Website privacy policies need overhaul: experts

Companies need to create easy to read policies says former privacy commissioner, Gartner analyst

Regulation may be the only way to improve website privacy policies according to former Australian Privacy Commissioner, Malcolm Crompton.

Speaking at the Gartner Security & Risk Management Summit in Sydney, Crompton was responding to the results of a privacy sweep by current Commissioner, Timothy Pilgrim, which found that nearly 50 per cent of website privacy policies were difficult to read. On average, policies were over 2600 words long.

The sites were also rated against the Australian Privacy Principles (APPs) which come into law on 12 March 2014. To comply with APP1, which covers the open and transparent management of personal information, organisations must have an up-to-date privacy policy.

Crompton, who now works as managing director of Information Integrity Solutions, told media that companies should “start again” if their policy is not easy to read.

“The utility of a privacy notice is not about informing the individual. It is protecting the company against almost anything,” he said.

“If the company’s intent is to defend rather than inform, those policies will continue to be long.”

He added that global regulators may need to step in if website privacy policies are going to improve in the future.

According to Crompton, companies should create a layered privacy notice where the policy’s key points are contained on one page. The user can then access a longer privacy notice where more detail is set out.

He added that a policy should set out all the possible uses of customer information and how it is collected.

Gartner Australia research director Rob McMillan said an easy to read privacy policy would signal to consumers that the company has nothing to hide.

“If you come across a [privacy] document which is 2000 words long than you have to start asking yourself `How easy is this organisation to deal with and what is it they are trying to bamboozle me with?’

McMillan said that 80 per cent of the website policies he has read are "very long" while the remaining 20 per cent used plain language.

“It might be we have a consumer uprising in the future where the market will decide- are you easy to do business with or not? If you’re not, I will go to someone who is.”

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the newsletter!

Error: Please check your email address.

Tags Gartner Security & Risk Management Summit 2013Rob McMillanMalcolm Cromptonprivacy policyprivacy

More about BillGartner

Show Comments

Market Place

[]