Ten things in a privacy policy that should make your spidey sense go off…
1. "We may use logs to analyze trends, administer the Site, track user movement in the aggregate, and gather broad demographic information for aggregate use. We may associate this information with your Personal Information to resolve technical issues and support security for our users."
What exactly is the company gathering in those logs? Who has access to these logs? Do third parties analyze the data and if so what do they do with it?
2. "We may share, in aggregate form, information collected from surveys with advertisers, partners, affiliates and the general public, but will not share survey information containing personally identifiable information with any third party without your prior consent."
Make darn well sure you understand how and where you give consent to allowing PII to third party sites. Does the company use auto opt-ins, do you opt-out by default, is it a combination or are you not even given the chance to opt-out?
3. "We link cookies to your unique registration number and use them to enhance and personalize your experience on the Site. We also use cookies to deliver information and fresh content specific to your interests."
There is no mention of third party cookies… are third party cookies used and if so, how does that affect your privacy?
4. “We only share Your Information with others when we have your permission or under the types of circumstances described in this Privacy Policy.”
Read the rest of the Privacy Policy carefully to understand the circumstances where your information could be shared with others
5. “Upon removal of membership from the Site, we may retain Your Information for a period of time in our internal databases and systems.”
Not a particularly specific timeframe… how long? For what purpose is this information being retained?
6. “You should be aware that despite our efforts, factors beyond our control may result in disclosure of Your Information. Accordingly, we are not in a position to guarantee that Your Information will be secure under all circumstances.”
So what circumstances are they responsible for? Is that information outlined specifically or is this a carte blanche for deniability? What exactly is a factor beyond their control? Be skeptical and ask questions.
7.”We may update this policy from time to time as our information practices are modified or changed. It is strongly suggested that you regularly visit this privacy policy for updates to its contents.”
Better policy would dictate the company notifies its customers whenever a change to the policy is made.
8. “We may, without your consent, access and disclose Your Information, any communications sent or received by you, and any other information that we may have about you or your account if…”
For what? Requests by the government? Actions that appear illegal? A threat is made? How comfortable are you with who they detailed could request or be provided this information? Is there any ambiguity to the list? Is there actually a list provided?
9. “We may share Your Information with third parties that are subject to privacy policies that protect your personally identifiable information from disclosure to other third parties in a similar manner to our privacy policy.”
What does a similar manner mean? If they cannot disclose the exact privacy policy these third parties are using, you cannot be assured they are using your information in a manner you would agree to.
10. We and our third party advertisers may use web beacons to compile aggregate statistics about which advertisements and promotions users have seen and how users responded to them.
Beacons can also be referred to as web bugs, 1×1 gifs, clear gifs, tracking bugs, and tracking pixels. Are these beacons associated to individuals and how does the company handle this information? As mentioned before, are third parties beholden to a privacy policy and if so, what is it?
It's pretty simple… always read the privacy policy. Be skeptical, ask questions, read between the lines and walk away from a site that sinks below your "I don't feel so good about what this company is all about" threshold. Be wary of privacy policies and terms of use that make you jump around from one document to another or from one paragraph to another in a non linear manner. Refuse to accept ambiguity. Write to the company. An electronics firm in Brooklyn selling a camera for 1/2 of what everyone else is selling it for is probably performing a bait and switch and probably doesn't care about your PII… use your brain. Remember, you CAN fight back with your wallet. You don't like how the company protects your data then don't reward them with your patronage and let others know.
