A privacy policy is a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer's data. The exact contents of a privacy policy will depend upon the applicable law and may need to address the requirements of multiple countries or jurisdictions. While there is no universal guidance for the content of specific privacy policies, a number of organizations provide example forms or online wizards.

Development of Privacy Policies

In 1995 the European Union The European Union is an economic and political union of 27 member states which are located primarily in Europe. Committed to regional integration, the EU was established by the Treaty of Maastricht in 1993 upon the foundations of the European Communities. With over 500 million citizens, the EU combined generated an estimated 28% share (US$ 16.5 introduced the Data Protection Directive The Data Protection Directive is a European Union directive which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law. The directive was implemented in 1995 by the European Commission^[1] for its member states. As a result, many organizations doing business within the EU began to draft policies to comply with this Directive. In the same year the Federal Trade Commission The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act. Its principal mission is the promotion of "consumer protection" and the elimination and prevention of what regulators perceive to be harmfully "anti-competitive" business practices, published the Fair Information Principles^[2], which provided a set of non-binding governing principles for the commercial use of personal information. While not mandating policy, these principles provided guidance of the developing concerns of how to draft privacy policies.

Fair Information Practice

The four critical issues identified in Fair Information Principles are:

• Notice – data collectors must disclose their information practices before collecting personal information from consumers
• Choice – consumers must be given options with respect to whether and how personal information collected from them may be used for purposes beyond those for which the information was provided
• Access – consumers should be able to view and contest the accuracy and completeness of data collected about them
• Security – data collectors must take reasonable steps to assure that information collected from consumers is accurate and secure from unauthorized use.

In addition the Principles discuss the need for enforcement mechanisms to impose sanctions for noncompliance with fair information practices.

Current Enforcement of Privacy Policy in the United States.

The United States does not have a specific federal regulation establishing universal implementation of privacy policies. Congress has, at times, considered comprehensive laws regulating the collection of information online, such as the Consumer Internet Privacy Enhancement Act^[3] and the Online Privacy Protection Act of 2001^[4], but none have been enacted. In 2001, the FTC stated an express preference for “more law enforcement, not more laws^[5]”and promoted continued focus on industry self regulation.

In most cases, the FTC enforces the terms of privacy policies as promises made to consumers using the authority granted by Section 5 of the FTC Act which prohibits unfair or deceptive marketing practices^[6]. The FTC’s powers are statutorily restricted in some cases; for example, airlines are subject to the FAA’s The Federal Aviation Administration is an agency of the United States Department of Transportation with authority to regulate and oversee all aspects of civil aviation in the U.S. (National Airworthiness Authority). The Federal Aviation Act of 1958 created the group under the name "Federal Aviation Agency", and adopted its current name authority^[7], and cell phone carriers are subject to the FCC’s The Federal Communications Commission is an independent agency of the United States government, created, directed and empowered by Congressional statute (see 47 U.S.C. § 151 and 47 U.S.C. § 154), and with the majority of its commissioners appointed by the current President. The FCC works towards six goals in the areas of broadband, competition, authority.^[8].

Applicable US Law

While no generally applicable law exists, some federal laws govern privacy policies in specific circumstances, such as:

The Children's Online Privacy Protection Act (COPPA) The Children's Online Privacy Protection Act of 1998 is a United States federal law, located at 15 U.S.C. § 6501–6506 (Pub.L. 105-277, 112 Stat. 2581-728, enacted October 21, 1998)^[9] affects websites that knowingly collect information about or target at children under the age of 13^[10]. Any such websites must post a privacy policy and adhere to enumerated information-sharing restrictions^[11]. COPPA includes a Safe Harbor provision to promote Industry self regulation^[12].

The Gramm-Leach-Bliley Act^[13] requires institutions “significantly engaged ^[14]” in financial activities give “clear, conspicuous, and accurate statements” of their information-sharing practices. The Act also restricts use and sharing of financial information^[15].

Health Insurance Portability and Accountability Act (HIPAA) The Health Insurance Portability and Accountability Act of 1996 (P.L.104-191) [HIPAA] was enacted by the U.S. Congress in 1996. It was originally sponsored by Sen. Edward Kennedy (D-Mass.) and Sen. Nancy Kassebaum (R-Kan.). According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance Privacy Rules^[16] requires notice in writing of the privacy practices of health care services, and this requirement also applies if the health service is electronic^[17].

Some states have implemented more stringent regulations for privacy policies. The California Online Privacy Protection Act of 2003 - Business and Professions Code sections 22575-22579 requires “any commercial web sites or online services that collect personal information on California residents through a web site to conspicuously post a privacy policy on the site^[18]” Both Nebraska and Pennsylvania have laws treating misleading statements in privacy policies published on Web sites as deceptive or fraudulent business practices^[19].

Privacy Policies and the European Union

There are significant differences between the EU data protection and US data privacy laws. These standards must be met not only by businesses operating in the EU, but also by any organization that transfers personal information collected concerning citizen of the EU. In 2001 The United States Department of Commerce The United States Department of Commerce is the Cabinet department of the United States government concerned with promoting economic growth. It was originally created as the United States Department of Commerce and Labor on February 14, 1903. It was subsequently renamed to the Department of Commerce on March 4, 1913, and its bureaus and agencies worked to ensure legal compliance for US organizations under an opt-in Safe Harbor Program^[20]. The FTC has approved eTrust to certify streamlined compliance with the US-EU Safe Harbor.

Online Privacy Certification Programs

Online Certification or “Seal” programs are an example of industry self regulation of privacy policies. Seal programs usually require implementation fair information practices as determined by the Certification program and may require continued compliance monitoring. TRUSTe TRUSTe is a company based in San Francisco, California, best known for its online privacy seals. TRUSTe operates the world’s largest privacy seal program, certifying more than 3,500 websites, including leading online portals and brands like Yahoo, Facebook, Microsoft, Apple Inc., IBM, Oracle Corporation, Intuit and eBay. In addition to its range^[21], the first online privacy seal program, included more than 1,800 members by 2007^[22]. Other Online Seal programs include the Better Business Bureau Assurance on the Internet The Better Business Bureau , founded in 1912, is a corporation consisting of several private business franchises of local BBB organizations based in the United States and Canada, which work together through the Council of Better Business Bureaus (CBBB). The BBB goal is to foster a fair and effective marketplace, so that buyers and sellers can^[23], eTrust^[24] and Webtrust^[25].

Technical Implementation of Privacy Policies

Some websites also define their privacy policies using P3P The Platform for Privacy Preferences Project, or P3P, is a protocol allowing websites to declare their intended use of information they collect about browsing users. Designed to give users more control of their personal information when browsing, P3P was developed by the World Wide Web Consortium and officially recommended on April 16, 2002 or Internet Content Rating Association (ICRA), allowing browsers to automatically assess the level of privacy offered by the site. However, these technical solutions do not guarantee websites actually follows the claimed privacy policies. They also require users to have a minimum level of technical knowledge to configure their own browser privacy settings^[26]. These automated privacy policies have not been popular either with websites or their users^[27].

Criticism

Many critics have attacked the efficacy and legitimacy of privacy policies found on the Internet. Concerns exist about the effectiveness of industry-regulated privacy policies. For example, a 2000 FTC report Privacy Online: Fair Information Practices in the Electronic Marketplace1 found that while the vast majority of website surveyed had some manner of privacy disclosure, most did not meet the standard set in the FTC Principles. In addition, many organizations reserve the express right to unilaterally change the terms of their policies. In June 2009 the EFF website TOSback began tracking such changes on 56 popular internet services, including the monitoring the privacy policies of Amazon, Google and Facebook^[28].

There are also questions about whether consumers understand privacy policies and whether they help consumers make more informed decisions. A 2002 report from the Stanford Persuasive Technology Lab contended that a website’s visual designs had more influence than the website’s privacy policy when consumers assessed the website’s credibility^[29]. A 2007 study by Carnegie Mellon University Coordinates: 40°26′36″N 79°56′37″W / 40.443322°N 79.943583°W Carnegie Mellon University is a private research university in Pittsburgh, Pennsylvania. The university began as the Carnegie Technical Schools, founded by Andrew Carnegie in 1900. In 1912, the school became Carnegie Institute of Technology and began granting four-year claimed “when not presented with prominent privacy information...” consumers were “…likely to make purchases from the vendor with the lowest price, regardless of that site's privacy policies^[30].” However, the same study contends where privacy information is clearly presented, consumers prefer retailers who better protect their privacy and may “pay a premium to purchase from more privacy protective websites.” Furthermore, a 2007 Berkeley study found that “75% of consumers think as long as a site has a privacy policy it means it won’t share data with third parties,” confusing the existence of a privacy policy with extensive privacy protection^[31].

Critics also question if consumers even read privacy policies or can understand what they read. A 2001 study by the Privacy Leadership Initiative claimed only 3% of consumers read privacy policies carefully, and 64% briefly glanced at, or never read, privacy policies^[32]. One possible issue is length and complexity of policies. According to a 2008 Carnegie Mellon Coordinates: 40°26′36″N 79°56′37″W / 40.443322°N 79.943583°W Carnegie Mellon University is a private research university in Pittsburgh, Pennsylvania. The university began as the Carnegie Technical Schools, founded by Andrew Carnegie in 1900. In 1912, the school became Carnegie Institute of Technology and began granting four-year study the average length of a privacy policy is 2,500 words, the research and requires an average 10 minutes to read. The study cited that “Privacy policies are hard to read” and, as a result, “read infrequently”^[33].

References

1. ^ Overview of the Data Protection Directive, http://ec.europa.eu/justice_home/fsj/privacy/overview/index_en.htm
2. ^ FTC Fair Information Practice Principles, http://www.ftc.gov/reports/privacy3/fairinfo.shtm
3. ^ HR 237 IH, The Consumer Internet Privacy Enhancement Act, as Introduced in House, 107th Congress http://thomas.loc.gov/cgi-bin/query/z?c107:H.R.237.
4. ^ HR 89 IH, Online Privacy Protection Act of 2001, as Introduced in House, 107th Congress http://thomas.loc.gov/cgi-bin/query/z?c107:H.R.89:
5. ^ Kirby, Carrie “FTC drops the Call for New Internet Privacy Laws,” SFGate, October 5, 2001. http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2001/10/05/BU162345.DTL&type=printable
6. ^ Implementation of 15 U.S.C. §§ 41-58, http://www.ftc.gov/privacy/privacyinitiatives/promises.html.
7. ^ Electronic Privacy Information Center, Air Travel Privacy, Epic.org, http://epic.org/privacy/airtravel/. Also see FAA Enforcement Database at http://www.faa.gov/foia/faa_enforcement_database_records/.
8. ^ Helmer, Gabriel M. "Cracking Down: FCC Initiates Enforcement Action Against Hundreds of Telecommunications Carriers For Failing to Certify Compliance With Customer Privacy Rules Security, Privacy and the Law, Foley Hoag, LLP, May 2009. http://www.securityprivacyandthelaw.com/tags/fcc/. Also see FCC Enforcement Center at http://www.fcc.gov/eb/.
9. ^ The Children’s Online Privacy Protection Act, http://www.ftc.gov/ogc/coppa1.htm
10. ^ COPPA Safe Harbors discussed, Cybertelecom Federal Internet Law & Policy - an Educational Project. Krohn & Moss Consumer Law Center, http://www.cybertelecom.org/privacy/coppasafe.htm
11. ^ Discussion of compliance with the Children’s Online Privacy Protection Act, FTC Privacy Initiatives, http://www.ftc.gov/privacy/privacyinitiatives/childrens.html
12. ^ Data Privacy, A Safe Harbor Approach To Privacy: TRUSTe Recommendations, Center for Democracy and Technology, http://www.cdt.org/privacy/ccp/safeharbors1.shtml
13. ^ Gramm-Leach-Bliley Act, http://thomas.loc.gov/cgi-bin/query/z?c106:S.900.ENR
14. ^ “The Financial Privacy Requirements of the Gramm-Leach-Bliley Act”, FTC Facts for Business, http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus53.shtm
15. ^ Information Regarding the Gramm-Leach-Bliley Act of 1999, US. Senate Committee on Banking, Housing, and Urban Affairs. http://banking.senate.gov/conf/
16. ^ Understanding HIPAA Privacy, HHS.gov Health Information Privacy, http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
17. ^ Notice of HIPPA Privacy Practices. Privacy/ Data Protection Project, Miller School of Medicine Miami University, http://privacy.med.miami.edu/glossary/xd_notice_of_privacy_practices.htm
18. ^ Privacy Laws, California Office of Information Security and Privacy Protection http://www.oispp.ca.gov/consumer_privacy/laws/
19. ^ Deceptive Trade Practices, http://www.enotes.com/everyday-law-encyclopedia/deceptive-trade-practices
20. ^ Safe Harbor Compliance, Export.gov, http://www.export.gov/safeharbor/
21. ^ TRUSTe, http://forms.truste.com/go/truste/learn_more_3?gclid=CK7V3sHdkJ4CFRgbawodiDZ2oQ.
22. ^ CDT Guide to Online Privacy, Center for Democracy and Technology,2009. http://www.cdt.org/privacy/guide/protect/
23. ^ BBB Seal Program. Better Business Bureau® Assurance on the Internet, BBBOnLine, Inc. https://www.bbbonline.org/reliability/Rel_EN.asp
24. ^ Etrust, http://www.etrust.org/certification/privacy/
25. ^ Webtrust Seal Program, http://www.webtrust.net/
26. ^ Softsteel Solutions “The Platform for Privacy Preferences Project (P3P),” http://www.softsteel.co.uk/tutorials/P3P/ http://www.softsteel.co.uk/tutorials/P3P/
27. ^ CyLab Privacy Interest Group, 2006 Privacy Policy Trends Report. January, 2007 http://www.chariotsfire.com/pub/cpig-jan2007.pdf
28. ^ Millis, Elinor, “EFF tracking policy changes at Google, Facebook and others,” Cnet Digital News, June 2009. http://news.cnet.com/8301-1023_3-10257818-93.html.
29. ^ Fogg, B. J. “How Do People Evaluate a Web Site's Credibility? (abstract)” BJ, Stanford Persuasive Technology Lab, November 2002, http://www.consumerwebwatch.org/dynamic/web-credibility-reports-evaluate-abstract.cfm. Stanford Web Credibility Project found at http://credibility.stanford.edu/resources.html.
30. ^ Acquisti, Alessandro and Janice Tsai, Serge Egelman, Lorrie Cranor, ”The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study” Carnegie Mellon University, 2007. http://weis2007.econinfosec.org/papers/57.pdf
31. ^ Gorell, Robert. “Do Consumers Care About Online Privacy?” October, 2007. http://www.grokdotcom.com/2007/10/30/do-consumers-care-about-online-privacy/citing to a study by Chris Hoofnagle, UC-Berkley’s Bolt School of Law. Samuelson Law, Technology & Public Policy Clinic, http://www.law.berkeley.edu/4391.htm.
32. ^ Goldman, Eric. “On My Mind: The Privacy Hoax,” October, 2002, http://www.ericgoldman.org/Articles/privacyhoax.htm
33. ^ Out-Law News. “Average privacy policy takes 10 minutes to read, research finds,” Out-Law.com, July 2008, http://www.out-law.com/page-9490.

External links

• BBBOnLine privacy policy template.
• FTC Guideline Publication Archive.
• P3P Code Generator.
• EFF Best Practices for Online Service Providers (2008) including Privacy Policies.

Categories: Privacy Privacy is the state of being free from unwanted intrusion, being closely related to anonymity. The level of privacy which a person desires to have depends on the circumstances, as there are different types of privacy. The right against unsanctioned intrusion of privacy by the government, corporations or individuals is part of many countries' laws, | Internet privacy Categories: Internet | World Wide Web | E-mail | Computer security | Computer law | Data privacy | Computing and society | Policy | Public policy

See Also:

• Internet Privacy
• Internet Privacy: Encyclopedia
• Category:Internet Privacy: Encyclopedia
• Computers: Security: Internet: Privacy: Anonymized Access: Directory
• Computers: Security: Internet: Privacy: Products and Tools: Directory

What Links Here:

Recently Viewed Pages:

• Web Search
• Search Terms
• Anonymous Web Browsing
• Computers: Internet: Proxying and Filtering: Hosted Proxy Services: Directory
• Home
• Proxy Lists: Blogs
• Chats and Forums: Images
• Anonymous Web Browsing: Answers
• Anonymous Web Browsing: Encyclopedia
• IP Address: Images

Most Popular Pages:

• Proxy Lists: Blogs
• Home
• Socks Lists: Blogs
• Fresh Elite Anonymous: Blogs
• American Hot Girls: Images
• Thai Lotto: Blogs
• Fresh Transparent Proxies: Blogs
• Xnxx: Images
• Privacy Policy: Web Search
• Www Magicwintip Com: Blogs

Related 'Privacy Policy' Searches: