Skip to main content /TECH with /TECH

Corporate privacy policies scrutinized


(IDG) -- Many corporate privacy policies are too hard to find, too long and too confusing, according to one U.S. trade commissioner, who said companies should take steps to standardize their policies in much the same way food companies use nutrition labels that make it easy for consumers to count calories.

"In short, many privacy policies are beginning to look like complex legal documents that do not give consumers real choice," said Federal Trade Commissioner Sheila Anthony.


 • How encryption works
 • How the FBI's e-mail surveillance works

 • Consumer
 • Personal
 • Criminal

 • Security on the Net

At the first Privacy and Data Protection Summit Thursday, among the trends Anthony cited as disturbing was a tendency among some companies to establish privacy policies that grant companies sweeping rights to sell and transfer customer data. "Some site owners take an arrogant view and say that they know best," she said.

But some corporate officials at the conference, which was sponsored by the Philadelphia-based Privacy Officers Association, said the federal government should take some of the blame for complex privacy policies.

Financial services companies, for instance, said that to comply with the privacy provision of the Gramm-Leach-Bliley Act, the financial modernization law approved in 1999 that takes effect July 1, privacy policies must include legal language from that act as well as from state laws affecting privacy.

Citigroup Inc. in New York has addressed that problem by creating, in effect, two versions of its privacy policy that are sent to consumers. One version is structured to meet the requirements of the law, but a second version outlines the company's privacy policy in 10 short points. Customers like the latter version, said Stephen Durkee, the company's privacy implementation officer. The feedback they get from customer research is that "this sounds like it really came from you and not from your lawyers," he said. INFOCENTER
Visit an IDG site search

Harriet Pearson, IBM's chief privacy officer, acknowledged that "we need to work toward making [privacy policies] simpler" but also said it's an evolving process. Only a few years ago, many companies had no privacy policies, she said. Today, there are ongoing industry initiatives to improve policies, said Pearson.

Anthony also said there are limits to what the Federal Trade Commission (FTC) can do to make companies improve their practices. "I believe the lack of comprehensive federal privacy legislation to protect consumer privacy has created a schizophrenic environment that is bound to get worse," she said.

More than 450 privacy-related bills have been introduced in state legislatures, raising the possibility of a patchwork of laws making an "untenable situation" for businesses, said Anthony. Moreover, it's expected that the European Union will begin enforcing its own data-protection laws next summer, giving European residents greater privacy protection than U.S. citizens have.

Congress, meanwhile, is considering almost 50 privacy bills. However, the outlook for any kind of privacy legislation this year appears remote as lawmakers stumble over the details.

"The way things are in Congress right now, it may well take a push from the administration to get something out," said Joel Winston, acting associate director of the FTC's Bureau of Consumer Protection.

Privacy advocates: Amended spam bill lacks teeth
April 19, 2001
Sloppy e-privacy policies abound in Asia
February 13, 2001
States to weigh in on Net privacy rules
January 25, 2001

New tools attack privacy issues
(Network World Fusion)
EU privacy directive would cost US consumers
Regulate privacy
No playing games in childrens' online privacy
Health care industry braces for privacy regs
Internet privacy: A matter of competition?
Privacy group issues guidelines on bankruptcy and privacy practices
Armey advises caution on privacy legislation

Federal Trade Commission

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


4:30pm ET, 4/16

Back to the top