subscribe: Posts | Comments

About that privacy policy of yours that no one ever reads…

Comments Off on About that privacy policy of yours that no one ever reads…

It goes without saying that you should have a privacy policy if you are accepting personally identifiable information through your web presence or social media initiative.  The Federal Trade Commission, by the way, agrees — and trust me, you don’t want the FTC taking an interest in you or your business.

But ironically, all of that time, money and brainpower you spent on crafting a best-of-breed privacy policy may result in a document read by…no one.  Go ahead — check your analytics — see how often someone takes a look at your privacy policy, or even your terms and conditions.  Not a big source of hits, is it?  That one person who looked at your privacy policy last week?  That was me. 

And even when consumers have independent access to information about privacy, they don’t seem to be paying attention.  According to one recent study, even on Facebook (the subject of endless media focus on privacy) 25% of users don’t use privacy controls.  So if users don’t care, why should you?  Believe it or not, I get this question all the time: “Can’t I just copy a privacy policy from someone and then just paste it into a link?”

Yet even if no one (and I mean literally no one) looks at your privacy policy, if you accept personally identifiable information you need one.   A good one.  One customized for you and you alone.  Beyond the regulators-will-get-exceptionally-angry explanation (and you should not underestimate the power of an irritated regulator), there is another, self-interested reason for this — and it is both aspirational and practical. 

If you do not have a policy, your organization will have no sense of its limits.  Putting one together forces you 9and your team) to decide what it wants to be doing, and why.  It forces you to weigh the benefits against the risks.  In other words, it forces you to have a strategy

That normative function is great — but having a privacy policy also forces you to do an empirical analysis of what you’re doing right now.  A good privacy policy describes your activity with clear-eyed accuracy.  The process of drafting a privacy policy forces you to engage in a review of your marketing practices that allows you to get your arms around what is actually happening in your organization.  I can assure you that even sophisticated folks are often surprised by what they find.

So do people read your privacy policy?  Probably not.  Should you have one? In the immortal words of my eleven year-old son: duh!