ORLANDO, FL — A quarterly review of data policies and zealous guarding of data quality are two best practices companies should follow regarding privacy, DoubleClick chief privacy officer Bennie Smith said in his keynote address on the last day of the Winter 2003 National Center for Database Marketing Conference here.
When it comes to privacy, “there is a trust gap between consumers and marketers,” he said. And despite many companies' efforts to implement sound privacy polices, “customers still think that we are just going to go ahead and share or trade their information about them with third-party [companies].”
Smith offered other best practices for creating a privacy policy. They include:
· Let customers exercise choice regarding how their information may be used.
· Eliminate jargon, technical terms and legalese.
· Think about presentation and format.
· Label all access points and links to your privacy policy as “privacy policy.” Smith said many companies hide their privacy polices by using phrases such as “terms and conditions” or “legal.”
Smith also said that companies expecting visitors from outside the United States should remind them that they are on a U.S. site, which implies that U.S. privacy policies prevail.
Smith presented a “what-not-to-do case study” highlighting designer clothing and accessory marketer Guess Inc. and its Web site Guess.com. This summer, Guess agreed to settle Federal Trade Commission charges that it exposed consumers' personal information, including credit card numbers, to commonly known attacks by hackers.
The agency alleged that Guess didn't use reasonable or appropriate measures to prevent consumer information from being accessed at Guess.com. The settlement required that Guess implement a comprehensive information security program for Guess.com and its other Web sites.
This case illustrates another best practice, Smith said: Companies have to do what they say they are going to do when it comes to privacy policies.
