Privacy Policies: Say What You Mean and Mean What You Say
By Lesley Fair
A 1998 study by the Federal Trade Commission (FTC) showed that 85 percent of online retailers collected personal information from consumers, but fewer than 15 percent posted a privacy policy explaining their information practices. What a difference a decade makes. These days privacy policies are standard for any Internet marketer. But as recent FTC law enforcement actions make clear, having a privacy policy is just the first step. It’s critical that companies live up to the promises they make about how they use and secure the information they collect.
So what does this mean for savvy marketers? Here are some tips on making your privacy policy a priority.
• The letter of the law? Of course, it’s important to discuss your data security practices with your attorney, but that doesn’t mean your privacy policy should read like a legal tome. Design it with your customers in mind. Just like the rest of your website, your privacy policy should be clear, direct, and easy to understand. Keep technical jargon and legal terminology to a minimum.
• Say what you mean and mean what you say. Some online retailers lace their privacy policies with lofty language about how careful they are with customers’ personal information, but don’t back their words up with tough security measures. For example, the FTC recently settled a case with a company that claimed “We are committed to maintaining our customers’ privacy,” and yet allegedly failed to protect personal information from a well-known — and easily preventable — form of hack attack. Statements in your privacy policy are no different from any other advertising claim you make. You’ve got to back them up with solid proof.
• The more things change. For security-minded consumers, your company’s information practices are a key factor in their decision to do business with you. So if you decide to modify how you use personal information, it’s important to call customers’ attention to that change in policy. Just editing what you say on your website won’t alert them to your new procedures.
• Create a culture of compliance. A company’s privacy policy is only as strong as the staff that implements it. That’s why it’s important to train all employees — including your IT professionals, sales representatives, human resources specialists, and support staff — on how to protect sensitive data. To help you explain the basics to your team, the FTC has produced a new 20-minute online tutorial, available at www.ftc.gov/infosecurity, offering practical tips on safeguarding personal information.
Lesley Fair is an attorney in the FTC’s Bureau of Consumer Protection who specializes in business
Compliance.
February 2008
For more information, see here: www.ftc.gov
These materials were obtained directly from the Federal Government public websites and are posted here for your review and reference only. No Claim to Original U.S. Government Works. These may not be the most recent versions. The U.S. Government may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information or the information linked to. Please check the linked sources directly.