
    2. The Guardian had the “Crystal Mark” for Plain English Campaign seal.

Et voilà! The perfect media organisation privacy policy.

An explanatory video: a welcome addition

The collection and use of data is a complex and lengthy subject. A long privacy policy is almost impossible to avoid, but the power of storytelling on video can be amazing. The Guardian did a two-minute video reviewing its privacy policy and explaining data collection. It is simply outstanding.

Privacy policies and transparency principles are core to a successful business model. Why wait?