Words matter; but what you actually do matters more. When the words and actions don’t line up – trouble is brewing. This post is about Privacy Policies and why, just like other contracts, copying and pasting one from the Internet may not be the best idea. Read on for more information.
Privacy Policies are notoriously copied; everyone knows it. Fortune 500 companies with an army of in-house lawyers copy them from each other, so you can imagine how many smallmedium”regular” sized companies are out there rolling with “hot” Policies….
How about an example? Sure, the Federal Trade Commission’s (FTC) civil suit against Wyndham Hotels provides a good one. (Remember, the FTC is the government agency that regulates “unfair” and “deceptive” trade practices.)
Privacy Policies, just like Wyndham’s, will often say something like:
We safeguard our Customers’ personally identifiable information by using industry standard practices. Although “guaranteed security” does not exist either on or off the Internet, we make commercially reasonable efforts to make our collection of such [i]nformation consistent with all applicable laws and regulations. Currently, our Web sites utilize a variety of different security measures designed to protect personally identifiable information from unauthorized access by users both inside and outside of our company, including the use of 128-bit encryption….We take commercially reasonable efforts to create and maintain “fire walls”and other appropriate safeguards .