Integrating Legal Safeguards to Sustain Users’ Trust

Dr. Cavoukian addressing audience.
Dr. Ann Cavoukian, Executive Director, Privacy and Big Data Institute, Ryerson University, outlines the advantages of embedding privacy in technologies, at a February 28, IABC event in Kitchener, Ontario.

Relevant Legislation & Best Practices

As my senior project is to develop a niche social media network for Canadian caregivers, it must address three key areas of Canadian/Ontario legislation:

In addition, I need to provide ‘Community Guidelines’  to ensure users act appropriately. Along with behaviour guidelines, I must embed references to privacy and copyright law in these guidelines. In addition, I must make it clear that this social network isn’t liable for undesirable outcomes, due to community members’ advice.

The third area, accessibility and AODA, outlines escalating legislated requirements that must be incorporated into all web properties to accommodate people with visual, audio, motor and cognitive disabilities by 2021. This presentation by Ad Web Com provides a clear explanation of this legislation and will be a good reference for developing this niche network. Similarly, CASL will control my solution’s need to take a ‘permissions-based’ approach to recruit members but will not impact online documentation.

I also need to adhere to copyright law, ensuring I am legally allowed to post specific content and providing credit, as required.

Given the sensitivity of personal healthcare information, which caregivers or my community members may share about their loved ones, PIPEDA is my highest legislative priority.

Safeguarding Trust Versus Legislation

Steps to address these areas falls under mandated legislation or legal recommendations/best practices. However, Dr. Ann Cavoukian, Executive Director, Privacy and Big Data Institute and Ontario’s former privacy officer, is advancing a global Privacy by Design standard to embed privacy as a default in all technology. For my niche network, this means ensuring that De-identification Protocols are incorporated in the code from the onset.

Furthermore, Dr. Cavoukian positions privacy as a competitive advantage, not debilitating compliance. In many ways, I think all these legal requirements/recommendations or ‘safeguards’ can be considered a competitive advantage because they all help to win and sustain the community’s trust.  I want to keep this in mind, when I address prospective members and describe this niche social network.

Legal Documentation Models 

As examples, I reviewed privacy and community guidelines for:

One of the key tenants of transparency is making things clearer. LinkedIn, Tyze and Carezone have tried to do this in their policies/guidelines.

For example, Carezone, uses a second person voice, a reassuring tone, user-centric headings (e.g. how we protect your data) and plain language to specifically explain how it uses technology (e.g. encryption), physical safety measures (e.g. private network residing in a data centre monitored 24/7), policies and procedures to keep data private. This includes providing specific examples, such as: “We transmit your email address to UserVoice so we can interact with you through email, but we give them no further information about you.” In contrast, the Caregiving Space uses exhaustive legal terminology to explain its privacy and other guidelines, writes some sections using almost illegible all capitals, and offers vague assurances, such as: “… use industry best practices approaches about security measures to prevent the loss, misuse and alteration of the information.”  Where possible, I think it’s most effective to adopt Carezone’s voice, editorial style and more specific approach.

Both Tyze and LinkedIn go further to enhance the user experience when conveying policies and community guidelines. Tyze provides the required legal documentation, as well as a short synopsis in a conversational voice. And LinkedIn, provides friendly user-centric explanations, much like Dr. Cavoukian’s ‘privacy as an advantage’ position, and offers short (1.45 minutes or less) videos to explain user agreements and privacy. I think it will be particularly beneficial to use videos, as LinkedIn does, to explain policies and community guidelines to the caregivers network members to help ensure clarity.

Reviewing these guidelines, particularly those from Carezone and LinkedIn, gives me a framework of key topics for my network’s privacy and copyright sections. I’d like to apply Carezone’s same second person voice and plain language tone for the Community Guidelines.

For example, the Privacy and Security Guidelines should include:

  • How we collect your information
  • How we use your information
  • How we protect your data
  • Information sharing and disclosure
  • Third-party services
  • If there’s a problem
  • Reporting a problem

There are likely more topics to address in my legal documentation but this is a ‘safe’ start.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s