Demystifying Privacy Policies

A company or Web site’s privacy policy details how that organization collects data and what it does with that data afterward. Specifically, a privacy policy should tell you the following:

• What type of information the organization collects

• What it does with that information

• With whom it shares the information

• What steps it takes to protect your privacy

The type of information the organization collects is important. Can it or its partners use the information to identify you? Does it provide enough information to enable the organization to contact you directly? It’s important that you pay close attention to who is collecting personal data and what is done with it.

While you may not care if a Web site uses your e-mail address to send you commercial e-mail informing you of new products and offers, it may become an issue if the site gives or sells that information to other sites. Before you know it, your e-mail address could be on every spam list in the country.

Most Web sites, especially commercial sites, have online privacy policies that you can read and review. Often, you must do this as part of your registration. Don’t just click Yes and move on, however. Take the time to actually read the policy and be sure that you aren’t giving away too much of your right to privacy.

Some Web sites may use a Platform for Privacy Preferences (P3P) policy. P3P is a technical standard that describes a standard format for privacy policies that Web browsers can retrieve automatically and interpret based on your browser’s privacy settings. Based on your preferences and the company’s P3P policy, your browser can determine whether to allow the site to collect information or place a cookie on your machine.

Another group of policies to which you should pay close attention are those that belong to wireless service providers, specifically companies that operate Wi-Fi hotspots. Some questions you should ask are:

• Does the company collect geographic data or track your movements?

• With whom, and under what circumstances, is this information shared?

• How long is tracking data stored?

Companies can only collect data that you allow them to, either by you supplying it or allowing them to collect it through observation. By being aware of who’s collecting data about you and why, you’ll be better prepared to protect your identity and limit your exposure to threats like identity theft.