According to a recent survey by Zoho, 62% of American and Canadian businesses surveyed do not tell their customers about third-party ad trackers in a transparent, clear manner. B2B businesses are even worse at the practice, with 72% saying that they are aware of tracking and do not inform their customers of it. This puts these businesses in direct contravention of data privacy laws which carry significant fines. 

Data privacy has been firmly in the spotlight for a number of years. Protecting data privacy rights is the purpose of several North American and global regulations which have been updated or enacted in the past few years. If it turns out that your business is handing data about your customers over to third parties without their knowledge – or yours – you could be at the mercy of these regulations which carry fines that pose a significant risk to your business. 

It is very easy to determine if your business is employing third-party ad trackers through an audit of your software and your website. Clear privacy policies in place that are understood by your staff and transparent to your customers will help you adhere to data privacy regulations. While it may mean replacing some of your software and changing your data collection practices, you are shutting down a huge risk factor to your business by taking just a few simple steps. 

 

What is Third-Party Ads Tracking? 

There are likely a number of companies who have installed digital tracking code that you are unaware of. It may be on your website or throughout various Software-as-a-Service solutions in use by your business and individual employees on their computers and mobile phones. Google, for example, requires that you install its tracking code on your website to use Google Analytics and Google Ads. If you use any “free” software such as a free Customer Relationship Management (CRM) solution, it likely has installed third-party tracking code which serves the app developer information collected by that app. 

This is different from paid software solutions, such as Zoho’s SalesIQ, which tracks actions taken on your website and only serves your company the information. However, a data privacy policy should spell out that you are using a solution which does this. 

 

How do I know if my software or website is “guilty” of third-party ads tracking? 

The first step is to construct an inventory of all of the software solutions your company is using and what their data privacy policies are like. Keep the links for the data privacy policies for each solution, as you should list them in an appendix in your privacy policy. Keep a lookout for any policies which tell you that they will use the data for commercial purposes – this means they may be selling data collected by your software solutions on your clients. You may want to look at switching to paid apps that perform the same function if you find their data privacy policies to be unsatisfactory. 

The next step is to take a look at all the solutions that are in use on your website. Google’s data privacy policies and how it uses the information for both Google Ads and Google Analytics are very transparent. Shopify is equally transparent – both companies collate the information they need to give you the service you are looking for. Google, specifically, removed the use of third-party cookies in ad tracking in 2020 in order to avoid passing personal information back to advertisers. 

Ideally, the only tracking of your customers occurs on your website, and then the data is only used by your business and not by third-party advertisers. This may mean removing all but Google and paid solutions (e.g. Shopify or Zoho) and clearly spelling that out in your data privacy policy. 

 

How do I write a good data Privacy Policy? 

First of all, do not simply cut and paste the first privacy policy you find on the Internet or use a privacy policy generator. A one-size-fits-all approach does not work for privacy policies. A good privacy policy is based around transparency around your data collection and use. Take all of the information you have from your software inventory and your website audit and make sure it is in your privacy policy. If, for example, you use Google Analytics or other products which use cookies to track your customers, say exactly that in your policy. 

The Office of the Privacy Commissioner of Canada offers a number of useful tips for crafting the perfect privacy policy, including telling customers how to opt-out of email campaigns and more. While this advice is largely applicable to businesses outside of Canada, you may want to review this advice from the Better Business Bureau if you are in the US. 

If your business works in the healthcare space or any other sector which carries additional risks around data leaks, you may want to have your privacy policy vetted by a lawyer annually. If your business carries cyber risk insurance, you may want to run your policy by your insurance company to make sure it ticks the appropriate boxes for your coverage. 

Once the policy is written, make sure current employees read and understand it thoroughly. It should also be clearly communicated to staff that they should not be using any software tools for company business that you are not aware of, especially if they collect or store personal information. When many people are working from home, this is especially important to highlight. It should be posted in a prominent place on your website and any other digital properties, and be updated annually or if any major changes occur in the technology you are using. While a software update may not qualify, a website overhaul or a new software solution may require a policy update. 

 

If you want to make sure all of your solutions and website are compliant with data privacy regulations, contact ion8. Our experts will ensure that your business is compliant with all applicable regulations, with our first concern being how well the solutions work for you.