TMCP Privacy PolicyWhat makes a good privacy policy? Well you first need to insure that the legal language is air tight. Many firms may copy a privacy policy that they find online, do a cut & paste and go on their merry way.  Other firms reach out to the data stakeholders in their respective organizations then work with their legal department to craft a strong privacy policy that will standup in a court of law and has all of the technical requirements that are necessary.

Occasionally you will get a company that goes above and beyond by actually explaining in simple terms what they are doing.  They have included their marketing and communications teams to help their customers and public better understand how the Personally identifiable information or PII is being used.

One such company is Linked In owned by Microsoft (MSFT).  Their privacy policy includes the nitty-gritty, legalese but, right next to it explains in plain terms just what that legalese means to the average individual.   They clearly explain to customers how they are using and sharing their data. Their policy is transparent in that it tells customers what specific information they capture and how they use it (for example, IP address, search history, promotions, information being sold to third parties).  Like many firms that have well thought out and transparent policies they give customers ample control over the use and sharing of their data. Control is granted through giving customer opportunities to opt out of their data practices (promotions, sharing with partners, selling).  This enables a better level of trust of the organization.

TMCP Privacy BreachWhen a firm has transparent privacy practices, users of the website or other systems offered by a company feel they had the knowledge to make an informed decision about sharing their personal data. When a firm’s privacy practices offered control, customers knew they had the ability to change their preferences about what and how they share their information. Research has shown that , customers did not punish breached firms that provided both transparency and control. Customers who trust the company and feel that they are being open are more willing to share information and are more forgiving of data privacy breaches, remaining loyal after a security breach may have occurred.  The users of these systems that offer high transparency and control feel less violated from big data practices, attest to being more trusting and most importantly will provided more-accurate data to the firm which is a benefit for the users and the firm.

Finally, the companies that do not have a good privacy policy or if they do fail to inform customers of the policy and how they use their data nor offer any control over that data are at an incredible risk of financial harm. Research has shown that an overwhelming 80% of Fortune 500 firms fall into this category. Studies from noted research firms show that corporations that failed to explain their data privacy practices had a 1.5 times larger drop in stock price than firms with high transparency after a data breach, while organizations that provided customers high control had no significant change in their stock price after a data breach.

Privacy Policies