Could you share your privacy policies, specifically around private messages?


(Melissa Jenkins) #1

Hi All,
We are working on our privacy policy, and our members have specific questions around access to private messages.
Can anyone share their policies around this?
Thanks for your help!

The members questions are the following:
How many people within the organization can access our PMs?
Does “administrators” include the Moderators?
What rules (or at least guidelines) are in place to manage and restrict access?
What approvals are required before any “administrator” can look at someone’s PMs?

This is what we currently have written about access to private messages, which is rather broad:

Private messages are not available publicly and are not shared with any third party. Private messages are not available to search engines and would not show up in a search engine search unless they had been copied by the sender or recipient into a public post. Access to private messages is only available to Breastcancer.org administrators and is used for situations where they need to uphold the rules of conduct for our Community.

Breastcancer.org does review summarized metrics to track activity in the Breastcancer.org Community and this may include the total number of private messages within the Community during a given timeframe.


(Sarah Hawk) #2

Great question. We’ve never actually had a policy around this in any of the communities that I’ve worked in, but I’m aware that people are mindful of it because they’ve mentioned it in passing (ping @richard_millington ).

I’d be interested to see whether others have policies in place.

FWIW I think what you’ve proposed sounds pretty good, but we can check in with some lawyers @Steve_Combs @rebeccabraglio


(Steve Combs) #3

I would keep response very high level. Referencing your privacy policy, product descriptions, and site settings can be helpful.

There are many examples where a third party might have access for legitimate reasons (service provider, law enforcement, sale of business, etc.) so avoid open-ended or absolute statements like:

Private messages are not available publicly and are not shared with any third party.

So putting that all together:

  • Private messages are restricted content.
  • Moderators do not have access to private messages based on their moderator role. [or specify they do have access.]
  • We restrict access to personal information to employees, agents, contractors and other parties who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations. Such parties may be disciplined or terminated if they fail to meet these obligations.
  • See our Privacy Policy and Terms for how we handle personal information and for our security policies. Review your account settings for additional privacy preferences.

For security and legal reasons, I would avoid specific discussions about approval processes or other site operations. When in doubt, just reference your published policies and terms.

My standard disclaimer applies: This post is not legal advice.


(Melissa Jenkins) #4

Absolutely wonderful advice! There are a few really great points that we will immediately implement and communicate with our members!
Thanks so much!