In my last post I covered a few basics and statistics regarding online privacy policies. We hope the post encouraged all readers to think more about online activities and privacy. As consumers, we need to assume responsibility for our data, but we also need the support from our government as well. Cue the fun fact!
“The U.S. is one of only two OECD countries (or developed nations) — along with Turkey — without baseline consumer privacy protections for consumer data.” (source)
As covered in the previous post, privacy policies are hard to understand and as a result, few Americans interpret them correctly. Secondly, a website\’s privacy policy does not apply to the activities of third parties that collect information from the first party. Who wants to read three or more privacy policies if various partners are involved in the exchange of information within one website? Moreover, current Federal privacy laws apply to a few sectors that collect personal data, such as healthcare, financial services and education. What about the rest?
The facts are a bit unsettling, but progress has been made, specifically this past year. The House of Representatives, Reps. Bobby Rush (D-IL) and Cliff Stearns (R-FL) have each introduced separate comprehensive bills. In the Senate, John Kerry (D-MA) and John McCain (R-AZ) recently introduced the “Commercial Privacy Bill of Rights.” (source)
So what can we do as consumers? First, start off by asking a few simple questions. A detailed privacy policy should provide answers to the following: (Thanks to the Center for Democracy & Technology for compiling the questions.)
1. What information needs to be collected? How confidential/identifiable is the information?
2. Why does the website need the information? Is it appropriate for the service promised/provided?
The above questions reminded me of a recent scenario, which I\’m sure is encountered by many. Have you ever registered to receive an email newsletter? Ever wonder why they bother asking for your full name (first, middle and last), address, phone, date of birth, age, etc.? I\’ve come across this and it is a major annoyance. It\’s an email newsletter, nothing more! Get the basics: my email, maybe my first name so you address the email appropriately. My age may also be necessary for the sake of market research, but a business should not collect or store my mailing address for an email notification or newsletter.
Here are more questions to keep in mind:
3. How is the data being collected? Are those measures of collection secure? Does the site maintain web logs? Does the site set cookies?
Tracking cookies are secretly installed on your computer without your consent. Websites use these to track your browsing habits and to acquire information about your search history. These are dangerous because they attempt to acquire personal information, unlike regular cookies, which only record website visits. Read more on how to spot tracking cookies and how to get rid of them here.
4. How is personal information used once it is collected? Is it ever used for purposes other than those for which a visitor has provided it? (If so, the visitor should be informed of the use.)
5. Has the visitor consented to it? Does the visitor have the option to prohibit such secondary use? Can a visitor prohibit it and still enjoy the website?
It\’s important to know where your information is going. Is it distributed to third-parties? What is the privacy policy for the third party in question?
6. Does the site offer different kinds of service depending on user privacy preferences? Does a user have a choice regarding the type and quantity of personal information that the site collects? Does the site disadvantage visitors who exercise data collection choices?
7. Can users access information that has been collected about them? Are users able to correct inaccurate data?
8. How long is personal information stored? Is it kept any longer than necessary for the task at hand?
9. Whom can visitors contact?
If you have a question, take the time to reach out to a marketing manager or webmaster so that you understand the policy completely. It is your information after all, so do your part to keep it safe.
10. What laws govern the collection? Is it a Federal government site regulated by the Privacy Act? Is the entity collecting information regulated by another privacy law?
As mentioned before, only California, Connecticut, Nebraska, and Pennsylvania have specific privacy policies regarding websites. You can read about the policies here. Also, keep in mind that there is no Internet Privacy Act within the U.S. If you come across any website that lists this fictitious law, proceed with caution!
Research plays an important role when it comes to online privacy, so take a few minutes to read a website\’s privacy policy and ask questions. Current policies lack structure, clarification and proper enforcement, but that should not deter any individual from securing their own online activity. Well-founded privacy policies alleviate many security headaches and can be encouraged, by all of us, especially during a time when adequate data privacy laws are practically non-existent. So whether you are a consumer, business owner or government employee, we can each do our part to support a proper legal structure for online privacy.
Author: Alejandra Gutierrez
Helpful information. Thanks!