All the experts tell you to have a privacy policy, so I will tell you that, too. (Otherwise I have to turn in my expert union card.) But there are two problems I often see with privacy policies. Small companies often don’t bother and big companies have them written by their lawyers. Between the two, people don’t always get the information they need and they end up being mildly suspicious of what your company is doing.
Small companies often don’t know how important privacy policies are. They are working hard just to have a Web site and they don’t always spend time on the subtleties. I am not a company, small or otherwise, but I decided to have a privacy policy from the early days of my Web site. I don’t think my policy is necessarily the greatest thing ever, but I at least tell people that I sometimes need information from them, that I will not disclose it, and that I monitor Web activity anonymously—and I tried to explain it in plain English.
Big companies sometimes don’t speak in plain English because they pay lawyers too much to make it “correct” (skipping over making it understandable). They treat it like a contract rather than communication with a customer. I hate to single out companies and criticize them, because most of them are trying to do the right thing, but I think it’s important to show examples of what not to do sometimes. If you take a look at the privacy policy of Office Depot (the office supplies retailer), you know from the beginning this was written by a lawyer.
“It is Office Depot’s policy to respect and protect the privacy of our customers and the users of www.officedepot.com (hereinafter, the “Site”). Through this Privacy Statement, we want to reassure users of the Site that we will not sell, share, or rent user information to others in a manner different than as set forth in this Privacy Statement. By accessing this Site, you agree to be bound by the Privacy Statement. If you do not agree to the terms of this Privacy Statement, please do not use this Site. Each time you use the Site, the current version of the Privacy Statement will apply. Accordingly, when you use the Site, you should check the date of this Statement (which appears at the top) and review any changes since the last version.”
Whew! Lotsa bold type they had to put in there to prove in court they really emphasized that part. And, just in case you weren’t sure that this was straight from the legal department, pretty soon you come across a paragraph that looks like it should be read only after ripping off the shrink-wrap.
“Unfortunately, no data transmission over the Internet, or method of electronic storage, can be guaranteed to be 100% secure. As a result, while we strive to protect your information, we cannot guarantee its absolute security. IN NO EVENT SHALL OFFICE DEPOT BE LIABLE FOR SPECIAL, INDIRECT, EXEMPLARY, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO, LOSS OF USE, DATA, OR PROFITS, WITHOUT REGARD TO THE FORM OF ANY ACTION, INCLUDING BUT NOT LIMITED TO CONTRACT, NEGLIGENCE, OR OTHER TORTIOUS ACTIONS, ARISING OUT OF OR IN CONNECTION WITH THE USE, COPYING, OR DISPLAY OF THE CONTENTS OF THIS SITE, EVEN IF OFFICE DEPOT OR AN AUTHORIZED REPRESENTATIVE OF OFFICE DEPOT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.”
The bold type, the capital letters, and the overall impersonal tone of “this is our policy” (take it or leave it) does not convey a sensitivity to what customers are concerned about and just isn’t very human or relational.
Now I am no lawyer (could you tell?), but I just don’t think you need to talk this way to customers. As proof, I looked at several other office supply Web sites to see if their privacy policies looked like something you needed to notarize. They didn’t. They managed to explain things without any sentences in all caps. Here is the beginning of my favorite one, OfficeMax’s privacy policy.
“At OfficeMax, we recognize the sensitive nature of your personal and business information. For your protection, all information transmitted by you to us while visiting this website is secured using the latest technology in software encryption and security. OfficeMax provides this privacy policy in order to demonstrate our firm commitment to Internet privacy and to make you aware of our privacy practices, and of the choices you can make about the way your personal and business information is collected and used by OfficeMax.”
Doesn’t that convey a totally different tone? Now, OfficeMax’s policy might still not be totally understandable to everyone (this stuff can be complicated), but they sure seem like they are trying to relate to their customers more than they are trying to avoid being sued by them.
Big companies don’t have the luxury of always speaking in plain English, even in their privacy policies. But they can at least make an attempt. Happily, the trend is to more and more readable policies, and I applaud that.
But let’s not think too harshly of Office Depot’s legalese because at least they have a privacy policy. Many companies still don’t. If Office Depot did not have a privacy policy, I wouldn’t be able to excerpt it here and criticize it. So I want to at least give them credit for trying.
Does your company have a privacy policy? I don’t care how small you are. And if you do, could your granny understand it? Remember that privacy policies are marketing, not just legal documents. What does your privacy policy convey about your brand image?