Public Pitfalls Of Privacy Policies
Posted by
Patrick Mueller
March 15, 2007
Not too many years ago, it was an open question whether your Internet site required a privacy policy. Now, you'd be hard-pressed to find a site without one. Your customers and clients simply demand it. Although users who actually read a privacy policy may be few and far between, you'll quickly hear from them should you fail to provide one.
So, what does a privacy policy mean for your organization in legal terms? In particular, in the midst of record numbers of personal data breaches, how does your privacy policy fit into the legal fallout following a breach?
Think of your privacy policy as a legally enforceable promise that you make to your customers. If you break that promise, not only do you face the obvious damage to your company's brand, reputation and good will, but you may also face legal action from federal and state agencies.
For example, the FTC has pursued companies that have violated the terms of their privacy policies under its "Section 5" authority that prohibits "unfair or deceptive practices." In a 2003 case, Guess.com violated the terms of its privacy policy that stated: "All of your personal information including your credit-card information and sign-in password are stored in an unreadable, encrypted format at all times." It wasn't true: The database tables were in cleartext. Worse, they were available to attackers through SQL injection manipulation.
Page: 1 | 2 | 3 | Next Page »
