top of page
  • Writer's pictureAnne-Marie Hayden

Good Privacy Demands Good Comms

Updated: Jun 5, 2023

I recently attended the 2023 IAPP Canada Privacy Symposium in Toronto. The IAPP team put on a stellar event, chock-full of learning, networking, and so much more. I organized a panel we called Good Privacy & Good Comms: At Odds or Symbiotic? My wonderful co-speakers included:

  • Trevor Fenton from Plain English Law

  • Deborah Evans from Rogers

  • Andrea Corlett from the Information and Privacy Commissioner of Ontario Office

Our objective was to convince the audience that good communications are essential for an effective privacy program and to share tips and strategies to help legal and comms "play nice" together. Because the truth is, they're not always on the same page, it's something that's rarely talked about, and it can lead to privacy problems.

We had a rather lively discussion on the topic. In this article I summarize a few key points from our session.


Why is there often a disconnect? Legal/privacy and marketing/comms tend to have different:

  • Priorities – compliance with laws and regs vs promotions and sales

  • Expertise – legal and regulatory matters vs branding, messaging and campaigns

  • Comms styles – formal and precise language vs simpler more colloquial language

  • Views of success – compliance and reduced risks vs higher sales or awareness


This disconnect can lead to:

  • Operational and procedural problems, for example when there’s a breach

  • Content and message ambiguity

  • Overestimating audience literacy and reducing accessibility

  • Lack of transparency in privacy notices


  • Leveraging shared values and responsibilities: reputation and trust

  • Communications experts at the table from the start

  • More collaboration and support across the organization

  • Greater appreciation by comms of privacy requirements

  • Greater clarity resulting in compliance with transparency requirements

  • A more customer-centric approach to privacy


We shared a handful of plain language and web-writing tips to improve privacy policies and notices:

  1. Lead with key information - don't bury the lede

  2. Active voice

  3. First and second person: you/we

  4. Present tense by default

  5. Short sentences: replace commas with full stops

  6. No jargon, generalities, weasel words, negatives

  7. Sub-heads and bullets

  8. Layers for deeper content

  9. Readability tests for reality checks

  10. "Cringe" and "ick" tests

We also talked about a few other comms best practices for privacy:

  • Comms playbooks for better breach planning and response

  • Developing and sharing style guides for clarity, simplicity and consistency

  • Understanding and adapting communications methods to the audience

  • Training everyone in both comms and privacy


A few concrete examples of best practices that we mentioned were:

  • The Information and Privacy Commissioner of Ontario's new Transparency Showcase, a virtual 3D gallery that showcases and encourages compliance with best practices in open government and transparency

  • The Office of the Privacy Commissioner of Canada's submission on Bill C-27, which focuses on 15 vs the previous 50+ recommendations for a new law, written in plain language and designed using online readability techniques

  • Rogers' privacy policy which is updated regularly with FAQs that address issues customers raise most often


  • Good privacy communications is good business.

  • Transparency about privacy practices, improved via better comms, is the right thing to do.

  • It’s also baked into privacy laws – either explicitly or implicitly – and there’s even more emphasis on transparency and clarity in proposed new laws, such as Bill C-27.

  • If you have trouble clearly explaining what you're doing with people's information or if it has that “ick” factor, perhaps you should re-examine what you're doing.

75 views0 comments

Recent Posts

See All

10 crisis comms tips for privacy breaches

Privacy breaches are happening all the time and they can have dire consequences. When (not if) you experience a breach, the stakeholder trust that’s been built in your organization is on the line. How

Tips on simplifying privacy communications

Consent is a cornerstone principle of private sector privacy law in Canada. Guidance on consent often emphasizes that notices need to be in plain, easy-to-understand language for the consent to be mea

Subject matter experts as spokespersons

I participated on a panel recently, at an event organized by Wirewheel and with some other distinguished folks, to explore the idea of the chief privacy officer as spokesperson. The event was under Ch


Post: Blog2_Post
bottom of page