Is your privacy policy visible?

No nonprofit spam logoAs I start to collect people’s contact details for my new email newsletter I realised I might be missing something on my website. I didn’t have a clear, explicit statement about how I’ll protect any personal information I collect.

Anyone giving me their details should be able to easily find some reassurance that when they hand over an email address it won’t end up in the wrong hands.

After this realisation dawned on me, I quickly set about rectifying the omission. After looking at a few examples on websites I have entrusted my own email address to,  I’ve come up with a pithy privacy statement.

This is probably something I could have addressed earlier. People leave their details when they make a comment so I have been storing personal information ever since I set up this blog in 2004. Without deliberately meaning to I’m storing quite a list of email addresses.

Thinking of my own situation made me wonder whether community organisations are explicitly addressing privacy.

The opportunities for collecting personal information are pretty extensive. Opportunities include inquiry forms, donation pages, a membership sign-up process, subscriptions to alerts and newsletters, discussion boards, comments on blogs, online petitions, and social media sites.

As an aside yes, you can collect personal information from a Facebook page or other similar social networking site. According to Richard Best Wellington based lawyer working for the government technology, privacy and other legal concerns do extend to an organisation’s social media presence. His NZ lawyer article from 2008 provides a useful checklist of legal issues

I’ve just run an informal survey of 14 New Zealand commuinty organisation websites I regularly interact with, have recently talked with people from or which have been in the news recently. Six had clear and easy to find privacy policies. On the other eight websites, no sign of a privacy policy. Or perhaps it’s so deeply buried I couldn’t easily find it.

The absence of a policy makes me wary about giving the organisation with my email address and other details. Perhaps the organisations are relying on people trusting them. They are charities after all, and can be counted on to do the right thing.

Sadly, this isn’t always true. Information collected can be used within the organisation itself in ways that the submitter never intended.

Because some organisations repeatedly added people to mailing lists without permission led some in the nptech in the USA to launch the No Nonprofit Spam website. Organisations that repeatedly mis-use personal information collected are named and shamed. As it says:

Your mission is noble, and your intentions are honorable. But if you subscribed us to your organization’s bulk email list without our permission, then you are sending us spam. That is discourteous, unethical, illegal, and ineffective – so please stop.

Being transparent about how you collect and store personal information helps to build trust, and how you use it yourself (ie only sending things people opt into). If after looking for a privacy link in the footer and on legal or site policies page visitors can’t find one, then how could blame from moving on.