Always Read the Privacy Policy Fine Print

It is important to periodically stop and reflect on our privacy over the past year, decide what aspects of our life we want to keep private, and identify areas where we may want to increase our privacy.

A quick look at this infographic titled 2011 Data Privacy in Review; the Good, the Bad, and the breached shows it was a bumpy ride for personal data privacy last year. Tens of millions of consumers had personal information exposed by corporate and medical data breaches, and you may have been one of them. Last year also saw the highest volumes of malware and cybercrime in history, and you may have exposed your information if you fell for one of those exploits.

Fortunately, last year also saw some privacy gains. Global spam volumes dropped, several companies strengthened and simplified their data privacy policies, and there was an increase in regulatory agencies monitoring companies and setting privacy guidelines.

Perhaps even more importantly, data privacy is now being discussed broadly by governments, companies, in public conversations and in homes as families realize that a child’s profile now has two meanings, and both meanings may clearly identify them.

Decide what information you want private

The first step in managing your data privacy is determining which information you want to keep private. You’ve heard lots of privacy recommendations – like don’t share your passwords, don’t put embarrassing information or photos online and so on, but only you can decide what pieces of information you actually care about keeping private.

Once you’ve decided what information you want kept private, the next step is taking action to protect that information. This means securing your devices so they don’t get malware[1] , personalizing the privacy settings on your accounts, using strong passwords, and monitoring your identity[2].

Understand the rights companies claim to your information

Protecting your information also means knowing what rights websites and services claim over any content you post on their sites – and that means reading the privacy policies you typically ignore.

You know you should read each website’s privacy policy but they’re often long and complicated – in fact, the average privacy policy is 2,462 words long. With the average person reading 244 words a minute it takes about 10 minutes to read the average privacy policy[3].

If you think that sounds long, Facebook’s privacy policy is 6,748 words[4] – requiring the average person to spend about 28 minutes to read it!

It can be tempting to skip the fine print assuming that if everyone else is using the site, the privacy policy must be ok, but that assumption can put your data at real risk.

Take a quick look at this Privacy Policy infographic[5]. Out of the top 1,000 websites 38 don’t even have a privacy policy, and only 124 explicitly say they share information with other companies. Many more companies share your information without telling you they’re doing so.

Facebook’s failure to notify consumers of how they share information went to the Federal Trade Commission (FTC) for a ruling last year, and the FTC determined[6] that consumers were not being given adequate information.

Now the FTC is conducting ongoing audits of Facebook’s privacy practices and requires Facebook to give consumers clear and prominent notice about sharing their information with other companies, and to get express permission from users before their information can be shared beyond what is included in the privacy settings users have established. Unfortunately, this is just addressing the issues of one company, as consumers you have to consider the practices of every company you interact with online.

This means that unless you actively use privacy settings and read privacy policies, the information you care about protecting may not be protected at all on some websites. To protect your data privacy, avoid sites that require you to share more information than you’re comfortable with, or that share your information with others.

Understand that new technologies change the privacy landscape

Protecting your privacy also means understanding the impact of rapidly changing new technologies like public data mapping like Facebook’s Timeline, location tracking, and facial recognition tools now available in both Facebook and Google+. Without proactive measures these tools can quickly expose information you may want private.

5 simple steps[7] to increase your Facebook and Google+ privacy:

  • Understand public fan pages. Anything you post on these pages is public by default, so look for and set the privacy option to make these posts private.
  • Edit your Timeline. The default in Timeline in the U.S. is that all your information is public (in Europe Facebook had to change the default to private). Either way, look at all your posts from the time you first set up your profile, and delete anything that you don’t want seen to safeguard your privacy – and your reputation.
  • Stop tracking potential. Facebook can track your online activities even when you’re logged out. To prevent this, delete Facebook cookies in your browser.
  • Consider using the security level functionality available in Facebook before posting. Look for a small icon under items in your news feed to see who has access to view your posts before you decide what to post.
  • Disable photo recognition in both Facebook and Google+. Researchers at Carnegie Mellon University could successfully identify about 1/3 of the people found in snapshots using Google’s facial recognition technology[8] – and “that about 27% of the time, using data gleaned from Facebook profiles of the subjects he identified, he could correctly predict the first five digits of their Social Security numbers.” Showing how easy it is becoming to identify people from bits of supposedly anonymous information.

Privacy laws are struggling to keep pace with technology’s ability to collect and package your information, and with companies’ desire to profit from your information. Fortunately governments around the world are beginning to take clear steps in the right direction.

For example, In the U.S. the FTC is now asking for public comments as it considers the privacy implications of facial recognition technologies; in Europe countries are set to release findings about both Facebook and Google’s privacy settings, whether they have breached European law, and what changes may need to be made by the companies in order to do business in Europe.

As internet users it is important to applaud the dedication government bodies, responsible companies, and organizations have shown towards improving our data privacy. And we need to continue to encourage these groups to defend consumer’s privacy as they work through existing and new aspects of privacy online.

4 Steps every user needs to take

While governments and watchdog organizations are trying to look out for consumers, nothing can replace the due diligence you need to apply. These 4 steps will go a long way towards ensuring you stay in control of your information:

  • Set your own (and your children’s) privacy standard.
  • Read site’s privacy policies. Avoid sites that require you to share more information than you’re comfortable with, or that your share information with others.
  • New technology like location tracking tools and facial recognition technologies require that you continually check to ensure your data privacy settings are in place and meet your needs. These are not one time settings!
  • You have a voice online and a civic duty to use it to benefit the safety and privacy of all. Let your voice be heard thanking companies that provide responsible privacy policies, and respectfully requesting changes to policies when needed to increase your privacy.

References

3: Privacy Policies – Jan 2011

4: What you need to know: Facebook, Privacy and Health – June 2011

5: Privacy Policies – Jan 2011

6: http://ftc.gov/opa/2011/11/privacysettlement.shtm

7: From ZoneAlarm – http://blog.zonealarm.com/2011/10/facebook-update-raises-red-flags.html?view=infographic

8: Face-ID Tools Pose New Risk

Generation Safe
Blog