A Long Road to Short Privacy Statements
Computerworld - If 2001 was the year of the verbose privacy statement, 2002 will be a year of intense editing. Why? In two separate opinion polls, consumers said that they want "short, concise" privacy policies that are easy to understand. Only 3% of respondents said they carefully review online notices -- in part because of the complexity of such documents.
My review of the online privacy notices of the Fortune Global 100 revealed that U.S. firms averaged 1,316 words per notice, while businesses in other countries made do with nearly half as many. Our corporate editors will be busier than the rest of the world this year trying to reach the ideal that customers want.
American privacy statements are also hard to understand. Last summer, consultant Mark Hochhauser concluded in a study that the average privacy notice of a U.S. financial institution was readable at the level of a senior in college -- eight years higher than the recommended norm. (By way of comparison, this article reads at a grade 12 level.) Hochhauser says the primary culprits behind these high scores are sentences that never end.
Are the litigious American culture -- and the Gramm-Leach-Bliley Act (GLBA) in particular -- standing in the way of corporate editors seeking to do good? As it turns out, my count shows that the cautious cultures of the largest U.S. financial firms produced privacy policies averaging just 1,011 words -- almost Japanese in precision. So the GLBA doesn't seem to have had a big impact on relative length.
It's the high-tech industry that set the wordiness standard for all industries in this sample, with privacy tomes averaging 1,496 words. IT firms are long on words not because they're afraid, but because they were the first to see how critical privacy will be to their brands, and they overachieved. The American privacy-seal programs have also contributed to the verbosity by advocating lengthy policy templates.
Consumers say they want all corporations to adopt a simple, common format for their privacy policies. This has been the goal of the Platform for Privacy Preferences (P3P) project, which since 1997 has been developing a protocol for browsers to read standardized privacy policies and summarize their contents for users. Adoption has been slow, but with the backing of Microsoft, IBM, AOL and other heavyweights, P3P may yet transform the way consumers interact with privacy notices.
Until then, privacy officers will be streamlining their policies the hard way -- word by bitterly negotiated word.
Cline manages data privacy at Carlson Companies Inc., a Minneapolis-based group of businesses in the travel, hospitality and marketing industries. Contact him at privacy@computerworld.com.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Smarter Commerce is redefining value chain visibility
- Smarter Commerce is redefining the value chain in the age of the customer. It starts with putting the customer at the center of...
- IBM Synchronizes its Commerce 2.0 Strategy with 'Smarter Commerce' Initiative
- On March 14, IBM announced "Smarter Commerce", a strategic initiative that addresses the surging market for Commerce 2.0 solutions that take advantage of...
- Proof Positive - Extended Validation SSL Increases Online Sales and Transactions
- With the threat of identity theft and other types of fraud rampant on the internet, many consumers are reluctant to release their details,...
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in... All E-business White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All E-business Webcasts