Why Your Company Needs a Privacy Policy

  • by Noah Ramirez, JD / CIPP
  • last updated June 2, 2020
  • 3 min read
Why Your Company Needs a Privacy Policy

Why Your Company Needs a Privacy Policy

Massive data scandal and breaches are changing the way individuals and organizations regard data privacy and security. Amid a digital environment with pervasive ‘fake news,’ fraud and the decentralization of the web via social media channels, consumers are genuinely distrustful — Edelman’s 2019 Trust Barometer reports that 73% of internet users foster suspicion. Key factors that can exacerbate distrust include brands soliciting too much information from users, confusing, dense privacy policies and behavioral advertising creep (the incursion of ads into previously private ad-free spaces like bike lanes, parking meters, public bathrooms, etc.).

In today’s digital age, building authenticity and forging real connections through technology may be an anomaly amid headlines, but it’s a necessary direction for technology to move in to counter techlash. And not just because chariness is bad for business. “If the lifeblood of the digital economy is data, its heart is digital trust,” states a recent PWC article. Right now, companies need to create and manage trust with their users. One way to do that is through a privacy policy.

Your Business Needs a Privacy Policy

Privacy policies provide an opportunity for organizations to explicitly lay clear their operating terms, and to examine the policies of those they conduct business with. Concise, digestible information can relay a company’s protocol regarding areas of common consumer mistrust like transparency of data sharing and selling practices, security terms, compliance obligations, operational risks or breach management strategies.

Essentially, a privacy policy serves as a shared agreement around your product or service offering and the consumer using said service or product. Privacy policies provide a framework for accountability, transparency, auditability and ethical behaviors. Without a clear understanding of motive and use, many individuals are beginning to default to the idea that technology errs on the side of harm rather than help. Just look at San Francisco’s recent ban on facial recognition technology as one example of fear ruling over the acknowledgment of potential useful applications. And you have to admit, the fears have merit.

There is a growing trend of legislative measures like the European Union’s General Data Protection Regulation (GPDR) and the California Consumer Privacy Act (CCPA) that seek to establish uniform and codified privacy policies, but until the U.S. passes federal regulations, each company is left to navigate the muddy waters based on where they do business and with whom they do business. Developing a privacy policy reflective of your business is a step toward fostering trust with your customers and can help protect your ass(ets).

Try Osano Free!

Visibility into Your Vendors’ Policies

Digital interactions between companies using third-party services to deliver their own services or products, selling and/or sharing data and employing technology solutions on the day-to-day are creating a more complex and unwieldy risk surface area. The Institute of Internal Auditors Research Foundation found that third-party vendors are responsible for two out of every three data breaches.

This means that knowledge about your vendors, and your vendors’ vendors is a prerequisite to not only mitigate your business’ exposure to vulnerabilities but also to protect your viability for future success. But exactly how do you tackle the considerably long, and often abstruse texts of privacy policies? The short answer is help.

Change is the Only Constant

With a wave of location-specific privacy policy addenda cropping up, see Nevada and Maryland for example, change is expected to be the only constant.

Curious about privacy? Find out how Osano automates compliance & saves you time! Learn more

Right now, privacy policy practices require a few things. First, a pivot toward being useful in conveying to a user how exposed they are in plain-speak through your company’s data collection practices. The historically legalese- and jargon-rich documents do little to inform the public of your habits and practices. This only exacerbates distrust and breeds reticent users.

Second, organizations need to uphold privacy-conscious behaviors to bring trust back into the technology equation. Privacy policies aren’t the end-all, be-all solution to building genuine connections to consumers but they are a great place to start.

Noah Ramirez, JD / CIPP

About The Author · Noah Ramirez, JD / CIPP

Noah is an Osano staff attorney focusing on data privacy best practices, legislative monitoring, and policy monitoring. When he's not writing about or researching data privacy Noah enjoys rock climbing and yoga.