Privacy Policies: The Condensed Version

Several leading companies are developing shorter, more consumer-friendly versions of the privacy notices required each year by the Gramm-Leach-Bliley Act.

InformationWeek Staff, Contributor

August 15, 2002

2 Min Read

In the summer of 2001, consumers found their mailboxes stuffed with lengthy, almost indecipherable privacy-policy notices from banks, insurance companies, and other financial-services firms. The notices, required each year by the Gramm-Leach-Bliley Act, were largely ignored. "We almost deforested America to comply with Gramm-Leach-Bliley," says Alan Westin, a business privacy expert and publisher of the newsletter Privacy & American Business.

Now an effort is under way by a number of leading companies, including Citigroup, Fidelity Investments, IBM, J.P. Morgan Chase, and Procter & Gamble, to develop shorter, more consumer-friendly versions of the privacy notices. Although financial-service companies still must mail the lengthy privacy notices to comply with the law, the companies want to create accompanying easy-to-understand summaries akin to the content labels on processed food packages.

Much of the work is being done by the Center for Information Policy Leadership, overseen by former Experian Corp. chief privacy officer Marty Abrahms, at the Richmond, Va., law firm of Hunton & Williams. While the notices required by the law were supposed to reassure consumers about companies' privacy efforts, Abrahms says they frequently had the opposite effect. "Branding is about trust, and these notices were trust-sapping for some of the organizations involved," he says.

Using information gathered through consumer focus groups, the group has developed a prototype of the privacy notice summary. The draft uses terms such as "personal information" rather than "data" and eliminates unnecessary information required by the act, such as spelling out the fact that companies may share data with federal law enforcement agencies if subpoenaed. "I think that's pretty much assumed," says Leigh Williams, Fidelity Investments' chief privacy officer.

Abrahms expects that the privacy-policy summary will be widely adopted during the next two years and may even be written into the federal government's privacy legislation or regulations. "I think there's a growing consensus that this is a useful way to educate consumers," he says, "and help them compare one organization to another."

Illustration by Richard Borge.

Return to main story, "Making Privacy Work."

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights