Desktop version

Home arrow Computer Science arrow Calm Technology. Principles and Patterns for Non-Intrusive Design

GET A PRIVACY POLICY

Think about it . Running an Internet-connected product or service isn’t the same as just providing a physical product to someone . You’re taking and caring for a piece of them at the same time . You’re not just hosting their data—you’re hosting them! It’s a big responsibility. Hosting user data is a privilege, not a right . Privacy policies are regret-management tools . Legislation being put in place will increasingly require these .

People need to be able to read your policy and understand what they can expect by using your product in under a minute . The best way to do this is to separate your privacy policy into two sections: plain English and legalese. Write the policy in English first, then get your lawyer to write it up more formally, as well as helping with the plain-text version Post both on your site or include them with your product

The most basic privacy policy should at the very least answer the following questions:

  • • What data does your product or service collect, and why your product or service need to collect that data?
  • • What will this user data be used for? Why should your users share it?
  • • Where can your users go to permanently delete their accounts and ensure their data is removed from your servers?
  • • Where can users go to download the data that’s been gathered by your product? Users need to be able to migrate if your service closes . It is your privilege to temporarily host user data . It’s their data, not yours. And as a provider of a product, you are in your user’s debt . Your users allow your company or product to exist, and they should be respected . Respect them, and they’ll respect you.
  • • What precautions have you taken to ensure your users’ personal lives will not be affected if your company is hacked?
  • • How do you notify users of updates to your privacy policy? Consider creating a practice of notifying users of any changes to the privacy policy at least 30 days before the new policies are put into place . Show abbreviated changes to the privacy policy and track them so that users can see the differences in the policies
  • • What are you doing to ensure transparency? Use transparency to build trust by telling people what their data will be used for.

This outline is a good start . And it will also bring up questions to your engineering team on how data is stored and protected to begin with

ANTICIPATE AND EXPECT SECURITY BREACHES

Security breaches are organic manifestations, not mechanical ones . They come from two places: people looking for ways to take advantage of or get data and personal information out, or people simply playing with systems to see if they can work around them or break them . A lot of this is done unofficially, not by people with nine-to-five hours, but by people playing in their free time . The best thing to do is to get to know and respect these people. And hire them! Security is a difficult thing to get support for, even with all of the hacks that are currently going on, because investing the money doesn’t net returns . Most companies don’t allocate resources for attacks until they’ve happened . Then they spend a lot of money fixing hacked systems, when the hacks could have been prevented if security principles had been adopted in the early stages of product development .

 
Source
< Prev   CONTENTS   Source   Next >

Related topics