If your answer to either of these questions is “no,” you’re flirting with trouble: trouble with your customers and clients who may be reluctant to engage with your company, its products, and its services, and trouble with federal and state governments that are increasing their oversight of privacy compliance in response to consumer concern. And the trouble will only multiply as you use social media to draw more and more users to your website.
A second problem is that businesses don’t abide by them. Too often, businesses simply copy privacy policies they find online, without ensuring that the policies reflect their actual data collection practices. Even policies that are accurate when adopted may become deceptive when technological advances change the way a site obtains information from its users.
Why Should You Care? Don’t fool yourself into thinking that, because privacy policies tend to use boilerplate language and appear as an insignificant link from the bottom of your home page, no one will read them or care about them. Surveys show that Americans overwhelmingly believe that their personal information, reputation, and privacy are at risk on the Internet. Where there is consumer concern, the government isn’t far behind.
Within the past two months, the FTC has entered into three wide-ranging consent agreements over online privacy practices. It asserted that Google had failed to come clean with users about its privacy settings on the Google Buzz social network platform, and it charged that Facebook changed its privacy policies without adequate disclosure and without obtaining the meaningful consent of its users.
How to Keep the FTC at Bay. Not everyone wants increased government intervention. But if individuals are to safeguard their privacy without the FTC’s involvement, they need clear, understandable information about how the data they provide online will be used. It’s your responsibility to your customers and clients to provide that information.
Some Best Practices. The FTC’s consent order with ScanScout requires a number of measures that might well become “best practices” for the rest of the online world to follow:
- First, and most obvious, tell the truth. Disclose the exact extent to which data about users and their online activities is collected, used, disclosed, and shared. Tell users, accurately, how they can control the collection or use of data about them, their computers, or their mobile devices.
- Second, the FTC made ScanScout place a “clear and prominent” notice on its home page with a hyperlink stating, “We collect information about your activities on certain websites to send you targeted ads. To opt out of our targeted advertisements, click here.” No legalese there. Whatever your site’s practices, you should be equally clear. It’s not that hard.
- Third, the site must contain a mechanism that allows users to prevent the company from collecting information about them, from automatically redirecting users’ browsers to third parties that collect data, and from associating with a user any data previously collected about them.