Welcome | Sign In
MacNewsWorld.com
Privacy

Privacy Policies: The Good, the Bad and the Witty

Print Version
E-Mail Article
Reprints
Privacy Policies: The Good, the Bad and the Witty

By Erika Morphy
E-Commerce Times
Part of the ECT News Network
12/23/08 4:00 AM PT

Privacy statements are all over the Web, it seems, and they're pretty much universally ignored. That's because the legal tracts that most companies display are the epitome of user-unfriendliness. A few mavericks are trying a different approach, though, with statements that are clear, concise -- and sometimes even entertaining.


Lorrie Thomas does not "sell, share or whore out" the personal information of any visitor who comes to her Lorrie Thomas Web Marketing site -- and she backs up this no-share promise in her privacy statement.

Indeed, the entire document is a straightforward description of what the company will and will not do with personal data. For example, it "collects the domain name (where possible) of visitors to our website, and user-specific information on what pages consumers access or visit. The information we collect is used to improve the content and layout of our website."

Cookies? None.

Ad Servers? It does not maintain any such relationships.

Furthermore, any contact from the company will be only about the specific information the visitor requested.

The firm's policy over sharing its information -- and with whom -- was the greatest concern among clients, Thomas told CRM Buyer, "so I decided to be as blunt as possible to get my message across."

For anyone who has waded through the typically mind-numbing legalese of the privacy statements that many companies put out, Thomas' version is a breath of fresh air.

Aimed at informing consumers of precisely what will be done with their personal information -- and thus reassuring them -- most privacy documents are weighed down by details. They end up being the very antithesis of consumer-friendly outreach.

Slow-Moving Trend

That is beginning to change. "Everyone understands that these statements are very difficult for the consumer to read and understand," said Lisa Sotto, partner and head of privacy and information management practice at Hunton & Williams.

With the last few years, there has been a trend among companies to make these notices more comprehensible to the average consumer. Sotto dates this push back to when the Federal Trade Commission offered up guidelines for changing the format of the privacy notices required under the Gramm-Leach-Bliley Act (GLB Act).

In general, the "FTC is very active in this arena," she said, "and its focus includes all companies -- not just the big ones."

A privacy protection division the FTC formed about two years ago is further evidence of the agency's seriousness, she noted.

Privacy statements that invoke the FTC's ire include "notices that don't provide sufficient information about collection and disclosure practices, or security practices, or notices that are in legalese," she said. "It is also critical that companies provide adequate information, and the language is written so that it can be understood by the average reader," she said.

Ironically, there are few laws that actually require businesses to offer their customers a privacy notice. Once a company has published one, however, the FTC's mission is to see that it's honored. Laws on the books that do mandate a privacy notice include the GLB Act (for financial companies), HIPAA (for health providers) and a California law that de facto covers everyone else, as it applies to any company that does business in the state.

Despite this patchwork policy framework, best practices for privacy notices are beginning to gain traction, Sotto said.

One, for instance, calls for the company to pull into a shorter document key provisions and terms, making it easier for consumers to compare privacy notices from company to company.

Companies that do this include IBM; Microsoft; Kraft Foods; and Georgia-Pacific, which also breaks out Californians' privacy rights.

Another best practice is defining of terms in easy-to-understand language, noted Bart Lazar, a partner with Seyfarth Shaw. That, plus its easy-to-read format is why he likes American Express' privacy notice, he told the E-Commerce Times.

"It is navigable, and it breaks things up into nice chunks and then defines its terms," Lazar said.

The Entertainment Factor

Unfortunately, there is no best practice that calls for a company to entertain its clients via its privacy notice, a la Thomas and, to cite another example, the Kramer Law Firm, which advises readers that it is "not sophisticated enough to automatically collect your personally identifiable information, such as your name, address or email address, hopes, wishes, disappointments, etc... .[but] in those instances when we do collect personally identifiable information ...We'll tell you when we are collecting personally identifiable information about you by asking for it. If we ask for your name, address, phone number, email address, shoe size, etc, you can be sure that that's within the category of "personally identifiable information."

As for security, Kramer's Web site "maintains virtually no more than the most basic safeguards -- i.e., password protected databases and the like -- to ensure the security, integrity and privacy of personally identifiable information submitted to our site.

"If you're uncomfortable with our honesty here, we strongly encourage you to use false data when responding to our requests for your personal information. That way, if that personal information is ever disclosed, you'll rest soundly knowing that nothing of real value has been lost," the statement reads.

The Straightforward Route

Indeed, it is still rare -- despite the examples set by heavy hitters such as Microsoft (Nasdaq: MSFT) or Kraft -- to find a privacy notice that merely easy to read.

Many companies do not set out to write complex policies. Oftentimes, they are just woefully misguided about what is required, Joseph E. Campana, author of Privacy MakeOver: The Essential Guide to Best Practices, told CRM Buyer. "I saw one recently that said it was providing a privacy notice because the Freedom of Information Act required companies to do so. When I asked the company where it got that, someone told me that the Web master included that language."

Campana points to his privacy notice as a guide. It includes sections on the information the site collects; how that information is used; whether it is disclosed to others (no, it is not); its security policy and its opt-out provision.

Basically, there are a handful of questions that a good privacy notice will answer, Hunton's Sotto agreed -- and without the use of legalese:

  • what information is collected;
  • how it is used;
  • to whom it is disclosed;
  • what security is provided;
  • how visitors are notified of changes to the policy; and
  • contact information for the company.

Companies get bonus points if they provide users with a way to change information they have already turned over.

Print Version E-Mail Article Reprints More by Erika Morphy

Talkback: Join the Discussion.
Getting a Good Privacy Policy
CarolynHodge
Posted 2008-12-23
I wanted to offer another excellent option to help companies write an accurate and readable ...

More by Erika Morphy

Ballmer Gives Shareholders - and Dell - Cause for Optimism
November 20, 2009
Microsoft CEO Steve Ballmer was all smiles at the company's shareholders meeting, as he touted the early success of Windows 7. Ballmer's cheer may have been contagious; after posting a massive earnings decline for the third quarter, Dell needed some good news to latch onto, and the prospect of broad enterprise adoption of Windows 7 could spur PC sales. 		AA.com Sucks the Fun Out of Trip-Planning
November 20, 2009
Using AA.com to book a flight was a painful experience. Densely packed, disorganized information was displayed in an unattractive format. On the plus side, it did seem as though the deals American Airlines advertised were real and not mere bait-and-switch lures. For anyone who wants a travel-planning Web site to inject a little pleasure into the experience, though, I say look elsewhere. 		Salesforce.com Pumps Up Volume of Workplace Chatter
November 19, 2009
Salesforce.com has developed a collaboration platform that puts social networking to work. Salesforce Chatter facilitates employee collaboration on projects through Facebook-like profiles, status updates, feeds and groups. The question remains whether employees will be as open to social networking in the workplace as they are in their personal lives.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside MacNewsWorld
MacNewsWorld
E-Commerce Times
TechNewsWorld
White Papers | Case Studies | Reports
9 Proven Techniques to Double your Sales. Sign up for the free eBook!
Leveraging Social Media To Boost E-Commerce Holiday Sales
The Business Case for Virtualization Management: A New Approach to Meeting IT Goals
Why Offshore Projects Fail: 6 Things to Know Before You Outsource
VCs Speak Out: Where the Tech Investments Are Going
LinuxInsider
CRM Buyer
Today's MacNewsWorld Sponsors
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Entrust Extended Validation SSL
Entrust EV SSL certificates -- "go green" for less. Now from only $199 per year.
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.