1. WHAT is being collected?
A good policy should be able to specify exactly what data they gather such as your name, address, SSN, IP address, etc. If you don’t believe this information is necessary for the business you’re doing with that company, consider the next tip.
2. WHY are they collecting my private information?
The purpose of why they need the data they are collecting should be spelled out clearly.
3. HOW are they protecting my personal data?
A good policy should be able to list out how they protect your information and demonstrate widely accepted standards used to do so, such as GDPR and COPPA (that requires parents to provide consent to share data for children under 13).
4. WHO else might receive my information?
Some companies may share your data with third parties as part of their service offerings, to improve products through data analytics, if legal authorities request it, to name a few reasons.
5. WHEN will they share this information?
If a company is party to a merger or acquisition or is subject to bankruptcy, your information may be considered an asset. You need to know if you’re agreeing to your information being shared under these circumstances.
Some immediate red flags to look for:
The Kuma Difference
Kuma brings decades of experience in helping online businesses develop data minimization and privacy policies and implementing a privacy program that meets business requirements and regulatory demands. Kuma takes the time to understand the business objectives and works with the organization’s various teams to develop and implement policies and solutions that provide a balanced approach to privacy and user delight.