Such boilerplate policies should correspondingly evolve due to another recent development, the General Data Protection Regulation (GDPR), which went into effect May 25. This broad European Union regulation covering the collection and use of personal information extends EU privacy regulation to U.S. organizations in significant new ways.
- Remove unnecessary language about using personal data for targeted advertising, and authorizing the sharing and selling of such data without restriction;
- Describe precisely what we do with our users’ data, including the roles of third-party service providers we have integrated into our digital products and services;
- Provide clear, high-level descriptions of our practices directly on our web site, where users must opt-in before providing personal data.
While the GDPR doesn’t really apply to us today, it will become more relevant as we expand globally. Conveniently, this dovetails with Higher Digital’s desire to provide more transparent and precise information to our users about the ways that their personal data will be protected, while also helping us provide quality products and services.
This new regulatory framework essentially requires organizations to implement generally accepted best practices in the protection, use, and availability of personal data – which may seem onerous to some, but most organizations have no reason to panic. However, they do need to evaluate its impacts and take whatever measures seem appropriate. The GDPR is a complicated regulation, with compliance guidelines and enforcement priorities that are still evolving. Watch for my follow-up article providing more general advice on addressing the GDPR – and similar regulations that are pending in California – to institutions we serve and others who face similar challenges.
Paul Hyland is Principal Technical Product Consultant at Higher Digital, and oversees, develops, and maintains its web site, including policy documents. He has drafted, updated, and maintained privacy policies for over 15 years, and consulted with media, nonprofit, and government organizations on privacy and security policies and practices – recently including assessing the impacts of GDPR.