Step 2: Develop the Content

2.1 The Basics

Any privacy notice should tell people:

  1. who you are;

  2. what you are going to do with their information; and

  3. who it will be shared with.

Research example privacy notices in your sector or from organizations providing similar services. Which of them convey information about privacy practices clearly and simply?

2.2 Mapping Data Flows

To help you understand and describe (2) and (3) above, you need to map out how the personal information flows through your organization. This includes:

  • What information you actually need to carry out desired processes in your organization;

  • What information you collect or maintain that constitutes personal information;

  • What you do with the personal information you collect or maintain;

  • What third parties have access to the personal information you collect or maintain;

  • Whether you are creating derived or inferred data about people, for example by profiling them; and

  • Whether you will be likely to do other things with the information in the future, such as large scale data analysis.

    • However, you should not draw up a long list of possible future uses if you do not intend to process personal data for those purposes.

2.3 Other Relevant Practices

Depending on the circumstances, you may find it is relevant to let people know:

  • How you protect or secure the personal information you collect or maintain;

  • The links between different types of data you collect and the purposes for which you use each type of data;

  • The consequences of not providing information - for example, non-receipt of a benefit;

  • Information about their rights of access to their data; and

  • What you will not do with their data (for example, you will not use it for marketing purposes or you will not use it to determine their eligibility for other benefits).

Caution: Convey the above information in a brief and clear manner. This leads to better user understanding and awareness. Try to avoid piling tons of information from different sources to cover all bases; rather, provide a consistent and simple message.

PreviousStep 1: People & ApproachNextStep 3: Check the Language

Last updated