Using plain language when you talk about privacy and personal information is key if you want to win your customers’ trust.
We have written about the POPIA requirement that a business must have a privacy notice* that explains what personal information the business collects and what it does with that information.
Here is a list of our top 5 privacy notices. How did they make it onto our favourites list? Well, the people who wrote them understood that, as typical consumers, we’re all a little sensitive about sharing our private information. It makes us uncomfortable. They understood that we need a little reassurance when it comes to privacy. For instance, LinkedIn starts theirs with ‘Your Privacy Matters’. Doesn’t that make you think they care?

This is the first commandment of plain language writing: Lawyer know thy audience!

We’ve always thought that the POPIA drafters missed an opportunity to include a rule that privacy notices should be written in understandable and plain language.
Ultimately, it doesn’t matter whether it’s written into the law. If you don’t speak to your customer in language they understand, they are less likely to trust you with their personal information. If they don’t trust you, they will either go to the next guy or they will give you incorrect personal information to protect themselves.
Come on, all of us have changed a digit in our ID numbers or cell phone numbers when we are forced to share them with someone we don’t trust.
Our friends in the EU are a little bit more experienced when it comes to regulating data protection. The EU General Data Protection Regulation (GDPR) comes into effect in May 2018.
As an aside, many South African companies don’t realise that they are bound by it, but more about that on another day.
The GDPR provides that businesses must provide their consumers with a privacy notice ‘in a concise, transparent, intelligible and easily accessible form, using clear and plain language’.
That’s nice, but how do you get that done.
We like to take a scientific approach to these things. Instead of guessing what readers understand and what their needs are, we do usability testing. This is how it works:

Step 1: Understand the audience

We figure out who the audience is. This usually involves analysing the segment of the market for whom your products or services is intended. We research their age, level of education, income, how they like to get information, right down to what they had for breakfast. Usually the sales and marketing departments are very helpful during this phase.

Step 2: Analyse the document and figure out where the potential hot spots for misunderstanding are

We analyse the document to identify potential issues and to figure out what we want to ask the research participants. Generally, we want to know whether people understand the privacy notice. We also want to know how the privacy notice makes them feel and what they think of the business as a result. We also add comprehension-style questions to help us understand how people interpret those words we use in agreements and notices every day, like ‘natural person’, ‘liability’, and ‘warrant’. In different industries there are different terms to test, so it’s always a learning opportunity for us.

Step 3: Assemble the test subjects

Now that we know who your customer is, we recruit test subjects who are just like them.

Step 4: Figure out what methodology we are going to use

Next, we decide what methodology we are going to use. This can range from questionnaires or one-on-one interviews, to focus groups or remote online testing. It will all depends on what we want to test and what kind of data we want.

Step 5: Test, analyse and report

Once the actual day of the testing has come and gone, we analyse the results and write up the findings.

Step 6: The important part – implementing changes

The last step is to change your privacy notice based on the testing. This is very exciting, because now we are no longer making an educated guess about what your customer needs from your privacy notice.
With POPIA and the GDPR bearing down on businesses like a steam train and data breaches being in the news daily, we all need to think about how we speak to our customers about their personal information. But let’s not mess around guessing what they want to hear and how they want to hear about it. Let’s ask them.
If you need help testing or writing your privacy notice, you are in the right place. Get in touch!
*A word on terminology Many South Africans use ‘privacy policy’ instead of ‘privacy notice’. We prefer the latter. It comes from the UK.