Step 1: People & Approach

1.1 People

You will find it helpful to engage with:

  • Those who collect the personal information;

  • Those who use the personal information collected;

  • Clients/customers whose information is collected, as helpful;

  • Your privacy or compliance officer (if applicable); and

  • Legal counsel to advise on any legal requirements related to the privacy notice.

1.2 Distribution of Privacy Notice

How you provide a privacy notice can impact its contents and language. So you should have a clear idea of:

  1. Form. Orally, in writing, through signage, electronically, or a layered approach of some or all of these.

  2. Timing. At initial contact and upon any updates, annually, or some other.

These decisions will depend on factors unique to your organization or service, such as:

  • Administrative capacity

  • Technical feasibility

  • Legal requirements

  • Type & sensitivity of information

Caution: Be aware that more frequent distribution is not necessarily helpful to the people you are noticing! For example, requiring a user to acknowledge a privacy notice each time they login can confuse and overwhelm users.

It is a best practice to provide a new notice only when there has been a material update to the notice.

PreviousHow To: Create or Update a Privacy NoticeNextStep 2: Develop the Content

Last updated