Web Writing That Works!

           A Project of
           The Communication Circle

Guidelines Rants Patterns Poems Services Classes Press Blog Resources About Us Site Map

HomePatterns > How to write a privacy policy > Write a privacy policy that people can understand



Avoid the "We-we's"

Stop boasting

Don't pontificate.

Lead up to the jargon, or ax it.

Phrase the policy as a FAQ

Write a privacy policy that people can understand

Unfortunately, most privacy policies are written by lawyers, with headlines inserted by marketing veeps. The tone is schizophrenic. The big type says, "We would never tell," and the fine print inserts exceptions, excuses, and bland generalities that leave anyone wondering, "Are they sincere?"

Avoid the "We-we's"

We do this, we do that, but what about you, the user?

"We use advanced technology and well-defined employee practices to help ensure that customer data is processed promptly, accurately and completely," says American Express.

Thank goodness.

American Express feels much better now, but I don't.

Those employee practices, in particular, give me an eerie feeling that something isn't being told; for instance, why aren't those practices actually spelled out here, if they are so well defined. And what difference do they actually make to me?

Related article

Privacy policy, a chapter from Hot Text, Web Writing that Works (PDF, 255K, or about 5 minutes at 56K)

Stop boasting

Politically, you may have a hard time getting rid of bogus phrases like:

  • "Our policy is simple."
  • "The security of your personal information is of the utmost importance to us."
  • "We are in the forefront of the critical issue of privacy."

But make the effort.

 A ten-page legal document is not simple.

Making money is probably more important than privacy.

So don't make bogus claims, or you vitiate the whole purpose of the policy, which is to build trust.

Don't pontificate.

Guests don't think of you as a philosophy professor, so edit the heck out of the boss's reflections on subjects like "consistent service quality."

In fact, try not to sound like the boss.

The managerial perspective seems alien to most customers, even when couched in "you" phrases.

Take this sentence describing one of the "key values" of Bank One's privacy policy:

Information must be shared to fulfill your requests, deliver products and services, administer and update accounts, reduce fraud and other risks, and to comply with laws and regulations.

True, but here we are looking at things with the eyes of an Information Technology Officer, or CIO, not a consumer.

Also, watch out for grandiose phrases reflecting

  • Defensiveness (why we are forced to collect information about you)
  • Self-pity (the darn law makes us tell you these things)
  • Managerial duplicity (we reserve the right to sell your information anytime we feel like it, but we can't admit that).

Lying, of course, is the biggest stylistic problem in privacy policies, and one reason so many people distrust these otherwise bland and boring documents.

As a mere writer, of course, you can only do so much to force your organization to be honest with consumers. But give it a shot.

And if you get a lot of jive talk back, maybe you should pull out your resume for a little update.

Lead up to the jargon, or ax it.

Too often the authors of privacy policies assume that the reader knows acronyms like SSL, understands the subtle differences between internal and external sharing and selling, and enjoys hearing about encryption standards.

Using industry or in-house jargon without explanation simply makes readers suspect that you are trying to pull the wool over their eyes.

Sure, you may have to talk about your security precautions, but walk people through these safeguards in plain English before you mention IP addresses. Remember, a lot of people still think cookies are a great snack.

Phrase the policy as a FAQ

People are used to this organization on the Web, and it breaks the information up into digestible chunks, in the give and take of a virtual conversation. Answer questions like these:

  • Why do you want to know my name and e-mail address?
  • Why do you want to know my credit card number and street address?
  • What other information do you keep track of, about me?
  • Do you collect information from children?
  • How do you verify parental consent for information about their children?
  • How do you make sure nobody steals my credit card information?
  • How do you use this information?
  • Do you share my information with other parts of your company?
  • Do you share my information with other companies?
  • Do you sell my information to anyone?
  • What do you do if one of your employees violates my privacy?
  • Can I see and change the information you have about me, personally? Can I review information you have about my child?
  • How can I start or stop receiving e-mail from you?
  • How do you protect the privacy of my e-mails to your customer support team?
  • Where can I learn more about my right to privacy?
  • Who can I talk to if I have a question about my privacy?

If you can answer most of these questions in plain English, you will surprise and please most consumers, even if your legal team has a fit.

If you must defend yourself against your own firm's lawyers, do some user testing to show what people understand, and what they don't, in their prose and yours.

Then make the case that the document claims to be addressed to the general public, not just lawyers, and so the norms, conventions, and standards of ordinary people are what the text must be judged by--not the stricter, but slippery language that is legally correct.  

Protecting privacy is like defending your home.






The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness.
They conferred, as against the Government, the right to be let alone-the most comprehensive of rights and the right most valued by civilized men.
To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment.
--Louis Brandeis, dissenting, Olmstead v. U.S.

Is this what I ordered?


Home | Guidelines | Rants | Patterns | Poems | Services | Classes | Press | Blog |
Resources | About Us | Site Map

Web Writing that Works!
  2002-2004 Jonathan and Lisa Price
The Communication Circle
Discuss at HotText@yahoogroups.com
Email us directly at ThePrices@ThePrices.com
Order Hot Text (the book) from Amazon