People say there is no privacy on the internet, and goodness knows I’ve thrown my personal data around for years. I’ve been prepared for repercussions, but have also been smart about how I’ve shopped and with whom I’ve associated. Thankfully, I’ve escaped almost unscathed (crossing my fingers), with only a few “our company’s files were hacked and we suggest you change your password” messages so far.
I also know a few folks who seem to think strangers are listening to all of their cell conversations and leering at their Facebook photos. Really? Who has the time to listen to all those phone calls, and why would they? And you can manipulate your privacy preferences for photos (and most everything else) on Facebook, although you are taking trust to a higher level there.
But my focus today is on so-called Privacy Policies, those legal documents that only the most anal among us actually read when directed before clicking the Agree or Continue button. What is the true purpose of these contracts? 1) To reassure us that our privacy is truly guaranteed? Or 2) To cover the asses of the company if someone sues them for using their personal information for marketing purposes? I believe I will take door number two, Monty.
Corporate lawyers aside, every privacy policy I’ve read starts out by telling the user, “Your privacy is an important priority to us at XYZ Company, so we’re going to tell you how we use your information.” It sounds so helpful! So ingratiating! So full of crap!
Wait, doesn’t that remind you of the telephone answering services we have to deal with? “Your call is important to us, please hold for the next customer service representative…” Just before they place you in the queue until hell freezes over.
The policy goes on to tell you how they collect the info, including the stuff you don’t supply voluntarily (except by visiting their site), like your computer location, the type of browser you use (and thus the type of computer you own), what site you were visiting before you came to theirs, how long you lingered on each page of their site, etc. Should you really care? Probably not, but you should be aware of it.
“Knowledge is power.” ~Francis Bacon
Then we come to the actual data that you provide about yourself. They mostly say they “use secure technology to safeguard your information.” Well, whoopee. I use secure technology to safeguard the birdseed on my front porch, but the raccoons still get in.
What kind of secure technology? How secure is it? Who has access to my data and why? Where and how is it stored and for how long? Those are the specifics I want to know in a privacy policy, not just a vague reassurance that you gather my data and secure it according to your company policy. What exactly IS your company policy?
This is especially important when the company—and most do—say they are sharing the information with “affiliates” or “third-parties.” Of course, who knows what their company policies are?
I realize large corporations can’t post their entire security plans in their privacy policies—that’s not what I’m asking. But I want more information about what you do with MY data. It’s the only data I have, you see, and I’m trusting you to take care of it.
Here is a great example: the Opt Out Service for the Consumer Credit Reporting Industry. This is the official site where you can opt in or out of receiving firm offers of credit (read “junk mail credit card offers”) from the major credit companies. You have to give your name, address, Social Security Number, Date of Birth, and firstborn child on this form, but when you take a gander at the Privacy Policy, it’s as hazy as all the rest. (Okay, I was joking about the firstborn child, but not by much.)
Not a word in the entire document tells you anything specific about what they do with the most important information you can supply to identity thieves. Way down in Security and Confidentiality Note is this consistently obscure statement: “… we take other reasonable physical, technical, and procedural safeguards for purposes of safeguarding your personally identifiable information.”
It’s the only data I have, you see, and I’m trusting you to take care of it.
This is not enough for me, thank you. I would rather go to the separate credit agencies and opt out. At least I know they already have my information.
Note: The Social Security Number is not a national identification number, but don’t even get me started … And if you have your birthdate and year on Facebook, I suggest you remove the year for your safety.
The final rub is, these companies can change their policies at any time without notifying you. It’s up to you to keep checking back with their privacy policies in case they make a change. How many of these policies have you clicked through in the past? Each time you’ve become a member of a secure or member-driven web site and for every software installation you’ve ever done, you’ve agreed to these policies.
True, it is my choice to not agree, not purchase, or not visit the web site. However, if I want to participate or purchase, then that legal document (the privacy policy) that I am signing by proxy (by clicking that “I agree” box) applies in the other direction, too. The company has a legal and ethical obligation to keep my data safe and secure.
The question is, do they honor their promises?
Follow Me!