Skip to main content

The terms of the FTC’s proposed settlement apply only to Facebook. But to paraphrase noted legal scholar Bob Dylan, companies that want to stay off the law enforcement radar don’t need a weatherman to know which way the wind blows. What practical pointers can your business take from the Facebook case and other recent FTC actions dealing with consumer privacy?

1) Promises, promises. Not making any privacy promises? Think again. Reread your privacy policy to see just what you’re telling customers and visitors you do with their information. And take a look at the privacy settings and other controls you offer. Like any other advertising claim, what you say about how you handle people’s info has to be truthful, not deceptive, and backed up with objective proof.

2) Legal-ease. Now that you have your privacy policy in front of you, show it to a real person — your receptionist, the guy in the warehouse, a member of your family. If they’re not clear on what it says, chances are your customers aren’t sure either. Yes, run it past Legal, but like the rest of your site, your privacy policy should be clear, direct, and easy to understand. Keep geek-speak and legal mumbo jumbo to a minimum.

3) Attitudes, not platitudes. “We at Acme Industries use every means to protect your privacy and never share your information without your permission.” Some retailers lace their privacy policies with lofty language, but don’t back their words up with actions. Remember: Statements like that aren’t just yadda yadda. They’re promises you have to keep. For example, the FTC settled a case with a company that claimed “We are committed to maintaining our customers’ privacy,” and yet failed to protect personal information from a well-known and easily preventable form of hack attack.

4) Color my world. Let’s face it: A lot of privacy policies mumble “Don’t read me.” The type is tiny and the text is dense. They’re often formatted in snooze-inducing shades of grey, in contrast to the eye-catching graphics on parts of the website designed to sell something. So here’s a crazy idea: How about giving your creative team a crack at rebooting the look of your privacy policy? A little color here, a bigger font there. Why not give it a shot?

5) Ch-ch-ch-changes. For security-minded customers, your information practices may be a key factor in their decision to do business with you. But what if you collected info from them under one set of rules and now want to change what you do? Wise marketers call customers’ attention to the proposed change and get their express OK first. Just editing what you say in your privacy policy won’t alert them to what you plan to do.

6) Time for a tech tune-up. If it’s been a while since you wrote your privacy policy, reconsider it in light of new technology you’ve put in place. What was true back in the day may not be the case if you’ve introduced a mobile app, switched service providers, or made other changes to your business.

7) Natural resources. You’ve got a business to run, so save time and money by using free resources from the FTC. Bookmark the Business Center’s Privacy & Security portal for the latest on law enforcement and plain-language compliance suggestions. Visit OnGuardOnline.gov for tips from the federal government and the technology industry.
 

Tags:

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

More from the Business Blog

Get Business Blog updates

 
Return to top