When privacy policies are being mentioned online or in the news, it’s usually not to praise them. During the past few years, several companies have been criticized, censured, or sued when the privacy policies they have posted on their Web sites don’t reflect what the business actually does.
Although RealNetworks changed its policy statement to include its data-collection method, it’s likely some consumers still associate the company with the privacy gaffe. And while the practice of using GUIDs isn’t uncommon, not informing customers that they were in use couldn’t have helped RealNetworks’ business.
Understand your data collection
Atlanta-based lawyer Peggy Eisenhauer often receives requests from clients who want her to help them put together privacy policies. But that’s not the first step she encourages businesses to take.
“I always tell them that’s the wrong place to start,” said Eisenhauer, who works for Hunton & Williams . “The first place is actually understanding your current data-collection practices. And second, deciding what you want them to be.”
For example, does your company share information it collects with third parties? What kinds of consumers are you trying to attract? Are you collecting sensitive data like social security numbers?
What your policy should cover
- Notice Tell users what kind of data is being gleaned from them, how you will use it, and who else might see it.
- Choice Can users decide how collected information is used? Can users opt out of having information collected?
- Access To comply with the Federal Trade Commission, users must be able to review, update, or correct information.
- Security Tell users how you will safeguard the information collected on them.
- Educate Make sure users can come away knowing your company’s practices and that the policy accurately reflects your practices.
Is it understandable?
Yahoo! and privacy
- What information is collected from users and how it is used
- How the information is collected and with whom it is shared
- What choices users have in terms of information collection and use
- How users can access their information
- How Yahoo! handles users’ personal financial and health-related information
- How Yahoo! safeguards information
The site also carries a seal of approval from TRUSTe, a nonprofit company that awards seals to a business’ Web site after it meets a list of privacy guidelines.
“Privacy is a multi-headed beast,” said International Data Corporation analyst Chris Christiansen. “Consumers, especially consumers with children, are worried about disclosure, sale, and control of what they consider private information.”
Companies who follow their privacy policies can use them as another way to reassure their customers.