When’s the last time you read your company’s privacy policy? The answer might be never. That’s for the lawyers, right?

In an age in which privacy is increasingly important to your audience, marketers and brand experts should be playing a role in not just the formation of the privacy policy itself, but also the operational processes that inform it.

Why?

Say you’ve scaled your advertising program significantly. You’re invested in CTV, display ads, and the works. While your legal team reviewed your contract terms with your vendor, no one thought about the privacy policy. It may not cover you for the ways in which you’re collecting, using, and sharing audience data as it comes to you.

Data coming to you doesn’t just mean through form data that a person volunteers. It also means through your use of pixels and cookies that log their traffic patterns. Even your use of a UTM parameter in source codes creates a scenario where you learn from a user’s behaviors, even in an aggregate way. It matters that your audience knows this – both to the law, and to your brand reputation.

Additionally, as state privacy laws come into effect in more states every year, you’re going to be held to standards that say you’ll turn over data to an audience member if they request it.

You’ll need to be clear about what audience members can expect; will they receive their data immediately? Will your operations batch requests once per month? In what format will it be delivered? Your privacy policy is the place to communicate these pieces.

While the marketing and external relations team likely shouldn’t be the team handling logistics, they should be apprised of what kind of promises you’re making externally, because these all have reputation implications if something goes south (or, thinking optimistically, goes really well!). 

Done well, your privacy policy should be a living document that gets revisited at least quarterly and has a collection of stakeholders contributing to its review.