SkillsCategory

17 proven tactics for improving website privacy

19 min read
Brett Farmiloe
Image credit: stock.adobe.com - VZ_Art

Protecting user privacy isn't just a checkbox—it's the trust foundation for any successful website. In a world where data breaches and online tracking make headlines, how do you ensure visitors feel secure? We asked top privacy and cybersecurity experts to share their go-to tactics. From cutting out intrusive ads to fine-tuning consent management for cookies, these twenty pros reveal practical, tested strategies to strengthen privacy and protect user data.

Disclaimer: Opinions belong to the author alone and do not necessarily represent the views of GoDaddy. All trademark rights belong to their respective owners. Third-party trademarks are used here for demonstrative and educational purposes only; use does not represent affiliation or endorsement.

1. Eliminated ads for user privacy

Our user base wasn’t growing, and we didn’t like sacrificing their privacy to run ads, so we eliminated that revenue stream. Instead, we partnered with privacy-focused companies to promote their products and also generate revenue from the website. We made the change, and it made the website appeal to a wider audience, and we have grown steadily ever since. For anyone else with a blog, news website, or anything else that hosts ads for revenue, look for alternative sources of revenue. Your users will thank you.

Bill Mann, Privacy Expert at Cyber Insider, Cyber Insider

2. Minimize third-party script usage

We limit third-party scripts and use Plausible, a privacy-friendly analytics platform, instead of invasive options like Google Analytics. Additionally, we ensure credit card information is not entered on our site by redirecting payment pages to our payment processors. This approach has significantly reduced privacy risks, and I advise others to minimize third-party dependencies and prioritize transparent, user-friendly analytics tools.

James Wilson, Personal Cybersecurity Expert, My Data Removal

3. Implement data minimization practices

One specific approach we took to enhance user privacy was implementing data minimization practices across all our markets. This means we collect only the essential data needed for our services and avoid gathering any unnecessary personal information. For example, we revised our lead forms and removed optional fields that weren’t critical for delivering value to our users, like full addresses and non-essential demographic details.

The results were highly positive. Not only did this improve user trust and engagement on our platform, but we also reduced the risk associated with data breaches, as less sensitive information is stored. Additionally, our compliance with GDPR and other privacy regulations became much smoother.

My advice to others looking to improve privacy would be to focus on transparency and simplicity. Be clear with your users about what data is collected, why it’s needed, and how it’s protected. Also, always collect the minimum amount of personal data needed for your service. In the long run, this approach builds trust and aligns with evolving privacy standards globally.

Lysakowska Maria Izabela, Global Country Manager, Financer.com

4. Switch to SSL encryption for secure data

One specific thing we did to improve the privacy of users on our website was to make all web pages use HTTPS. This protocol encrypts the data between the user's browser and our server, which greatly decreases the likelihood that hackers will manage to intercept sensitive information. As a result, we noticed a boost in users' trust and credibility. Above all, we also observed a slight improvement in our search rankings due to the secure connection.

Here's a tip: HSTS (HTTP Strict Transport Security) can be used to make HTTPS implementation more robust.

For extra privacy, I would recommend starting with HTTPS because it is among those measures that are pretty easy and effective. Secondly, collect only the necessary data, not a bit more. This keeps risks minimal and the user's preferences protected. Perform periodic security audits on privacy to identify and remove collection points that aren't needed.

Tom Jauncey, Head Nerd at Nautilus Marketing, Nautilus Marketing

One specific approach to enhancing user privacy on our website involves implementing SSL encryption to ensure that all data transmitted between users and our site remains secure and private. This encryption creates a secure tunnel, protecting sensitive information such as personal data and payment details from interception by malicious actors. Additionally, we conducted a thorough privacy audit to identify potential vulnerabilities and ensure compliance with privacy regulations like the Protection of Personal Information Act (POPIA).

As a result, users have experienced a heightened sense of trust and security while interacting with our site. We've seen a noticeable reduction in privacy-related concerns and an increase in user engagement, as visitors are more willing to share information when they feel secure. This enhanced trust not only protects users but also strengthens our brand reputation.

For those looking to improve privacy on their websites, it's crucial to start with a solid foundation of data encryption and ensure compliance with local and international privacy laws. Regularly auditing your site for vulnerabilities and keeping your privacy policies transparent and up-to-date can further enhance user trust. Moreover, educating your users about the measures you've taken to protect their data can foster a more secure and trusting online environment.

Tshiamo Champion, Founder, Cham8ion Investments

Related: Choose the best SSL certificate for your business

5. Rewrite privacy policy in plain english

We made our privacy policy truly user-friendly and transparent. Instead of the usual jargon-filled legal document, we rewrote our privacy policy in plain English, highlighting what data we collect, how it's used, and how users can control it. This gave users more clarity and confidence, as they no longer felt they were blindly agreeing to something they didn't understand. The transparency was a key factor in building stronger relationships with our audience.

Rewriting our privacy policy in a user-friendly manner resulted in a 30% drop in email queries about privacy concerns, freeing up our support team. Users appreciated the clarity and simplicity, which helped them make informed decisions without feeling overwhelmed. My advice: make your privacy policy as accessible and human as possible—people trust brands that speak to them in plain language.

Marc Bishop, Director, Wytlabs

6. Adopt end-to-end encryption

We abided by taking end-to-end encryption as our cornerstone to enhance privacy protection for users. This has implications for data sent from our users to our servers: such data is encrypted, and if intercepted, it cannot be easily deciphered. Apart from encryption, we followed secure coding practices, moving our software to a level where it could be least vulnerable. This included, but was not limited to, the use of parameterized queries to avoid SQL injection attacks and adherence to the OWASP Top Ten Security Risks.

We also provided two-factor authentication for user accounts as an added layer of security. This went a long way in fending off unauthorized access to user accounts, even if the credentials were compromised. Third-party experts regularly conducted security audits and penetration testing to ensure our defenses stayed strong against the latest threats. This resulted in significant reductions in security incidents and improvements in user trust, which we could measure through higher customer satisfaction scores and retention rates.

First, anyone seeking to increase privacy must understand the specific data risks of their business and then mitigate these with a mix of technological and procedural measures. Employ encryption whenever sensitive data is involved, and ensure that the development team is trained in secure coding practices. Keep refreshing your security to keep pace with new threats and consider third-party audits for unbiased opinions of the state of your security posture. Finally, be open with your users about the steps taken to keep their data secure. This transparency goes a long way in building confidence by showing that one is seriously concerned with privacy.

Jacob Kalvo, CyberSecurity Expert, Co-Founder & CEO, Live Proxies

Ensuring the protection of user privacy on our website has consistently been of importance to us. A key strategy I put into action was the implementation of end-to-end encryption for all data exchanges. This measure greatly reduced the likelihood of unauthorized access and potential data breaches by encrypting data in motion as well as while stored. 

The outcomes were impressive; we noticed a rise in user confidence and interaction levels, and our security assessments indicated a notable decrease in weaknesses. For those seeking to enhance privacy, I recommend focusing on encryption and transparency as priorities. Ensure your users understand how their data is safeguarded. Establish a privacy environment that not only protects your users but also enhances your brand's image in a time where trust holds great value.

Rafay Baloch, CEO and Founder, REDSECLABS

One specific approach we used to enhance user privacy was the implementation of end-to-end encryption for sensitive data transmitted between the website and its users. This involved encrypting all communications via TLS (Transport Layer Security) and ensuring that any user inputs, especially personal and financial data, were securely handled and stored in encrypted databases.

This approach significantly reduced the risk of data breaches, boosted user trust, and ensured compliance with privacy regulations like GDPR and the Australian Privacy Principles (APPs). We saw a measurable reduction in data vulnerability and an increase in customer confidence, reflected in positive feedback and increased user engagement.

Advice for Others:

  • Start by conducting a privacy audit to identify vulnerabilities.
  • Implement strong encryption protocols for data in transit and at rest.
  • Ensure regular privacy training for your team to maintain high standards.
  • Make sure your privacy policy is clear, transparent, and regularly updated.
  • Most importantly, treat privacy not just as a legal requirement but as a cornerstone of user trust and brand credibility.

Andrew Ross, Director, Andrew Ross Technologies

7. Shift to client-side data processing

We implemented client-side data processing to increase privacy for our customers. Instead of sending sensitive information like form inputs or personal data directly to our server, we shifted certain tasks to be handled directly in the user’s browser. Things like form validation, data filtering, and even encryption were processed locally before anything was sent. This reduced the amount of sensitive data transmitted, lowering the risk of breaches and giving users more control over their information.

The results were great—this change not only boosted privacy by minimizing data exposure but also improved overall site performance. With fewer tasks relying on our server, users experienced quicker load times and felt more secure in how we handled their data. For anyone looking to enhance privacy, I recommend exploring what can be done client-side without compromising user experience. Tools like Web Workers and browser-based encryption make this shift easier, and being transparent about local data processing builds user trust.

Henry Timmes, CEO, Campaign Cleaner

8. Move to static-site generator

After years of goofing around with systems like WordPress, we eventually moved everything to a static-site generator. By doing this, we eliminated the need for server-side processing for most of our content, which greatly reduces potential security vulnerabilities and the attack surface for malicious actors. Static sites don't have databases or dynamic content generation, so they're inherently more secure and privacy-friendly.

The results were immediate: reduced risks of data breaches, faster load times, and more control over what limited data we do collect.

For anyone looking to improve privacy, my advice would be to simplify your infrastructure wherever possible. Less complexity equals fewer vulnerabilities, which leads to better privacy outcomes.

Brian Corrigan, President, Rocket Science Group

9. Implement strong access controls

One of the key approaches we used to enhance user privacy was implementing strong access controls. By restricting access to sensitive data based on roles and responsibilities, we ensured that only authorized personnel could view or interact with critical information. This involved setting up role-based access control systems and incorporating multi-factor authentication to add an extra layer of security.

The results were great, and our users felt more secure knowing their data was protected; we drastically reduced the risk of internal data breaches. It also helped us build trust with our clients, as they could see we were taking their privacy seriously.

My advice to others aiming to improve privacy is to prioritize access control. It's not just about keeping outsiders out; it's about managing who inside your organization has access to what. Start with a thorough review of who needs access to sensitive data and implement strong controls accordingly.

Rob Stevenson, Founder, BackupVault

10. Integrate blockchain for identity verification

One step I took to improve user privacy on my cryptocurrency brokerage website was to integrate a blockchain identity verification solution. This allows users to validly identify themselves without the need to store private data on our servers. We don't see who confirmed someone's ID when they sign up; we just know it was done by other users, and that is enough. 

This way of doing things allows users to show what's needed only, without exposing their entire identity. I noticed this made users feel more comfortable; when asked about privacy, many said they felt much safer knowing that their private data is never saved on our servers. There has since been an observable growth in people registering and using the website.

For anyone wishing to add privacy to their website, my suggestion is not to apply a privacy plugin. Instead, look for technologies that put power in the hands of users, avoiding database dependencies. Focus on systems that bring information under user control. If you combine your technical innovation with a clear message on why privacy matters to users, and how it works, you will move users to an entirely different level of engagement with and loyalty to your service. They'll understand you really do care about their privacy.

Thomas Franklin, CEO, Swapped ApS

11. Custom-built privacy-friendly analytics

We focus on privacy and security. We're offering an encrypted email service, promising that there is absolutely no tracking and no ads. Obviously, our website must match this promise. Thus, we are not using Google Analytics or any other third-party tool to track our users when they come to our website.

This leaves the challenge as to how we can still get information from website visitors in regards to conversions. Since we are a tech company, we have built code into our website and email client ourselves so that we can see when users sign up for free or paid email accounts—in a fully anonymized way. This means we do not see what the individual user does, but we still have data on user behavior in general.

However, setting up this custom-built, 100% privacy-friendly tool took a lot of effort, and we would not generally recommend doing something like this to standard websites or webshops. There are already many privacy-friendly Google Analytics alternatives on the market that can do the job nicely and that can even be self-hosted.

Arne Möhle, Co-Founder & CEO, Tuta

12. Forego user dashboards for privacy

We forwent a personal user dashboard. Dashboards store user data—names, email addresses, and past course history. If there were to be a security breach, the data would become a goldmine for attackers. We don’t store any personal information on our servers. 

We capture all lead information through Typeform because it meets the strictest industry standards—ISO 27001: security management and ISO 27701: privacy information management. It also meets the SOC 2 Type II: security controls, HIPAA Title I: protected health information, GDPR, and CSA STAR Level 1: cloud security. 

We collect minimal data and never ask for sensitive or unnecessary information like birth dates to reduce the attack surface that comes with data storage. We have cut out 95% of the risks that arise from user information storage and achieved a 20-fold improvement in user privacy on our website. 

Other companies should rethink the necessity of a user dashboard and explore alternative methods for user interaction.

Oliver Page, Co-Founder & CEO, CyberNut

In adherence to the growing concern for privacy, we recently implemented an explicit consent model on our website. We started with the basic approach of a simple cookie banner but went a step further: Instead of just notifying users about the use of cookies, we provided them the control to opt into non-essential cookies. 

We also added a Privacy Center for users to modify their privacy settings, learn about data collection practices, and request access to their data. The results? We put our users' privacy concerns at ease, enhanced trust, and saw an increase in user engagement. 

My advice for other businesses aiming to improve privacy: do not simply view privacy measures as a regulatory compliance activity. Treat it as an opportunity to build a stronger relationship with customers by providing them control over their data. It doesn’t just comply with laws, but it also resonates with today's privacy-concerned customers, ultimately benefiting the business.

Jim Kreinbrink, CEO, Hyper Dog Media

For our website—and that of our clients—it's all about how prominent and clear you can make not only your cookie and privacy policies but also how easy you can make it for visitors to see and accept policies on your site. 

This can have a significant positive impact on analytics and data tracking, so ensuring you're being as clear as possible about what your specific cookie usage policies are can lead to an increase in acceptance (and less of a headache when it comes to running monthly analytics reports!).

James Nesbitt, Director, Myth Digital

15. Employ Gmail OAuth for data security

Limit personal identification data: this includes usernames, email addresses, contact information, and account credentials collected during user registration and account management processes. 

We chose to employ the Gmail OAuth 2.0 protocol and informed users through our T&Cs. This way, you limit the number of third-party companies with which you share user personal data, since in this example, Google already holds the user data from their email provider relationship.

It is very important to apply a minimization principle for Technical or Usage Data and collect only what you need and store it only while it is needed. 

For example, you may need different types of personal data to utilize different features of your digital product or website. In this case, you should only collect those personal data when the user uses that feature and not before.

We have two different features that require different user permissions. We have split these permissions so that they are not requested before the user actually uses that particular feature.

In the examples before, we talked about data essential to the use of the service, so there is no way to avoid it if the user wants to use the service.

Lastly, there is a category of information that we can only collect based on user consent. This is generally behavioral and preference data, that includes data on user interactions, preferences, and feedback, which is processed to personalize content, recommend relevant services, and improve overall platform engagement. This data is collected through cookies, analytics tools, and direct user inputs.

Most platforms employ such types of data, primarily to measure website traffic and interaction and adjust features and content for their specific audiences. The important thing is to be transparent about this and also about the companies with which you share the user personal data. In our case, we tried to limit the number of companies to a minimum and search for partners with a proven track record of maintaining a high privacy standard for their users.

Another important aspect is the ease of access for your customers' digital rights. Depending on the legislation, this may vary, but generally, the right of data access, deletion, opposition, and correction are to a large extent universal.

Adrian Vicol, Data Architect & Founder, AgainstData

16. Utilize open-source software for privacy

One specific approach I use to enhance user privacy on my website is to make use of open-source software as much as possible. Open-source software often has great transparency and clear values when it comes to user data. In addition, it is often possible to host the software on your own infrastructure, keeping the data inside your company.

Jos Tijhuis, Owner, Jos Tijhuis

One specific approach I used to enhance user privacy on a website was implementing granular consent management for cookies and data collection.

  • Consent Management Platform (CMP): I integrated a CMP that allowed users to control which types of cookies they wanted to enable or disable (e.g., necessary, analytics, marketing). This platform also provided clear, concise descriptions of what each type of cookie did, helping users make informed choices.
  • Privacy-First Default Settings: By default, only essential cookies were activated. Users had to actively opt in for any non-essential cookies, ensuring that data collection was minimized unless explicitly permitted.
  • Transparent Privacy Policy: I updated the privacy policy to be easily accessible and written in simple language, outlining the types of data collected and how it was used. Regular reminders were also included, prompting users to review their privacy settings periodically.

Results:

  • Increased User Trust: The transparent and user-friendly consent process led to a notable increase in user trust and engagement on the site. We received fewer inquiries about data privacy concerns, and the opt-in rates for non-essential cookies increased because users felt more confident about the control they had over their data.
  • Compliance with Regulations: This approach ensured the website was fully compliant with privacy regulations like GDPR and CCPA, avoiding potential legal risks or penalties.

Advice to Others:

  • Prioritize User Control: Make sure users have clear, easy-to-use options to manage their privacy settings. The more control and transparency you offer, the more likely users will feel comfortable engaging with your site.
  • Keep It Simple: Avoid overwhelming users with technical jargon. Break down privacy policies and cookie descriptions into simple, easy-to-understand terms.
  • Review Regularly: Privacy regulations evolve, so it's important to regularly review your privacy practices and keep users informed of any changes. Periodic audits of your consent management system will help you stay compliant and maintain user trust.

Farhat Imtiaz, Marketing Expert

More articles like this

  • Brett Farmiloe

    Brett Farmiloe is the founder & CEO of Featured, a question and answer platform that connects brands with expert insights. He is a published author, and has been involved with a couple of successful acquisitions (and multiple failures) with startups.
    More Articles by Brett Farmiloe