Creating a Plain-Language Privacy Policy

Most organizations collect and use at least some kind of personal information about their customers. Organizations that work with third-party marketers will likely have additional information regarding their customers’ online activities.

It’s also likely that most organizations are making promises to their customers regarding their information practices – for instance, about how the organization collects, uses, and shares such information. These may appear in the form of a website privacy policy. Are these promises accurate and complete? And can the customers easily read and understand them?

This article breaks down a privacy policy into is basic constituents and examines the steps involved in writing a plain language privacy policy.

Plain Language

“Plain language” refers to the principles of clarity, organization, layout and design. This is important, seeing as only 38 percent of American adults have graduated from college. Furthermore, according to a 2003 literacy study, less than 15 percent of American adults were deemed proficient in “understanding, integrating, synthesizing, and analyzing multiple pieces of information located in complex documents.”

Here some important elements to consider when writing in “plain language:”

  • Use positive language; reduce negatives.
  • Use the active voice; avoid passive voice, unless necessary.
  • Omit unnecessary words.
  • Omit legal jargon.
  • Avoid technical jargon.
  • Limit defined terms.
  • Use personal pronouns.
  • Avoid nominalization; turn nouns into verbs.
  • Eliminate redundant information.
  • Use parallel constructions and conditional statements.

Before Writing Your Privacy Policy

Prior to writing a privacy policy for the average person, it`s important to consider the following:

  • Who is your audience?
  • What information do they need to know?
  • What is the logical organization/flow of that information?

Demographics are extremely important, but in order to reach the widest audience, write your privacy policies in the simplest conversational English, without legal jargon, complex language or unwieldy grammatical structures. Studies reflect that the average US adult reads at a level several grades below their highest educational attainment. Thus, a ninth grade reading level is appropriate for writing a privacy policy. Simplify the language and format it in the clearest way possible.

Other than simplifying the language and format, make sure that you provide all the information necessary for a consumer to determine whether or not they want to use your website/services. You may be required to include information that shows compliance with legal or regulatory requirements, including:

  • Gramm-Leach-Bliley Act
  • Children’s Online Privacy Protection Act
  • Health Insurance Portability and Accountability Act
  • Various state laws

When working on the organization of the privacy policy, consider a hierarchy of information. Begin with the general, then move to the specific. One of the most effective and easily understandable structure is the question-and-answer format. This is especially appropriate for complex issues, such as privacy practices. Try and anticipate users’ questions and organize the information to answer those questions.

Structure of a Privacy Policy

A privacy policy, as is the case with any consumer notice, must provide readers with essential information. Here is a recommended structure:

  • Headline(s) – consider the following:
    • What types of personal information do we collect about you?
    • How do we use your personal information?
    • With whom do we share your personal information?
    • To whom is my personal information disclosed?
    • How do we protect your personal information?
    • Introduction describing the scope of the privacy policy
    • Sections of important information (e.g. how personal information is collected, used, shared, disclosed, etc.)
    • Subsections under rights (opt-out policy, etc.)
    • Contact information

No matter how you choose to set up your privacy policy, it’s important to respect the elements of a plain language privacy policy. This means creating a document that offers clear, effective communication of complex and essential information to people with basic education. Clear writing and clean presentation can help to facilitate customer understanding and ultimately save a company both time and money.


“Plain language” refers to the principles of clarity, organization, layout and design. This article takes a close look at how to create a plain language privacy policy.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT), a privacy professional should be comfortable with topics related to this post, including:

  • Privacy by policy (III.B.)
  • Policy components (IV.A.a.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>