Privacy Impact Assessment Guide: 7 Best Practices to Master PIAs
One of data privacy’s greatest challenges is that it can all feel...Read Now
October 23, 2019
Privacy policies are necessary to explain how a company collects, stores, uses and shares data about its customers or users, and the types of data that is collected. Most of this data is considered Personal Identifiable Information (PII) and may include a person’s name, email, address, phone numbers, credit card number, birth date, gender, age or any piece of information that identifies a person.
It’s remarkable how few people read privacy policies, given that this is personal data we likely wouldn’t willingly share with strangers. The Boston Globe recently explained the importance of these privacy policies this way: “Few people read the privacy policies that are part of most major websites. But they amount to a contract, promising visitors that the site will set reasonable limits on how it will use personal data.”
Fast Company reported on a new survey by Pew Research Center that found more than half of the 4,727 U.S. adults surveyed didn’t understand that privacy policies are contracts between websites and users about how those sites will use their data. In essence, most people are unknowingly signing away their rights to their own data. They blindly trust that the companies behind the websites they visit are being good stewards of their data. It’s only when there’s a publicized breach that they question their privacy practices.
Here are just a few of the issues that make practicing ethical, responsible data privacy so challenging.
Comparitech scored each state on how its laws governing online privacy compares with other states. Not surprisingly, California ranked at the top of the list, earning a score of 75 for its tough privacy and data protection laws. The state goes so far as to include “an inalienable right to privacy” in its state constitution and passing the California Consumer Privacy Act of 2018 (to go into effect January 1, 2020) that gives California residents unprecedented control over their personal online data. The worst scoring state? There was a tie between Mississippi and Wyoming. According to Comparitech, Wyoming employers “are not barred from forcing employees to hand over passwords to social media accounts.”
For companies with an online presence and who operate in different states, keeping track of each state’s laws is difficult and often manual process. For states with stricter regulations, a misstep in privacy practices can result in penalties.
Thanks to the Internet, companies today have customers and website visitors from all over the world. While the world is flat, giving rise to immeasurable opportunities, it also poses a distinct problem for companies who must adhere to different privacy laws across states and countries. The EU and California are not the only regions with strict privacy regulations and more regulations are sure to come.
Organizations with an online presence must be compliant with the privacy laws of dozens of countries, as well as display consent dialogs in native languages and record consents and revocations for cookies. This is nearly impossible to do manually for each website visitor, putting companies at high risk for non-compliance.
Keep in mind that their privacy practices may frequently change. That means you have to continually monitor their practices and determine whether they are putting you at unacceptable risk. If they have a breach, for instance, will your customers, the Department of Justice and the media blame you or them or both?
To make things more complicated, your vendors also have vendors who may use the data you’ve shared. You can see how quickly your web of vendors grows. It’s critical to track all of your third- and fourth-party vendors so you can prove you were doing your due diligence.
That means instead of dedicating resources to a nearly impossible task, you can ensure your website is compliant in every state and country in only minutes. You can track privacy ratings for thousands of vendors to understand your risk instantly over time. You can be alerted when a vendor changes their policies and when privacy laws are added or changed.
Data privacy policies are more than a big deal; they are everything. Consumers are increasingly looking for transparent companies and 75 percent of Americans say they are not okay with companies using their personal data. Even more eye-opening is the fact that 72 percent of adults support a national privacy protection law. Protecting user data is not only the right thing to do, but it is also quickly becoming a differentiator amongst brands.
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.