I recently attended the 2023 IAPP Canada Privacy Symposium in Toronto. The IAPP team put on a stellar event, chock-full of learning, networking, and so much more. I organized a panel we called Good Privacy & Good Comms: At Odds or Symbiotic? My wonderful co-speakers included:
Trevor Fenton from Plain English Law
Deborah Evans from Rogers
Andrea Corlett from the Information and Privacy Commissioner of Ontario Office
Our objective was to convince the audience that good communications are essential for an effective privacy program and to share tips and strategies to help legal and comms "play nice" together. Because the truth is, they're not always on the same page, it's something that's rarely talked about, and it can lead to privacy problems.
We had a rather lively discussion on the topic. In this article I summarize a few key points from our session.
THE PROBLEM: A DISCONNECT BETWEEN LEGAL/PRIVACY & MARKETING/COMMS
Why is there often a disconnect? Legal/privacy and marketing/comms tend to have different:
Priorities – compliance with laws and regs vs promotions and sales
Expertise – legal and regulatory matters vs branding, messaging and campaigns
Comms styles – formal and precise language vs simpler more colloquial language
Views of success – compliance and reduced risks vs higher sales or awareness
WHAT DOES FAILURE LOOK LIKE?
This disconnect can lead to:
Operational and procedural problems, for example when there’s a breach
Content and message ambiguity
Overestimating audience literacy and reducing accessibility
Lack of transparency in privacy notices
SO WHAT DOES SUCCESS LOOK LIKE?
Leveraging shared values and responsibilities: reputation and trust
Communications experts at the table from the start
More collaboration and support across the organization
Greater appreciation by comms of privacy requirements
Greater clarity resulting in compliance with transparency requirements
A more customer-centric approach to privacy
BEST PRACTICES
We shared a handful of plain language and web-writing tips to improve privacy policies and notices:
Lead with key information - don't bury the lede
Active voice
First and second person: you/we
Present tense by default
Short sentences: replace commas with full stops
No jargon, generalities, weasel words, negatives
Sub-heads and bullets
Layers for deeper content
Readability tests for reality checks
"Cringe" and "ick" tests
We also talked about a few other comms best practices for privacy:
Comms playbooks for better breach planning and response
Developing and sharing style guides for clarity, simplicity and consistency
Understanding and adapting communications methods to the audience
Training everyone in both comms and privacy
EXAMPLES
A few concrete examples of best practices that we mentioned were:
The Information and Privacy Commissioner of Ontario's new Transparency Showcase, a virtual 3D gallery that showcases and encourages compliance with best practices in open government and transparency
The Office of the Privacy Commissioner of Canada's submission on Bill C-27, which focuses on 15 vs the previous 50+ recommendations for a new law, written in plain language and designed using online readability techniques
Rogers' privacy policy which is updated regularly with FAQs that address issues customers raise most often
WHY BOTHER?
Good privacy communications is good business.
Transparency about privacy practices, improved via better comms, is the right thing to do.
It’s also baked into privacy laws – either explicitly or implicitly – and there’s even more emphasis on transparency and clarity in proposed new laws, such as Bill C-27.
If you have trouble clearly explaining what you're doing with people's information or if it has that “ick” factor, perhaps you should re-examine what you're doing.
Comments