Help Me Help You (Create or Improve Your Website Privacy Policy)
Raise your hand if you have a privacy policy that you think is awesome. Seriously? Cool. Send me a link?
For the rest of us, it’s time to lead by example and create privacy policies that have meaning, can (and will) be enforced and are written in a way that the average person can read and understand.
I know. I know. Privacy Policies have been around for years now – and many of us have drafted them, reviewed them or advised others to have them. When I launched the Security Catalyst Website, we created a privacy policy and posted it. You can see it here: http://www.securitycatalyst.com/privacy/
Now, before you point out all the things wrong with it our current privacy policy. I know. And that’s why I am sharing this post with you. When we helped launch the Catalyst Community (which is an effort that is far bigger than our humble efforts), it was pointed out that we lacked a clear and easy to locate privacy policy. Mea Culpa. And that’s when I read what we have on the site today. It’s simply not good enough.
Now, I could have simply taken some time and re-written it; but it seemed to make more sense to take a project-based approach to rewriting the privacy policy so that it will be easier in the future. Then I decided that if I make this more of a community project (probably one in which I do the bulk of the work) and release my work in a way that others can benefit, then, well, I’m leading by example, right? I know when it’s time to put my money where my mouth is.
So, a project is born. I know, I know. How many projects can I seem to take on at once? I figure I’ll stretch this out over the month of February (unless I catch a run where I have more energy or time than expected, or if I get some help).
Here is the process I intend to follow (currently)
1. Review privacy policies of websites – specifically looking for what I consider to be good examples.
2. Construct a mind map of the important elements that must be included, as well as additional elements or considerations to create effective and successful privacy policies.
Aside: learn more about the power of mind-mapping here: http://en.wikipedia.org/wiki/Mind_map
3. Use the mind map to develop a basic template of required elements, as well as optional or suggested elements in either Pages (mac) and/or Word (mac/pc). I tend to favor creating things in Pages, but we all know the end result will be in a universal (or nearly universal) format.
*** This is an area I welcome some help. Once the elements are all sorted, if you have good MS Word-Fu and can help me build a highly effective (and snazzy) template, that would be rockin. Send me your interest and proof of word-fu to securitycatalyst@gmail.com
4. Use the template to construct a privacy policy for securitycatalyst.com and perhaps another one for the catalyst community (if needed). This will allow me/us to test the template. Once this is completed, I will circulate the policy and the template for review.
5. I will prepare a package for step-by-step privacy policy creation.
Expected completion: March 2007 (hey, I’m trying to be reasonable)
What do I envision as an end result?
1. Once this project is completed, I will review the steps I took to develop the privacy policy and create a podcast. We’ll review, step-by-step, how the templates were created and how you can use them to create your own privacy policy.
Basically, if I do this right, I will be able to distill my research and effort into 45 minutes or less for someone else to create a privacy policy.
2. I will make copies of the supporting elements: mind maps, outlines and templates available under a Creative Commons license so you can use it for your websites, communities and in your organizations.
3. We can then support others through the Catalyst Community Forums (and I hope that you consider joining and helping).
So, How can you help me?
1. Well, I’m interested in websites that you think have excellent privacy policies. Send me the link, please, so I can review it in my efforts.
2. If you have been through this process and want to share some ideas, I’m open to collaboration and will happily give credit where credit is due.
3. If you have the time to contribute to this effort, send me an email and we can discuss what I need and how you can help.
Or if something else is on your mind, hit me with your best email: securitycatalyst@gmail.com
Cheers, and thanks!
PS: This is going to be an example how I intend to grow the Security Catalyst to provide more direct benefits to professionals and organizations that want to improve the way they think about and practice information security. If I do a good job, I’d appreciate a little link love, some credit and some help growing and improving the security catalyst podcast, blog and community.
Michael Santarcangelo
Your Security Catalyst
securitycatalyst@gmail.com
If you enjoyed this post, make sure you subscribe to my RSS feed!
Posted in Information Protection |
Print this post
|
Permalink
