Mark McGreary writes:
New innovations come hand in hand with new privacy issues. Privacy policies may seem like a last minute add-on to some app developers but they are actually an important aspect of an app. Data breaches are an imminent risk and a business’s first defense to potential problems is a privacy policy.
Fordham University in New York hosted its Ninth Law and Information Society Symposium last week where policy and technology leaders came together to discuss current privacy pitfalls and solutions. Joanne McNabb, the California attorney general’s privacy education director and a leader in policies affecting the privacy agreements of companies such as Google and Apple, emphasized in a panel that she “wants to make the case for the unread privacy policy.” She noted that the policy mainly promotes “governance and accountability [and] it forces an organization to be aware of their data practices to some degree, express them and then therefore to stand behind them.” The privacy policy still matters because it protects businesses from the risks associated with having a high level of data.
Read ore on Fox Rothschild Privacy Compliance & Data Security. I love this line:
Whether a privacy policy is read is insignificant. The protections it puts in place for all parties involved are crucial.
Indeed. How many enforcement actions have we seen by the FTC (including the Wyndham case) where the FTC quoted the firm’s privacy policy and argued that the entity did not live up to the assurances it had made to consumers? If your policy promises “industry standard” data security, are you living up to that promise? If not, I think you can reasonably expect to be sued in the event of a data breach involving identity information.
“If your policy promises “industry standard” data security, are you living up to that promise?” It appears that, in reality, the “industry standard” is very low indeed. It would be interesting to see a company being sued to display the long list of large companies – Target, Experian, et al. – that gave away data and claim that they did meet the industry standard.