|In the buzzword-compliant society that we live in, one of the loudest buzzes these days is Privacy. Start-up companies trumpet their privacy protecting software. Privacy consultants are starting to dot the landscape. Companies are employing Chief Privacy Officers. The Federal Trade Commission is bringing charges and levying fines against companies for privacy violations. The buzz (and the fear of the FTC) has led to companies posting privacy policies saying: “We will never disclose anything to anyone EVER! We love privacy! Privacy is better than sliced bread!”
Why would I say such a thing? The fact of the matter is that, in the United States, privacy policies can say absolutely anything you want (the European Union is a different story altogether). If you want to say “I’m going to disclose your personal information to the first porn site to pay me a $1”, well… you can. Privacy policies are about The Truth. Privacy policies have nothing to do with privacy. Yet, companies always seem to post the most flowery, grandiose, and restrictive privacy policies on their websites. And this gets them into trouble.
Honesty: If you are going to share your customer’s information with some third parties, tell them. Put it in your policy. Don’t make grandiose statements of “your privacy is important and we will do everything we can to ensure that your privacy is maintained,” unless you are absolutely 100% positive that the statement is true. Watch out for the obvious: if you collect credit card information for payment, you need to be able to disclose information to the credit card authorization company.