U.S. Leads in Online Privacy Disclosure

Computerworld - The largest U.S. companies do a much better job than their foreign counterparts in putting detailed, meaningful privacy policies on their Web sites. Why shouldn't they celebrate just yet? Because their customers are still confused and disengaged from these online masterpieces. If companies don't find a better way to help customers understand their privacy options, they'll be increasingly attracted to politicians promising "opt-in" regulations for direct marketing.

U.S. corporations are far more consistent than their foreign peers about posting their privacy policies in the most convenient place possible: on the Web. All but two of the 39 U.S. companies in the Global 100 put a link to their privacy statements on their home pages. Sixty-nine percent of Europe's big businesses do so, but only 39% of the Asian firms and none of the Latin American companies on the roster meet this criterion.

U.S. companies are also pioneers in the user-friendly privacy policy. Fourteen of America's largest firms display their policies in a tiered format, putting simple statements first that link to more details and frequently asked questions about their privacy practices. No Global 100 companies outside the U.S. have done this.

U.S. privacy policies are also written more clearly. When I ran Microsoft Word's "Spelling and Grammar" check on the Global 100 privacy notices, only 15% of the sentences in the U.S. policies were written in the passive voice. High use of the passive tense is a good indicator that a company isn't being clear about who's doing what with customer information. Europeans, by comparison, used the passive voice 25% of the time.

	Cline manages data privacy at Carlson Companies Inc., a Minneapolis-based group of businesses in the travel, hospitality and marketing industries. Contact him at privacy@computerworld.com. See more Jay Cline columns.

The privacy statements of U.S. companies are also more than three times more detailed than their foreign counterparts. The average length of a U.S. privacy policy is now 1,681 words, up 28% from last year. The typical European policy, by contrast, is down to 467 words, and the Japanese statement has shrunk to 366 words.

But is this American verbosity an all-around good thing? Open disclosure is the right thing to do, but who wants to read a policy that's twice as long as a typical newspaper article?

As much as U.S. companies excel at telling the world about their data practices, they continue to fall short of getting their customers to comprehend what they're saying. According to a recent University of Pennsylvania survey, 57% of U.S. adults believe that when a Web site has a privacy policy, it means the Web site owner won't share their personal information with other companies. This isn't necessarily true, of course. Sixty-four percent said they knew nothing about online privacy. U.S. companies lead the world in privacy disclosure, but even this leadership isn't yet enough to get customers to really care about their privacy options.