Best in class privacy policy
I'm looking for opinions to help rate the best privacy policies of Internet companies according to their business category. I'm looking for candidates for best in class (of their category).
I'm not asking you to download or display them here, as that might be considered a breach of someone's proprietary rights.
What I am asking for is the name of large companies and large organizations with the link to their publicly available privacy policy.
Their categories include, but are not limited to, the following:
online retail
browsers
email hosts
search engines
social media
banking and finance
other online services
Have I left any important categories out?
I'm sure you'll find my responses to those picks insightful.
Thanks
WS
I'm not asking you to download or display them here, as that might be considered a breach of someone's proprietary rights.
What I am asking for is the name of large companies and large organizations with the link to their publicly available privacy policy.
Their categories include, but are not limited to, the following:
online retail
browsers
email hosts
search engines
social media
banking and finance
other online services
Have I left any important categories out?
I'm sure you'll find my responses to those picks insightful.
Thanks
WS
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
tliotta,
Thanks.
So far, yours was the only post that gave my requested website link of a company for me to review it's privacy policy and for me to give this thread my comments.
Assuming no other suggestions from the other participants, I will read view that privacy policy in a timely manner and post my comments here shortly.
WS
Thanks.
So far, yours was the only post that gave my requested website link of a company for me to review it's privacy policy and for me to give this thread my comments.
Assuming no other suggestions from the other participants, I will read view that privacy policy in a timely manner and post my comments here shortly.
WS
ASKER
tliotta and all,
The following four paragraphs are direct quotations from the publicly available privacy policy of International Paper, found at http://www.internationalpaper.com/legal-pages/privacy-statement
Underlining in any of the four paragraphs is for my own emphasis and critique. My own comments, opinions and critique follow immediately beneath each of those four paragraphs.
1. "Definition. For purposes of this policy, personally identifiable information means any information or set of information, whether alone or in combination with other personal information, that International Paper can use, directly or indirectly, to identify a person. Personal information does not include information that is anonymous, nor does it include publicly available information that has not been combined with non-public personal information."
Well, after the last decade or so, of folks have been accepting privacy policies that they don't read or that don't offer much protection. Think of how much of your private information, that you thought was protected, has already been put into the public domain, directly or indirectly, by a company you trusted to protect your nonpublic information or by one of its third parties, because they interpreted the privacy policy in a way you did not, or they just carelessly let the information out. Much of what now is defined as nonpublic personal information is and has been already out there. Some of these are, public newspaper announcements, phone and business directories, many government records. How about information you gave in a survey during a phone call to your personal number?
So, it seems to me at best, the International Paper privacy policy covers your privacy going forward, but it allows them to use what is currently defined as nonpublic privacy information for information that has already been made public by other parties. In short. I believe what much of that which we now call non-public private information has already been made available to the public.
2. "International Paper websites track information about your visits to them. International Paper may collect certain non-personal information from you, which does not reveal your personal identity, such as browser information, information collected through cookies, pixel tags and other technologies, and aggregated information. For example, International Paper may use such information to compile statistics showing the daily requests for particular files on a site and what countries those requests come from. We use these statistics to customize our websites to better meet your needs and may also provide them to others."
But, International Paper (in paragraph 3) declares that your IP address is considered nonpublic.
Additionally, the problem here is twofold: (a) presumably the last sentence might be intended for International Paper to allow others to have the "statistics" solely for the purposes of supporting International Paper in its contractual obligation to its customers. It does not say that. (b) the third party should be bound by the terms of this privacy policy to use the "statistics" only for the stated purposes of International Paper. I would add the following to the end of the last sentence: "… and may also provide them to others for the sole purpose of such customization; provided, however, any such other party agrees to be bound by a privacy policy standard-of-care no less than contained in this privacy policy.
3. "IP addresses. Your “IP address” is a number automatically assigned to the computer you are using by your Internet Service Provider (ISP). When you visit an International Paper website, your IP address is automatically identified and logged, along with the time of your visit and the pages you visited or viewed. Collecting IP addresses is a common practice on the Internet. International Paper uses IP addresses to present content tailored to your country and for administering the Site. International Paper treats IP addresses as non-personal information."
If IP addresses are treated as non personal information then it's not a far stretch to imagine some third parties are already aggregating it with other information they have, in order to definitively obtain your contact information combined with one or more of the following: your name, email address, phone number and or mailing address. For me included, how much of this has already gone out into the public domain over many years, and is already available to a vast number of third parties to further aggregate and monetize for use by their clients?
4. "Disclaimer. By using this International Paper Site, you consent to this Internet Privacy Policy and to International Paper’s terms and conditions. If you do not agree to this Internet Privacy Policy and International Paper’s terms and conditions, please do not use this or other International Paper sites. International Paper reserves the right, at our discretion, to change, modify, add or remove portions of this Internet Privacy Policy at any time. Please check this page periodically for changes. Your continued use of the Site following the posting of changes to this Internet Privacy Policy will mean you accept them.
WS
The following four paragraphs are direct quotations from the publicly available privacy policy of International Paper, found at http://www.internationalpaper.com/legal-pages/privacy-statement
Underlining in any of the four paragraphs is for my own emphasis and critique. My own comments, opinions and critique follow immediately beneath each of those four paragraphs.
1. "Definition. For purposes of this policy, personally identifiable information means any information or set of information, whether alone or in combination with other personal information, that International Paper can use, directly or indirectly, to identify a person. Personal information does not include information that is anonymous, nor does it include publicly available information that has not been combined with non-public personal information."
Well, after the last decade or so, of folks have been accepting privacy policies that they don't read or that don't offer much protection. Think of how much of your private information, that you thought was protected, has already been put into the public domain, directly or indirectly, by a company you trusted to protect your nonpublic information or by one of its third parties, because they interpreted the privacy policy in a way you did not, or they just carelessly let the information out. Much of what now is defined as nonpublic personal information is and has been already out there. Some of these are, public newspaper announcements, phone and business directories, many government records. How about information you gave in a survey during a phone call to your personal number?
So, it seems to me at best, the International Paper privacy policy covers your privacy going forward, but it allows them to use what is currently defined as nonpublic privacy information for information that has already been made public by other parties. In short. I believe what much of that which we now call non-public private information has already been made available to the public.
2. "International Paper websites track information about your visits to them. International Paper may collect certain non-personal information from you, which does not reveal your personal identity, such as browser information, information collected through cookies, pixel tags and other technologies, and aggregated information. For example, International Paper may use such information to compile statistics showing the daily requests for particular files on a site and what countries those requests come from. We use these statistics to customize our websites to better meet your needs and may also provide them to others."
But, International Paper (in paragraph 3) declares that your IP address is considered nonpublic.
Additionally, the problem here is twofold: (a) presumably the last sentence might be intended for International Paper to allow others to have the "statistics" solely for the purposes of supporting International Paper in its contractual obligation to its customers. It does not say that. (b) the third party should be bound by the terms of this privacy policy to use the "statistics" only for the stated purposes of International Paper. I would add the following to the end of the last sentence: "… and may also provide them to others for the sole purpose of such customization; provided, however, any such other party agrees to be bound by a privacy policy standard-of-care no less than contained in this privacy policy.
3. "IP addresses. Your “IP address” is a number automatically assigned to the computer you are using by your Internet Service Provider (ISP). When you visit an International Paper website, your IP address is automatically identified and logged, along with the time of your visit and the pages you visited or viewed. Collecting IP addresses is a common practice on the Internet. International Paper uses IP addresses to present content tailored to your country and for administering the Site. International Paper treats IP addresses as non-personal information."
If IP addresses are treated as non personal information then it's not a far stretch to imagine some third parties are already aggregating it with other information they have, in order to definitively obtain your contact information combined with one or more of the following: your name, email address, phone number and or mailing address. For me included, how much of this has already gone out into the public domain over many years, and is already available to a vast number of third parties to further aggregate and monetize for use by their clients?
4. "Disclaimer. By using this International Paper Site, you consent to this Internet Privacy Policy and to International Paper’s terms and conditions. If you do not agree to this Internet Privacy Policy and International Paper’s terms and conditions, please do not use this or other International Paper sites. International Paper reserves the right, at our discretion, to change, modify, add or remove portions of this Internet Privacy Policy at any time. Please check this page periodically for changes. Your continued use of the Site following the posting of changes to this Internet Privacy Policy will mean you accept them.
WS
IPCo was my first serious job for 5 yrs back in the early 1970s as analyst/programmer. It came to mind as one that had Internet "presence", though no one would think of it as an "Internet company". I found it through Google for { international paper company }, then clicked through to its policy. Naturally, any company you can think of might be looked at the same way. Just running random Google searches brings up numerous ads from different companies on the results pages.
It was an example for illustration. So, it's still unclear what the question actually asks for. I guess it's particularly unclear if it asks for policies that we might think are excellent examples or if they're particularly bad. (I'm not sure if I can think of either, though I do recall particular EULAs that caused me to avoid companies for years.)
It was an example for illustration. So, it's still unclear what the question actually asks for. I guess it's particularly unclear if it asks for policies that we might think are excellent examples or if they're particularly bad. (I'm not sure if I can think of either, though I do recall particular EULAs that caused me to avoid companies for years.)
Hint: privacy policies can be changed at any time at the whim of the website owner. So keep a timestamp of the privacy policy that you are rating