Data Privacy Policies

I’ve blogged about this topic in the past — on an earlier, now defunct blog. But I think it is a topic that should be of interest to all of us who consider ourselves data professionals…so let’s talk about data privacy policies.

We’ve all seen them, if not read them. You know what I’m talking about… those little flimsy paper inserts that your bank, your credit card companies, your insurance company, your mutual fund company, and others slip inside your statements and bills.

We all get them. Those inserts in our bills and financial statements printed in small type and written in convoluted English. I have started collecting them – sort of like baseball cards. But I doubt they’ll ever be valuable. They are entertaining, though. And many are quite disheartening.

You really should read them. There are all sorts of interesting phrases and sentences written on those little pieces of paper. Some companies are a lot better than others in terms of what their privacy policy promises, but if you read just about any of these little documents you’ll likely find something to trouble your tormented soul.

One thing you’ll see in just about every one of these little documents is the phrase “…unless otherwise permitted by law.” So, basically they are telling us this: “We’ll do what we say here unless we can find some law that allows us not to.” Oh great! I guess we all have to read every law on the books before we can trust this policy. I’d feel a lot better if the document had the phrase “…unless otherwise forbidden by law” in it. That way we could (hopefully) feel confident trusting the policy to be as strong as what is actually written there, if not moreso. As it is, we should feel confident that the policy is not anywhere near as strong as what is actually written there until it is proven otherwise. I guess I’m a pessimist, but I think I’m actually more of a realist given the sad state of data privacy, security, and protection these days.

Hopefully the above statement refers to the more useful and explicit information found in another privacy policy I read recently: “For example, federal law permits us to share information about you with consumer reporting agencies, service providers and financial institutions with which we have joint marketing agreements.” At least this company tries to explain their intentions instead of just appending “…unless otherwise permitted by law” all over the place.

Here is another line that I despise from yet a another privacy policy: “When required by law, we will ask your permission before we share your information for this type of marketing.” The type of marketing referenced here is with “nonaffiliated service providers and joint marketing programs.” So, this policy is basically saying that this company will take your information and share it with anyone they want unless the law forbids it. Oh, it does say that they require the folks they share the data with to “keep our investor information confidential and secure and to use it only as authorized by us.” But I wonder how strict this requirement is? And what is the stated privacy policy of these partners?

Here is a classic taken verbatim right out of the privacy policy of a large bank: “Even if you do tell us not to share, we may share other types of information within our family.” So, why should I even waste my time trying to stop you? If this company were honest they would change the name of this policy to the “lack of privacy policy,” because that is what it is. A better privacy policy would protect their customer’s information much better. If there are specific things that will always be shared these should be explicitly stated and referenced. And it should be clear what is meant.

It is interesting to compare the privacy policies for the same company as (if) they change each year. One trend seems to be the addition of Chief Privacy Officers. This could be a good trend. But I bet the Chief Privacy Officer is more concerned with furthering the interests of the company s/he works for than actually protecting the privacy of the company’s customers. But maybe I’m being a pessimist again?

The bottom line is that privacy is evaporating. We should try to do as much as we can to stop that evaporation. So should the companies that we do business with. And so should all data management professionals who deal with corporate data on a daily basis.

Advertisements

About craig@craigsmullins.com

I'm a strategist, researcher, and consultant with nearly three decades of experience in all facets of database systems development.
This entry was posted in information and tagged . Bookmark the permalink.

One Response to Data Privacy Policies

  1. Pingback: Tweets that mention Data Privacy Policies | Data and Technology Today -- Topsy.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s