Privacy notices (sometimes known as privacy policies, or data collection policies) are a way of explaining to people how we use their personal data. Once you have your draft it should be submitted to the Information Assurance Manager to be approved.
How to write it
Your privacy notice should:
be clear, easy to understand, and use everyday language
relate clearly to a specific set of activities, a specific service, or a specific group of people
give specific examples - if you share with third parties, for example, list or describe them
avoid meaningless references to legislation such as "your information will only be shared in accordance with data protection law"
avoid vague unspecified scenarios such as "we may share your information with other people" - explain who the other people might be, and what circumstance would trigger the sharing
be truthful - don't say that information will never be shared if you have a need to share it
What to include
There are several things your notice needs to include:
who we are - that's particularly important if the people you are working with a software system or a website where it might not be immediately clear that you are part of the University of Essex.
an explanation of what you are using the information for
your legal basis for using the data - you'll need to seek advice on this from the Information Assurance Manager
who you share the information with. This is especially important if you are sharing outside your team or outside the University. Don't forget to include the provider of your software system or website, if that's an external organisation.
whether you will using the information to make any automated decisions.
the list of rights that individuals have. These are the right to object to their information being used, the right to data portability, the right to access their own data, and the right to have their data removed.
the firstname.lastname@example.org email address, which is the contact for the University's Data Protection Officer
There may be other things you need to include, depending on where your information comes from. The Information Assurance Manager can advise on this.
Examples of privacy policies
You might find it helpful to look at the main University privacy notices for staff and students as examples. There is also a checklist provided by the Office of the Information Commissioner.