Monday, November 27, 2006

To Publish a Privacy Policy or Not to Publish a Privacy Policy

Here's an article arguing that "publishing a privacy statement may be more harmful than not publishing one"only if enforcement, implementation and monitoring don't intersect as they should :

"This case demonstrates a complication relating to companies' claiming that they have security measures to protect their end users' privacy. Large, established companies, like Eli Lilly, understand this issue but may still have problems ensuring compliance to their privacy policy. But many emerging companies immediately post their claimed privacy policies on their company websites. These companies often fail to assess the potential risks, burdens and liabilities associated with publishing a privacy policy. They do not realize that publishing a privacy statement may be more harmful than not publishing one."

Privacy exposure assessments still remain rather unpopular among leading companies, and compliance with industry specific requirements for processing and storing personal information continue indirectly replacing what a Chief Privacy Officer would have done in a much more adaptive manner. Can we that easily talk about Total Privacy Management (TPM), the way talk about Total Quality Management (TQM) as an internal key objective for strengthening a company's reputation as a socially-oriented one? It would definitely turn into a criteria for the stakeholders, and a differentiating point for any company in question in the long term. The future of privacy? Don't over-empower the watchers or you'll have the entire data aggregation model of our society used against your rights for the sake of protecting you from "the enemy or the threat of the day".

You may also find some comments from a previous post on "Examining Internet Privacy Policies" relevant to the topic :

"Accountability, public commitment, or copywriters charging per word, privacy policies are often taken for fully enforced ones, whereas the truth is that actually no one is reading, bothering to assess them. And why would you, as by the time you've finished you'll again have no other choice but to accept them in order to use the service in question -- too much personal and sensitive identifying information is what I hear ticking. That's of course the privacy conscious perspective, and to me security is a matter of viewpoint, the way you perceive it going beyond the basics, the very same way you're going to implement it -- Identity 2.0 as a single sign on Web is slowly emerging as the real beast."

No comments:

Post a Comment