Anatomy of a Privacy Policy
New here? You may want to subscribe to my RSS feed. Thanks for visiting!
Privacy policies are something we see online a lot more these days. But have you ever closely reviewed one? The name itself conjures up the notion that your private information is safe from prying eyes. But it doesn’t have to be just that. It may also be telling you how an organization or person may actually use that information which you should hold so dearly, and that by performing a transaction with them gives them authorization to use it in whatever way the outline.
I came across a privacy policy the other day that inspired me to post about this. I’ve placed a modified version of it here. I want to make it clear that I have nothing against this merchant. They are within their legal rights to do what they’re telling you. As a matter of fact, I applaud them for at least putting it all in writing for their users to see. I only use them as an example to help you increase your awareness of what privacy policies can actually do. They’re not just about keeping you information private; they’re also about telling you how it may not be private.
First, let me just say that I have replaced the merchant’s original name with “XYZ Company”. I have also labeled parts of the document with numbers for easier reference.
Section 1 is pretty straight forward. Section 2 is a little more interesting. Take note of the second sentence is line 1: XYZ Company may combine information about you that we have with information we obtain from business partners or other companies. They don’t tell you who those other business partners are. Could they be health care related? How about financial? The thing is you don’t know unless you ask them, assuming of course, that they’ll tell you if you do ask.
Moving to Section 2.3. So they’re openly (which I commend) telling you that they’re going to review what they already know about you with the new information you’re going to willingly provide them. Bear in mind that it’s with products and services you have already purchased or used with them before. Just give it some thought before you deepen the relationship.
Section 2.4: no worries there. Most every company does that and, as far as I’m concerned, presents no danger to you. Section 2.5 is good, but note the use of “anonymous reporting for internal and external clients”. Still, it’s good that they’re telling you, but it’s the external clients that caught my eye. Nothing to be too worried about as it’s supposed to be anonymous, but I imagine that it could be possible to link up your personal information with the data those external clients already have. Such a link-up would have to rely on your authorization, no doubt, but again something to think about. Maybe you don’t want those guys to know what you purchased no matter if it’s a toothbrush or some lingerie.
Section 2.6: careful here. Unless you don’t mind getting spammed, you may not want to enter into a relationship with them. Personally, I’m troubled by the end of that sentence: without offering you the opportunity to opt-out prior to receiving them. Again, I’ve give them credit for telling you up front, but there’s no telling how long it will take you to get off that list of theirs before they send you all sorts of things in the mail and e-mail.
Sections 3 and 4: no worries there.
Section 5.1: Very important. It’s your choice to provide the information or not, but you may not get what they’re offering. It’s the old “give us what we want, and we’ll give you what you want”; a simple trade. How much is your personal information worth?
Section 5.3: Other companies may have access to the information you provide so that they can fulfill the agreement the merchant is making with you. This could be as simple as the postal service (i.e. providing your mailing address for delivery purposes), or keeping you from being added to yet another list. But it’s good that XYZ Company has told you that these other parties may not use your information for anything else, which I find reassuring.
Section 5.4: Uh-oh. What do you have here? XYZ Company may share, rent or sell personal information about you with other people or non-affiliated companies. Again, it’s good they’re upfront about it, but do you really want your information to be sold to other entities, especially ones you don’t know? This kind of contradicts the above section 5.3, where those parties that they give your information to can’t use it for any other purpose, but parties they sell or rent your information to is perfectly fine. So essentially, what they’re telling you is anyone they do business with has your information.
Skipping down to section 5.8, this is important in that while you may feel good about doing business with this company, it’s quite possible that in the future if they’re bought by or merged with someone, your information is now their information, too.
So, have I got you worried? I hope not. Have I given you reason to look at the next privacy policy you come across a little more closely? I hope so. All this is to say that seeing a privacy policy link does not necessarily mean that your private information will remain private. It could, but it could also be entering you into someone else’s database for further use. Just be careful.
Surf safely!
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Leave a comment