The Pew Research Foundation released a new study entitled Public Perceptions of Privacy and Security in a Post-Snowden Era.   According to the study:

Across the board, there is a universal lack of confidence among adults in the security of everyday communications channels—particularly when it comes to the use of online tools.

The study also provided a chart (shown below) of the different types of information that people consider to be the most sensitive.

A great summary of the Pew Research study was by Larry Magrid was on Forbes yesterday.  On the regulatory side of the spectrum, the FTC has released guidance on privacy for app developers. The FTC recommends:

If you don't have a specific need for the information, don't collect it in the first place.

The FTC's guidance continues stating that the best policy is to:

  1. collect only the data you need;
  2. secure the data you keep by taking reasonable precautions against well-known security risks;
  3. limit access to a need-to-know basis; and
  4. safely dispose of data you no longer need.

The FTC has also released a business guide on protecting personal information.

Many people I talk to hate putting together privacy policies for their company and its products and, quite frankly, don't like spending time and money on them.  Traditionally, privacy policies have been viewed as something no one will ever read.  Has this changed in the Post-Snowden U.S.A.?   I don't know.  I do know that some states (e.g., California) and many countries (e.g., the EU) require that website/mobile app providers disclose data collection and use practices to users.  California has published guidelines on complying with its privacy disclosure requirements.  I also know that the FTC has gotten more aggressive about going after companies that do not adhere to their posted privacy policies and for not posting them where they can be easily found.  You can find FTC enforcement actions here.

So, be sure to have a privacy policy on your site and in your apps.  And, as discussed, there are at least two good reasons to go back and review your privacy policy: (1) consumers are particularly worried about privacy right now; and (2) the FTC is holding companies to the claims in their privacy policies.

What should you look for when you review your privacy policy?

  • Does your privacy policy accurately tell users what personal information you are collecting and how you are using it?
  • Does your privacy policy accurately describe how you share collected personal information?
  • Does it describe the process for a person to inquire about collected personal information?
  • Does it say how you will notify the user of updates to the policy?
  • Does it state when it took effect?
  • Does it explain how you respond to "do not track" signals regarding sales activities (if collecting this type of data)?
  • Is everything in your privacy policy true?
  • Is your privacy policy located in a conspicuous location on your websites and mobile apps?

Consider reworking your privacy policy to assuage some of the fears that the Pew Research Foundation described in its study.  Finally, please consider whether you are really doing enough – if you happen to be collecting some of the information that users consider to be the most sensitive.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.