The Privacy Tune-Up

Share this content:
I have the oil in my car changed every six months. Though I don't drive many miles, it seems to me that preventive maintenance is a good idea and pays for itself by avoiding trouble. You may want to consider the same approach for your privacy policy. Every once in awhile, that policy will need a tune-up.

There are many reasons for doing a review annually. Here are some.

The law may have changed. Privacy laws continue to pass at the state level, and privacy remains on the federal agenda. A new law may affect some aspect of your company's personal data collection, maintenance, use or disclosure. For example, at least a dozen states enacted security breach laws recently. It may be appropriate to update your policy or practices to reflect the new obligation. Even if laws that regulate your activities have not changed, the laws that control government access to privately maintained records may have. New government authority or procedures might affect what you say in your privacy policy.

The technology may have changed. For example, when was the last time you asked your Webmaster how your company's site uses cookies? You may learn that a Web site that previously used session cookies now sets permanent cookies. Is the site now using Web bugs or other tracking technology? While none of this may be a big deal, a privacy policy should include a current and accurate description.

Have you added banner ads to your Web site? What are the data policies of the advertising company? Maybe those policies differ, and your privacy policy may need to reflect that.

Has your company changed its business in any substantial way lately? New products and services may affect the collection, maintenance, use or disclosure of personal information. Your privacy policy may be out of date or just plain wrong.

Has your company bought another company? Has your company been acquired? Any of these changes may call for revisions to a privacy policy. You may be sharing data with a new division or parent company in a way that is inconsistent with your old policy.

Are you doing business through a new joint venture with another company? If so, it's a good bet that you are sharing information in a manner different than before.

Has your marketing department changed its approach to the renting of mailing lists? Perhaps a standing decision not to rent lists has been reversed or some other new use of customer information has been instituted.

Have your security policies or practices changed? The intense focus on security of late may have produced changes, and it is possible that a privacy policy can include something new and reassuring.

Are your Web links, e-mail addresses, telephone numbers and street addresses still the same? These little things can be overlooked. If your policy included the name of your privacy officer (which is not always a good idea), has that person changed? Maybe your company created a privacy officer position that might be described in the policy.

Have you changed your policy for preserving data? Legal and contractual requirements may oblige your company to maintain transaction records for a long time, but practices for long-term storage of data should be described in a privacy policy.

Have you changed your bank, credit card processor or other service providers? A privacy policy is unlikely to include this level of detail, but it might. Even if the policy offers only generic descriptions, a change in partners may create the need for a tweak.

Are you collecting more data from your customers? If not, maybe you are buying more data about them from third parties.

Not every company that has a privacy policy does so because of a legal obligation. Only a small percentage of companies are required to publish a privacy policy. However, it is possible, albeit very unlikely, that a federal or state government agency will seek to hold a company to its published policy. Another possibility is a private lawsuit. Any company not in compliance with its own policy is just asking to be sued.

Approach a privacy tune-up as an opportunity rather than a chore. Educate your colleagues about their obligations, learn about developments in your organization and review fundamental assumptions and data practices. A privacy policy is not just a notice to the world. It's a tool for ensuring that everyone in your organization is aware that there are rules about the collection, maintenance, use and disclosure of personal information.

My final suggestion is that you consider having your privacy policy read periodically by someone with fresh eyes. An independent review may spot something that you and your in-house colleagues missed. That's why I am grateful that this column is read by an editor.

Is routine maintenance a good idea? I drove my last two cars for 13 years and 12 years, and both were still running strong when I finally decided to get rid of them. I found that paying attention to the basics can be worthwhile.

Sign up to our newsletters

Company of the Week

Brightcove is the world's leading video platform. The most innovative and respected brands confidently rely on Brightcove to solve their most demanding communication challenges because of the unmatched performance and flexibility of our platform, our global scale and reliability, and our award-winning service. With thousands of customers and an industry-leading suite of cloud video products, Brightcove enables customers to drive compelling business results.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above