Combatting distrust via your company privacy policy

  • by Matt Davis
  • · posted on May 3, 2022
  • · 3 min read
Combatting distrust via your company privacy policy

After an onslaught of massive data scandals and breaches in the last several years, organizations are not only changing the way they think about data privacy — they’re making privacy policies a top priority.

And it’s for the best because consumers, in general, harbor deep distrust in light of fake news, regular fraud, and web decentralization. In fact, Edelman’s 2021 Trust Barometer found that fake news concerns are at an all-time high, suggesting we’ve officially entered “a new era of information bankruptcy.”  

Unfortunately, if companies aren’t careful, it’s easy to exacerbate consumers’ distrust. When brands solicit too much user information, carry confusing messaging, boast dense privacy policies, or engage in behavioral ad creep, they’re adding to the problem.

Building authenticity and forging real connections through technology can be tough in today's digital age. Still, to counter “techlash,” it’s vital. In a time when consumers are cautious, skeptical, and fearful, companies must find ways to foster and maintain their trust. One way to do that? Developing a privacy policy.

Your business needs a privacy policy

At its core, a company privacy policy is a shared agreement with consumers who use your product or service. Privacy policies provide a framework for accountability, transparency, auditability, and ethical behavior. 

Armed with a privacy policy, your organization can explicitly spell out its operating terms, as well as policies around how you conduct business with other parties.

In your own policy, use digestible language to relay company protocols surrounding areas of common consumer distrust, like: 

  • transparency of data sharing and selling practices, 
  • security terms, 
  • compliance obligations, 
  • operational risks, 
  • and breach management strategies.
It’s important to address these consumer fears, especially amid a steep belief that technology harms more than it helps. 

Try Osano Free!

This is not a new way of thinking, either.

Consider the consumer reaction to Apple’s release of the iPhone 5S back in 2013. Arguably, the phone’s most notable feature was Touch ID, where the home button’s new fingerprint scanner could unlock your phone, removing the need to key in a password every time. While some marveled at the technology, others immediately jumped to scarier conclusions: Apple was using our fingerprints for privacy and identity tracking. 

Of course, Apple worked to debunk this myth, but it became clear that consumers generally don’t trust how companies use their information. 

And that was nine years ago.

Luckily, a growing trend of legislative measures like the European Union’s General Data Protection Regulation (GPDR) and the California Consumer Privacy Act (CCPA) seek to establish uniform and codified privacy policies. 

Still, until the U.S. passes federal regulations, companies are left to navigate the muddy waters based on where they do business and with whom. Developing a solid privacy policy is a step toward fostering trust with your customers.

Visibility into vendor policies

Companies that regularly use third parties to deliver their own services or products, sell or share data, or employ tech solutions are creating a more complex and unwieldy risk surface area. 

In fact, a 2020 study by IBM and the Ponemon Institute listed third-party software vulnerability as one of the most common methods of compromise; another report suggests roughly 60% of data breaches happen through third-party vendors.

Curious about privacy? Find out how Osano automates compliance & saves you time! Learn more

This means knowing your vendors — and their vendors — is necessary for not only mitigating your company’s exposure, but also protecting your viability for future success. But how, exactly, do you tackle the considerably long (and often abstruse) verbiage of privacy policies? 

The short answer is help.

Change is the only constant

As more location-specific privacy policies arise and evolve — Colorado, Nevada, Maryland, and Virginia all have their own addenda — change is evidently the only constant.

Right now, privacy policy practices require a few things. First, your company policy should use simple, straightforward language about how you collect data (and, frankly, how exposed or unexposed a user may be). Plain-speak is your friend. 

Similar documents, historically riddled with legalese and jargon, now do little to inform consumers of your habits and practices. These days, it only exacerbates distrust and reluctance. 

Second, organizations must uphold privacy-conscious behaviors to reinstate consumer trust in technology (and not just say so in a privacy policy). Privacy policies aren’t a finite solution to building genuine consumer connections, though they’re a great place to start.

Isn’t it worth knowing whether your site is 100% compliant? We think so. Find out today when you sign up for a demo or free trial.

Matt Davis

About The Author · Matt Davis

Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.