1. The company discloses the method of direct notification to users (e.g., email, SMS, etc.).
2. The company discloses the timeframe within which it provides notification (e.g., two weeks prior to changes occurring).
3. The company maintains a public archive or change log.
Guidance: It is common for companies to change their privacy policies as their business evolves. We expect companies to commit to notify users when they change these policies and to provide users with information to understand what these changes mean. This indicator seeks company disclosure on the method and timeframe within which companies commit to notify users about changes in the privacy policies. It also seeks evidence that a company provides publicly available records of previous policies so that people can understand how the company’s policies have evolved over time.
Evaluation: This indicator is scored using a checklist, meaning companies can only receive full credit if their disclosure meets all elements in the checklist.
Potential sources:
For more information, click here for a glossary of terms.
