Privacy Policies, I think at times, can be categorized as an oxymoron. I’ve read through three different privacy policies of three different websites of businesses with whom I conduct online business with on a regular basis: My state’s county treasurer’s office, my cell phone provider, and my local bank.
The County Treasure's policy is relatively short; however, it does refer frequently to Chapter 22 of the Code of Iowa: the law on examination of public records. It specifically refers to section 22.11, which is cited as the “Iowa Fair Information Practices Act.” This section basically explains that some information obtained by government agencies may be deemed public record, and some information is deemed private. For example: property taxes and ownership of land may be deemed public record, while social security numbers are deemed private. Their privacy policy goes on to state that no marketing databases are created, but they are not responsible for any third party websites that may be linked to them.
They do use cookies; however, these cookies are said to be “session variable.” What this means is that they use cookies during the single transaction in which you are involved in. For example, if I am on this site to pay my auto registration, it will store cookies on my browser so it can retain my necessary information needed to complete that transaction. Once I close the browser, these cookies are deleted. (So they say!)
My Cell Phone Provider gave me the most amusement. I say this because every time I physically go into their brick and mortar building, I cannot begin to conduct business with them until they have verified that my name is on the account (this took some doing, a few years back, when it was just my spouse’s name on the account, but is a story for a different time!), I have given them my password, and I have provided them with a photo I.D. Conducting business on their website is a little different, although they state that their privacy policy does apply to all affiliate or third parties with whom they share or collect information.
Their site uses cookies. These cookies are stored on your browser and remain there until you manually delete them. So every time you visit their site, you may see “Welcome John.” They also use a clickstream. This means that every key stroke you enter, while on their site, is recorded. Their claim is that they use this data to gauge the effectiveness of their sites, and use this data to perhaps improve their online operations. Clickstream gives me concern. Even if you were to delete the cookies, they still have record to every keystroke you made; however, all transactions are being conducted on a secure browser, denoted by the https:// at the beginning of the URL.
Their privacy policy also refers to Customer Proprietary Network Information (CPNI). This is defined on the federal level. Basically this states that every thing you do on your phone is recorded. Yes, everything. Your phone number, the type of phone you have, your location, where you were when you placed or received a call, the amount of calls you make, how long these calls were, to whom they were made, texts sent and received, pictures sent a received, need I go on?
I digress to the opening paragraph for my cell phone company. They make me jump through all these hoops to identify myself as a customer while I am in their building, (never mind I am standing there with my phone in hand with their logo written on it) but somewhere out there in cyber land, the text I sent to my spouse is floating around for who knows who to see.
My Local Bank, how I love my bank. They are a local, small-town bank. I love it when I go to their brick and mortar building. They call me by name, and I rarely have to show my identification.
When I conduct business online, I do have to jump through the customary hoops: user name, password, secret question/answer. This is expected and appreciated. Their privacy policy refers to no outside entity. Their policies are strictly their own. They stress the importance of my privacy and the security of my holdings with their bank. They also stress how much they train their employees, and expect them to fully comply with each of their policies.
They do not use cookies. Each time I visit their site, I remain anonymous. Well, my name and personal information is. What data is collected is the IP address of the computer that I used to access the site and the time and date. All my transactions are encrypted, thus securing any information that is being transferred back and forth between their site and my computer. When I am done conducting business, there is no data stored on their site, or on my browser.
In summary, I find that a lot of privacy policies refer to outside agencies or third party entities, that state a bunch of laws and guidelines, in conjunction with their own set of policies. They also state that they hold the rights to change their policies at any given time, at their discretion, and they do not have to give you notice of said changes. It is up to you, the customer, to read these policies, and to re visit them from time to time to check for any changes.
It is also worth noting that there is a human element involved here. Even if a claim is made to keep all your personal information confidential and secure, it cannot keep the dishonest employee of these businesses from taking this information and using it to their benefit, and to your cost.
No comments:
Post a Comment