9 Ways To Bulletproof Your Privacy Policy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management // Big Data Analytics
News
10/23/2015
12:05 PM
Lisa Morgan
Lisa Morgan
Slideshows
Connect Directly
Twitter
RSS
E-Mail
100%
0%

9 Ways To Bulletproof Your Privacy Policy

Is your privacy policy rock solid, or could it use some work? Mistakes can mean lawsuits, regulatory fines, and damage to corporate reputations. Here's how to protect your company.
Previous
1 of 10
Next

(Image: tigerlily713 via Pixabay

(Image: tigerlily713 via Pixabay

Any company that collects, stores, and uses personal information should have a privacy policy. However, not all privacy policies are created equal.

Although many privacy policies may look the same, the riskiest ones fail to reflect what the company actually does. These can expose the organization to potential regulatory audits, fines, lawsuits, and reputational harm. To reduce the risks associated with such disconnects, businesses should spend more time thinking about -- and operationalizing -- their protection of sensitive data.

However, many organizations don't take their privacy policies seriously enough, as evidenced by the growing number of data breaches and the increasing amount of regulatory oversight.

[ What's your disaster response plan? Read Crisis Response: 6 Ways Big Data Can Help. ]

"If the regulators fined everyone for failing to follow certain regulated procedures, they'd have to fine everybody because nobody does it right," said Walter O'Brien, in an interview. He's founder and CEO of Scorpion Computer Services, the real-life company (with a real live person) upon which CBS's Scorpion TV show is based. "They'd be fining 99% of the industry, and there would be an uproar," said O'Brien. "There should be an uproar. You don't sue Wells Fargo every time it gets hacked."

Toothless privacy policies are common. In June 2015, the Online Trust Alliance (OTA) audited the security, privacy, and consumer protection practices of approximately 1,000 companies, all of which are the leading organizations in their respective industries. They included the top Internet retailers, banks, US federal government sites, social networking and sharing sites, news and media companies, Internet of Things providers, and OTA members. Forty-five percent failed to protect consumers and their data from harm and online threats. Forty-four percent made OTA's "Honor Roll" because they achieved a weighted score of 80 or better on a scale of 1–100, based on 50 different data points. When the OTA audited the top 23 presidential candidates in September 2015, it found that 74% failed because of their privacy policies.

"The FTC has been very aggressively prosecuting companies that don't really do what they say or say what they do," said Jim Adler, in an interview. "Where companies go sideways is not so much what they say, but whether they can live up to what they're saying." Adler is chief security officer at big data analytics company Metanautix and member of The Department of Homeland Security Data Privacy and Integrity Advisory Committee.

To minimize your own company's risks, consider these nine pointers.

Lisa Morgan is a freelance writer who covers big data and BI for InformationWeek. She has contributed articles, reports, and other types of content to various publications and sites ranging from SD Times to the Economist Intelligent Unit. Frequent areas of coverage include ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
LisaMorgan
50%
50%
LisaMorgan,
User Rank: Moderator
10/26/2015 | 1:12:09 PM
Re: Pending Review
The internal threat is very real and not often addressed as well as it should be.  
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
10/24/2015 | 12:00:02 PM
Re: Pending Review
Nomii,

The smartphone app fact you mentioned is particularly pertinent here.

When someone wants to download a Game of Sudoku or freecell or solitaire;Why does the app-maker want to know whether the phone has a working wi-fi connection or not?

Don't get me started on the constant demands for Location??

Unfortunately,not everyone is educated and/or willing to appreciate the extent to which they have lost or are losing their Privacy today.

Sad but true reality currently.

 

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
10/24/2015 | 11:48:56 AM
Re: Pending Review
Nomii,

The Big Problem with that issue is when one needs to decide whether or not one can trust the Regulatory authority in Question.

In the case of America,I can tell you with 100% Certainty you can't trust the Regulatory Authorities concerned simply because of the "Revolving Door" in place between Corporations and the Government in America without a Cooling-off period in place.

Its the same story in the FDA or the Federal Reserve.

One has to eventually trust the invisible hand of the market.

No one else can be trusted to deliver 100% transparent Governance here.

The Market and also the fact that thanks to EFF and the Big Snowden Leaks as well as those on the Great-Great Newspaper -The Intercept(editor is Glenn Greenwald who first broke the Snowden Story) has put most ordinary consumers on guard regarding the most blatant examples and cases of Privacy Violations out today.

 
nomii
50%
50%
nomii,
User Rank: Ninja
10/24/2015 | 1:33:41 AM
Re: Pending Review

I believe that to stop this kind of secret breaches of privacy by companys there must be a regulatory authority looking after these companys and devising a single terms of conditions keeping in mind the privacy aspects of the users. Otherwise its only we who will be suffering and only users to be blamed.

nomii
50%
50%
nomii,
User Rank: Ninja
10/24/2015 | 1:30:08 AM
Re: Pending Review

The privacy breaches is most of the time authorized by the ill informed users and companys just use it with no worries. Like in many apps in smart phones once you try to install it, it asks you terms and conditions. The terms mentioning many aspects which people even do not understand but the eagerness of downloading the app make them go for downloading it without knowing the consquences. Once privacy breaches occurs people start to blame the companys but in actual they have themselves given that permission.

<<   <   Page 2 / 2
News
Achieving Techquilibrium: Get the Right Digital Balance
Jessica Davis, Senior Editor, Enterprise Apps,  10/22/2019
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll