How to Write a Privacy Policy

by Sarah Harvey / March 20th, 2020

The Importance of Privacy Policies in Today’s Data-Centric Landscape

It’s no secret that data is now the most valuable asset worldwide. With nearly all organizations relying on some form of data to fuel their business, consumers and policy makers have started highlighting the need to be more transparent about how they collect, use, store, and transmit data, starting with their privacy policies. Because consumers have become more interested in how their data is being collected, used, stored, and transmitted, it is essential that businesses recognize the importance of creating a robust privacy policy. So, how can they write a privacy policy? Are there any privacy policy samples to reference?

Emerging Data Privacy Laws

Across the globe, law makers are enforcing data privacy laws. In the United States, many state-level privacy laws have been enacted. While CCPA is the most talked about of those recently enforced, other states have made progress with enforcing their own laws and the federal government is evaluating whether it will pass a federal data privacy law. Aside from CCPA, regulations like HIPAA and GBLA require that organizations be transparent about the kind of data they’re collecting and how they’re protecting it. In Canada, PIPEDA was recently enforced, and perhaps the most infamous data privacy law of our time, GDPR, was the force that led to the data privacy law evolution.

How to Write a Privacy Policy

Because so many countries are creating and enforcing their own data privacy laws, knowing what your privacy policy needs to include can be confusing. If you’re questioning how to write a privacy policy, try using these four basic steps to get started.

  1. Identify which regulations you must comply with and any privacy commitments you make separate from regulatory requirements.
  2. Map the data you’re collecting – know that you receive it, where it is, who interacts with it, how it’s used, who you share it with, etc.
  3. Create an outline – Determine which sections you must include and which you can leave out.
  4. Use clear, easy-to-read language. Users should be able to clearly understand your processes for collecting, using, and protecting their data.

Topics to Cover in a Privacy Policy

Want to know how to write a privacy policy? Privacy policies will usually differ based on your industry, location, and applicable legal regulations. Nevertheless, there are common topics to cover in a privacy policy, including:

  • A scope of the policy
  • An introduction or description of your company
  • A list of the types of data you collect
  • A description of how you collect that data
  • A description of how you use that data (Do you share it with third parties? Do you use it for targeted marketing? Do you use it for product or service development? Do you use it to fix bugs or address data security concerns?)
  • A description of the length you will hold the data
  • A list and description of consumer rights, such as the right to opt-out and the right to deletion, and how to exercise those rights
  • Impact that consumer rights and choices will have on their ability to use services and products
  • Children’s privacy rights (Typically this addresses 13 and under)
  • A description of how updates to the privacy policy are made and how users will be notified if a change occurs
  • Ways to contact your organization

3 Privacy Policy Samples: Pros and Cons

While there are basic components that privacy policies need to address, it can still be confusing when it comes time to write the document. Let’s take a look at three privacy policy samples and evaluate what they do well and areas they can improve on.


As one of the world’s largest and most-used social media sites, Twitter’s privacy policy is a great example of a comprehensive, yet understandable privacy policy. Using color coding, links, and highlighting, it is clearly laid out and easy to navigate. However, a major pitfall to this privacy policy is the length. Notice the scroll bar? This doesn’t make it so easy on the user to dig through and easily understand how Twitter is collecting, using, and protecting data.

Survey Monkey

Ensuring that consumers willingly give consent and opt-in to their data being collected is becoming more and more common – and required! Survey Monkey understands that, and it’s clearly demonstrated in their privacy policy. Like Twitter, they use color coding, links, and highlighting to help users navigate the policy. In addition to this, it’s brief – making the document more readable for users.

The Guardian

In many instances, organizations will be required to comply with multiple data privacy laws, like CCPA and GDPR. Sometimes, this means that businesses will need to create two separate policies; however, there are also times when it is appropriate to combine them, which is exactly what The Guardian has done.

Whether you’re just starting out developing your privacy policy, or you’re looking to revamp the one you currently have in place, KirkpatrickPrice is here to help. Still questioning how to write a privacy policy? Don’t just download some basic template online – utilize one of our experts to make sure you’re on the right track. Contact us today to get the process started.

More Privacy Policy Resources

Privacy Policies Built for GDPR Compliance

Privacy Policies Built for CCPA Compliance

Most Common Privacy Gaps

Privacy audits can feel overwhelming.

Privacy laws and regulations are constantly changing, and the process feels overwhelming. This guide will help you feel more confident as you prepare for your next privacy audit.

Get the Guide