Hi,

When I was putting my blog together I had to go through a long-winded, tedious approval process with my employer because I wanted to talk openly about where I work.

One of the conditions of their approval was that I had a privacy policy on my site to make sure that I was complying with the UK Data protection act.

Mine is here: http://www.jmcquarrie.co.uk/legal

It does feel a little overkill for a blog, but I'd prefer to be covered should any problems come up.

So, does any one else here bother with such a thing, and if so, why and what does it say?

I have thought about it. If I go ahead and add one, it would only be something simple.

I haven't bothered at all, but I am self-employed so that gives me that luxury.

Sara,

Do you use one on your "business" sites? Or ever put them on your client sites?

I don't have them on my personal sites but business and client sites do, along with accessibility statement and terms and conditions. I think it projects a more professional image and helps people get at ease with the company and their site quicker.

SarahG,

Do you use a standard policy for all sites? Or have a unique one for each client / business site?

I ask, because I found it quite hard to find good examples (not being a lawyer) of what should be included. I'm happy with mine, but I'm interested in how others composed theirs.

Well, we tend to tell the client to write them and cover the various points of how any received data is dealt with and stored. We then add in our own part about how the online version of the information is held (if at all), along with statistical information gathered.

From the online point of view it's a pretty much standard of 2 options, their info is either not stored in a database or it is. Of course if SSLs are in use they'll be mentioned too.

I also ensure the client states that they are members of the DPA and their number, regardless of whether they're a business, company or VAT reg'd business (as the last 2 should along with their other details by law).

I think from a blog's point of view, just the information stored online, so statistical information and also how comments are dealt with (email is required but is never made private, stored in a db online though), as well as what happens to any info sent via a contact form. This way people know where their information is stored, how secure it is etc. There's not much else you can state on a policy for a blog site.

That makes sense to me.

I'm quite surprised that I've never come across some sort of official guidelines / instructions on what to include. I'm sure they exist somewhere, just never shown up on my radar.

I have one...

James, here's a privacy policy generator from the OECD - OECD Privacy Statement Generator (http://www.oecd.org/document/39/0,2340,en_2649_34255_28863271_1_1_1_1,00.html)

I knew there must be something out there. Thanks.

Yeah, I do put privacy policies in clients sites if necessary and I require they write them.