Personal Data Privacy and the Internet - A Guide for Data Users

Openness of the organisation's personal data privacy policy

DPP5 provides for openness by organisations about their policies and practices in relation to personal data, the kinds of personal data they hold and the main purposes for which personal data are used. This requirement can be complied with by preparing a privacy policy statement which sets out these matters. Organisations with web sites should have their privacy policy statements either accessible or downloadable by their web users.

Make the privacy policy statement easy to access.

=>Make the privacy policy statement easy to access. One possible method is to set up the privacy policy statement as a linked page accessible from the home page or other pages where personal data are collected, e.g. a registration page where registration is required for access or a customer agreement page. The link could be done with text such as "Your Privacy" or a button with similar wording.

=>State the privacy policy clearly. The privacy policy statement should inform web users of the kinds of personal data held by the organisation and the main purposes for which the personal data are or are to be used. In addition, it should give information about other matters relating to the privacy of personal data, such as, the use, if any, of "cookies" files by the organisation to track its visitors, the organisation's policy on "spamming", and its security and retention policies in respect of personal data.

=>Be a privacy-aware organisation. Organisations with web sites should keep abreast of developments in privacy compliance schemes and standards by international bodies such as the Electronic Frontier Foundation (EFF)(http://www.eff.org) or the World Wide Web Consortium (W3C)(http://www.w3.org). Consider participation in these and other similar initiatives. With increasing concern about privacy issues by Internet users, organisations who are not "privacy-compliant" may be at a competitive disadvantage.