9 Ways To Bulletproof Your Privacy Policy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management // Big Data Analytics
News
10/23/2015
12:05 PM
Lisa Morgan
Lisa Morgan
Slideshows
Connect Directly
Twitter
RSS
E-Mail

9 Ways To Bulletproof Your Privacy Policy

Is your privacy policy rock solid, or could it use some work? Mistakes can mean lawsuits, regulatory fines, and damage to corporate reputations. Here's how to protect your company.
4 of 10

Keep It Simple 

There's a move to simplify privacy policies because they're too difficult for the average person to read and comprehend. Attention spans are short and privacy policies are long. Few people will take the time to read a document written in legalese and presented in a six-point type font. Because transparency is becoming a brand issue, some organizations are adopting a layered short notice, which presents privacy policy information in varying levels of detail: very short form; highlights; and the traditional full-blown document. Icons may also be used to simplify the communication of important points. 

'You're kind of complying with the letter of regulation but violating the spirit of it by not making your privacy policy clear and understandable,' said Patrick Fowler, chair of the privacy, data protection and cyber-security practice at law firm Snell & Wilmer, in an interview. 'The average reading level of the average American is 8th grade. There have been studies of Fortune 500 privacy policies [that say] to understand those policies you have to have a college-level education.'     

There's also the concept of Security by Design, in which users are prompted to consider the potential consequences of their privacy choices in context as they use a product, so that they can make an informed choice. 'The product has to align with the privacy policy in perpetuity as its being used. If the policy is changing every year, but the product is being revved every week, that's a problem,' said Jim Adler, chief security officer at Metanautix and member of the Department of Homeland Security (DHS) Data Privacy and Integrity Advisory Committee (DPIAC).   
  
(Image: Geralt via Pixabay)

Keep It Simple

There's a move to simplify privacy policies because they're too difficult for the average person to read and comprehend. Attention spans are short and privacy policies are long. Few people will take the time to read a document written in legalese and presented in a six-point type font. Because transparency is becoming a brand issue, some organizations are adopting a layered short notice, which presents privacy policy information in varying levels of detail: very short form; highlights; and the traditional full-blown document. Icons may also be used to simplify the communication of important points.

"You're kind of complying with the letter of regulation but violating the spirit of it by not making your privacy policy clear and understandable," said Patrick Fowler, chair of the privacy, data protection and cyber-security practice at law firm Snell & Wilmer, in an interview. "The average reading level of the average American is 8th grade. There have been studies of Fortune 500 privacy policies [that say] to understand those policies you have to have a college-level education."

There's also the concept of Security by Design, in which users are prompted to consider the potential consequences of their privacy choices in context as they use a product, so that they can make an informed choice. "The product has to align with the privacy policy in perpetuity as its being used. If the policy is changing every year, but the product is being revved every week, that's a problem," said Jim Adler, chief security officer at Metanautix and member of the Department of Homeland Security (DHS) Data Privacy and Integrity Advisory Committee (DPIAC).

(Image: Geralt via Pixabay)

4 of 10
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
11/19/2015 | 7:08:27 AM
Re: Granular Privacy Protection is coming to Mobile OSes
Nomii,

Unfortunately,looking at things mainly from a Content Providers point of view there really is no Middle-Ground here.Its either going to end up supporting one side or the other.

The Old ways of doing Business(in the advertising space) are most definitely coming to a close today.

We better get used to it.

 
nomii
50%
50%
nomii,
User Rank: Ninja
11/18/2015 | 5:19:29 AM
Re: Granular Privacy Protection is coming to Mobile OSes

@Ashish thanks for such informative and lengthy comment. I agree with your most points but the bone of contention prevails that we are trying to find ways to live with the problems and not finding solutions to end that. Providing ads to particular person on his research history is also the breach of privacy. If companys stop it, they are bound to loose alot of revenue but for customer privacy these are to be stopped. Now I am not finding any middle way to solve it. In this bargain one is to loose. But who?

Ashu001
100%
0%
Ashu001,
User Rank: Ninja
11/17/2015 | 11:30:25 PM
Re: Granular Privacy Protection is coming to Mobile OSes
Nomii,

One needs to accept that there will be atleast some Give and take in this space currently.

If you want Total Privacy ;then don't be Online or don't use most of these Free ad-supported Services/Apps these Developers provide.

Let me give you an example,For all my friends and Family who use Android Smartphones I recommend that they compulsarily install either AVG Free Antivirus or Avast Free Antivirus.

Does that protect against all threats out there in the Android space?No.But atleast its much-much better than being part of Android Mobile Botnet and seeing all your Mobile Data and Processor hijacked for someone else's use.

Is'nt it?

In return for this what does AVG/Avast ask from us?

The ability to supply Ads at the bottom of the screen whenever their product is running.

If it bothers some of my friends so much(the ads) I tell them to buy the Paid version instead.Some usually do upgrade the rest get used to the Ads.

There was a very interesting article I read recently on Online Ad Networks.Please do read it-
www.zerohedge.com/news/2015-11-16/online-advertising-threatening-open-internet




Also,do read all the comments below the main article as well.They are most informative.If it was some ad-maker who was talking about these issues I would'nt give it the slightest notice but because it was a Publisher/Content-Provider I paid extra attention.


What's a given is the Old Ways of Doing Business Online are coming to a close.How things will evolve is anybody's guess.

I though have seen some very interesting Ad-based Models take off in China,India and Africa today.

For instance,Micromax(India's No.1 Smartphone Vendor) has launched an App called the M-AD app(Micromax Advertising Digital Network) exclusively on their own phones.

Here,they have tied up with the world's 2 biggest Mobile Ad Vendors (Facebook and Inmobi) to channel their Ads to this Huge (over 10 million)Exclusive installed Base of Network Users.

What do the users get in return for viewing these ads on their Phones?

Since most of India's Mobile Phone market consists of Pre-paid Consumers they get paid in Talk-time.On Average,Mobile Phone users get to view enough ads on a monthly basis to accumulate enough points to earn about $5/month in Talk-time.Basically,this amount is more than enough to pay for their Monthly Phone Bills(India has the world's cheapest Mobile Phone rates so don't be too surprised).

In China,Alibaba also has setup something on Similar lines for their Vendors.

This way,atleast you don't antagonize your Viewer-base(of Ad-watchers) by delivering something Concrete/Tangible to them rather than hopelessly bombarding them with useless Ads and Privacy Invasions of Various kinds for which they see no tangible returns.

 

Regards

Ashish.
nomii
50%
50%
nomii,
User Rank: Ninja
11/17/2015 | 11:43:50 AM
Re: Granular Privacy Protection is coming to Mobile OSes

@Ashu I agree with you that things will definitely improve with more strict measures. I am not sure about what we have already lost with all the apps we are using that are not following the protocols you have mentioned. And am not sure if all the developers are truely following what they portray. I believe that there need to be a regulating authority which should be in command of generating a code of conduct that needs to be adheared by all. What is your opinion?

Ashu001
100%
0%
Ashu001,
User Rank: Ninja
11/16/2015 | 11:00:52 PM
Granular Privacy Protection is coming to Mobile OSes
Nomii,

I don't know how closely you track Mobile OS Development.

In Both Android and iOS ,the companies are coming out with more fine-tuned App Protection and Permission-levels where Users can decide which particular permission they wish to provide the App with.

I have seen 3rd party Apps in the Android App store which do the same,its good to have this feature by default in Android and iOS now.

Will that change things substantially for App Developers?

I am quite confident it will!

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
11/16/2015 | 10:54:26 PM
Snowden gives me hope for the Future
Nomii,

More than anything else the Edward Snowden Revealations gives me hope for the future.

Why would anyone who had a nice,cushy job with a Government Contractor(with every hope of actually getting a full-time Govt Job) go ahead and uproot himself entirely from his home and family for the sake of something as abstract as Online Privacy?

There are many such individuals out there today who will do whatever it takes to keep other decent folks anonymous and safe today.

More Power to them!

The Battle we fight against Corporation controlled Governments for Online Privacy is a multi-faceted one with immense ups and downs.

I don't think fate of this battle will be decided immediately.

 
nomii
50%
50%
nomii,
User Rank: Ninja
10/29/2015 | 10:49:50 AM
Re: Pending Review
@Ashu001 very true. Thats what I wanted to highlight that without reading the terms and conditions we will give all undesired rights to the company. For time being I think that the best solution is to read and understood the terms first. If we do that sensibly I am 100% sure we will not be able to download anything ever  :)
nomii
50%
50%
nomii,
User Rank: Ninja
10/29/2015 | 10:45:18 AM
Re: Pending Review
@Ashu001 I agree with you there that we need to thank snowden as he is the one who highlighted the backdoor privacy lose. I think whatever anyone says about NSA and PRISM I believe that these kind of programms need to be controlled and personal privacy is in no way to be violated. But I am not sure what damage is already done or what else we will hear infuture.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
10/26/2015 | 1:26:34 PM
Re: Pending Review
Lisa,

Capgemini covered this issue very well here.

Forget about being well-understood IMHO,the relationship is barely if at all understood currently.

Consumers for sure want relevant and customized Ads for their day to day needs.

BUt they also want the re-assurance that all the Data on them is not getting sold indiscriminately to the Highest bidder going around.

That would definitely be a massive disaster.

Would'nt it?

 
LisaMorgan
50%
50%
LisaMorgan,
User Rank: Moderator
10/26/2015 | 1:16:16 PM
Re: Pending Review
Capgemini recently did some sentiment research concerning retailers.  80% of the consumers surveyed were positive about personalization and 93% were negative about privacy.  I don't think the relationship between the two is well-understood.
Page 1 / 2   >   >>
Commentary
AI Regulation: Has the Time Arrived?
John Edwards, Technology Journalist & Author,  2/24/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Slideshows
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll