What Should I Know About Privacy Policies?
What personal information is collected?
What kinds of personal information does the organization collect from you? Personal information that businesses and government agencies ask you for may include the following: your name and home address, your home phone number, your email address, your Social Security number, your driver’s license number, your financial information, such as credit card numbers, bank account numbers, and household income, your medical information, such as your health insurance plan, diseases or physical conditions, and prescription drugs used, your education and work experience, and other details of your personal life, such as your date of birth, the names and ages of your spouse or children, and your hobbies.
How is the information collected?
In addition to asking you to provide personal information on a paper or online form, an organization may collect information “automatically” through its website. One way to do this is through the use of “cookies.” Internet cookies are small text files placed on your computer by a website you visit. A cookie contains information on you that your browser saves and sends back to a site when you visit it again.
Why is the information collected?
Does the personal information asked for seem appropriate to the transaction? For example, your name, home address, phone number, and credit card number may be necessary for making and shipping your purchase. Your household income and hobbies are not. Pay attention if a business or website asks for information beyond what is needed for the transaction. The purpose for the extra information should be clearly stated. Look for an opportunity to opt out of, or say no to, giving the extra information. Consider going somewhere else if you can’t complete the transaction without giving up personal information you think is unnecessary.
How is the information used?
Who will have access to the information?
Does the company or website share customer information with other companies? Does it share information with its affiliates or companies in the same “corporate family”?
What choices do you have?
Look for opportunities to opt out of the use of your information for marketing and the sharing of your information with others. There should be an easy way to opt out, such as calling a toll-free phone number or sending an email.
The Center for Democracy and Technology has created Operation Opt-Out to help you get off marketing lists and limit the sharing or sale of your personal information. Their website contains forms you can print out and mail or send online to opt out of information sharing by many Web portals, data aggregators, and businesses.
According to Consumer Reports’ E-Ratings, the better companies and websites do not share personal customer information with other unrelated companies unless the customer consents in advance.
Can you review or correct your personal information?
An organization may give you the opportunity to review or request changes to the personal information that it has collected on you. Look for instructions on how to do this.
What security measures are used to protect your personal information?
Websites requesting personal information should use Secure Socket Layers (SSL), the industry standard for protecting private information sent over the Internet. The information is encrypted, or scrambled, into a code. This means that your information can’t be read during transmission. Look for signs of security on Web pages where you enter personal information. Look for “https,” rather than the usual “http,” in the address window. Look for a closed lock icon in the lower right or left corner of your screen. These signs mean the connection is secure. You should remain in this secure zone for the entire checkout process.
Good security also means using strong security measures, such as encryption, to protect personal information when it’s stored on company computers. It includes technology and procedures to limit access to customers’ personal information to only those who need it to perform their duties.
Who is accountable for the organization’s privacy practices?
A website may offer assistance with consumer complaints through a “privacy seal” program. The two major programs, TRUSTe and the BBBOnline Reliability Program, both require seal holders to follow certain privacy practice guidelines.9 Click on the seal logo for information and assistance on privacy issues.
More Information on Privacy Policies
Center for Democracy and Technology: Getting Started: Website Privacy Policies
Source: California Office of the Attorney General
- What should I do if my online account has been hacked?
- How do I know if a website is trustworthy?
- What is encryption?
- Are cybercafes, airports, libraries and other publicly available Internet terminals private?
- Online Privacy Protection
- Tips for Safe Internet Use
- Is Your Computer Secure?
- Protecting Your Child’s Online Privacy
- Teens’ Online Privacy
- Children’s Online Privacy Protection Act (COPPA)
- California Online Privacy Protection Act (CalOPPA)
- Recent Online Privacy Protection Laws in California
- California Online Privacy Laws
- Frequently Asked Questions About Online Privacy