Why Your Country’s Privacy Policy is Prehistoric

Posted by on Aug 30, 2013

Just about everyone that uses the web knows that online privacy is more important than ever. With escalating international cyber wars, governmental spying programs like PRISM, and the threat of hacking, users are concerned over the state of their security online. Unsecured websites can be prime sources for security breaches and malware, especially as many companies don’t even have a privacy policy in place. Enterprises should update their privacy policies to ensure security on their networks and sites, while protecting their users.

Online Privacy Policies

Image courtesy of itbusinessedge.com

The Global Privacy Enforcement Network, or GPEN, recently conducted their first Internet Privacy Sweep. This survey of website and mobile apps analyzed their privacy policies for strength and readability. Of the websites surveyed, 23% had no privacy policy in place, while 33% caused confusion due to readability issues. The world of mobile apps is even less secure with 54% displaying no privacy policy at all and 92% displaying lack of readability.

In the UK, users suffer from even murkier privacy policies than the sample surveyed by GPEN. According to a study by Deloitte, reading through the verbose and jargon-riddled policy statements of all the websites visited by the average user in a year would take about 31 hours. The study, called Data Nation 2013: Balancing Growth and Responsibility, estimates that the average website has a privacy policy that would take at least 25 minutes to read through. Some companies think that making policies difficult to navigate results in covering their end legally, while getting users to sign up for data mining and other data sharing programs.

But as research director of Deloitte Analytics, Harvey Lewis, says, “Organizations need to make it easier for individuals to understand why this information is collected and what benefit they will receive. Businesses are more likely to get maximum benefit from data if every customer interaction is based on the principles of transparency, trust and informed dialogue.” And in this current climate, offering users added privacy protections and transparency is sure to win over hearts as online privacy becomes more and more valued amidst security fears.

Users & Privacy Knowledge

Image courtesy of researchaccess.com

The U.S. and U.K. aren’t the only nations battling the problem of bad privacy policies. In Canada, Privacy Commissioner Jennifer Stoddart conducted a survey of Canadian website privacy policies to find that 10% didn’t even have a policy. According to Stoddart, many of the policies that were in place, “offered so little transparency to customers and site visitors that the sites may as well have said nothing on the subject. At the other extreme, we saw long, legalistic policies that simply regurgitated — word for word in some cases — federal privacy legislation. Neither approach is helpful to Canadians — nor necessary, as demonstrated by the many privacy policies we saw that were able to strike a balance between transparency and concision.”

Unfortunately, being willfully obscure seems to be commonplace around the world. In Australia, the Office of the Australian Information Commissioner (OAIC) found that 83% of websites in the country had a glaring privacy issue. In the words of Australian Privacy Commissioner Timothy Pilgrim, “It is a concern that nearly 50% of website privacy policies were difficult to read. On average, policies were over 2,600 words long. In my view, this is just too long for people to read through. Many policies were also complex, making it difficult for most people to understand what they are signing up to.”

The same holds true for New Zealand, which recently found that about 30% of websites in the country didn’t have a privacy policy in place. Given the current state of the market, those enterprises that choose to offer simple and transparent privacy policies will be the ones to earn lifelong user support. Combine a strong privacy policy with added consumer protections through a secure cloud service and you’ve got a recipe for success far into the future.

Jennifer Stoddart

Image courtesy of smh.com.au

Security Beyond Privacy Policies

Enterprises sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides businesses with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that enterprises and businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak Blue protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, users can rest easy knowing that their data is truly protected. SpiderOak Blue’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and syncing on the go.

Leave a Reply