Wherever your personal data was collected, you would want to know what was being done with it and why. For this reason, among others, your organisation should do the same for all those individuals whose data it has collected. It should state what has been collected, why and who you may be sharing it with.
Specifically, it should be:
- Clear, easy to read and understand and short
- Uses straightforward language – especially when effectively addressed to children
- A clear description of what will be done with the data
- Clear on the detail of the rights the individual has regarding the collection, storage, access to, use of and disposal of the data being collected
Further information should be supplied describing from where the data was obtained – direct from the individual or via a third party (database). This allows the individual to know what others know about them. Wouldn’t you like to have the ability to find out what others know about you? So, you should treat people as you would wish to be treated and provide this information for your customers.