Perspective: Do as you say, not as you do

On the surface, it sounds encouraging: a great majority of Internet users in the United States report that they know how and take active steps to protect their privacy when they are online.

Yet, a bit of drilling down proves that most of them still are not safeguarding their personal information.

This news comes to us via a recent survey by TRUSTe, an organization that helps consumers and businesses identify trustworthy online entities through its Web Privacy and Email Privacy Seals, and TNS, a market information group that claims to be the world's largest provider of custom research and analysis.

Specifically, the survey documents that 86 percent of American Internet users say they are knowledgeable about protecting their private information, while 57 percent say they consistently take necessary steps to do so.

Notwithstanding such affirmative proclamations, the survey reveals that most Internet users do not read privacy policies posted on Web sites, which is one of the best means to learn how private information will be handled.

Moreover, only 28 percent of respondents report that "most of the time" they check to ensure that Web sites even have privacy policies. And, only 20 percent actually read privacy policies when they are posted. On top of that, only 5 percent frequently check back to find out if privacy policies have been changed.

TRUSTe, based on guidelines issued by the Federal Trade Commission, recommends that Internet users implement various actions to protect their personal information on the Internet. Unfortunately, the survey shows that a minority of Internet users have implemented 8 of the 11 recommended actions, as follows:

• 45 percent have used more than one e-mail address, such that one is reserved only for private communications.

• 43 percent have read privacy policies posted on Web sites.

• 37 percent have taken steps to back up important files.

• 33 percent have provided e-mail addresses and other information in a way that would not disclose their identity.

• 33 percent have changed passwords regularly.

• 26 percent have sought out third-party privacy seals or certifications.

• 16 percent have put e-mail encryption in place.

• 12 percent have logged in to Web sites anonymously.

There is a bit of good news. Most Internet users have followed three of the recommended actions, as follows:

• 81 percent have utilized antivirus, antispyware or firewall software.

• 76 percent have updated such software.

• 67 percent have put in place measures to block pop-ups, reject cookies or block certain sites.

With further education, more American Internet users hopefully will follow all 11 of TRUSTe's privacy practice recommendations. Let's all get the word out, especially as we approach the holiday season and more people will be going online to make purchases while revealing private information.

Biography
Eric J. Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual-property disputes. To receive his weekly columns, send an e-mail to ejsinrod@duanemorris.com with "Subscribe" in the subject line. This column is prepared and published for informational purposes only, and it should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

More Perspectives

[skeptik]

good impossible advice.

"On top of that, only 5 percent frequently check back to find out if privacy policies have been changed."

Only a moron would consider this a reasonable expectation. How long would it take to routinely check every place I have a login to see if there are changes to the policies? How many even fully understand the legalese these policies are written in?

How about a no exceptions law that makes it illegal for anyone to use any personal information for any reason at all unless explicitly granted permission by the individual described by the information. And real penalties for organizations that violate the law. Simple.

[Hoser McMoose]

Does anyone actually trust privacy policies?

A lot of these recommendations seem to be based on the assumption that privacy policies are worth the electrons they're stored in! Honestly does anyone actually believe that privacy policies are followed? I sure as hell don't! I've signed up (with disposable e-mail addresses) for several accounts that quite clearly state in their privacy policy that they don't sell user information, but two weeks later and that e-mail address is filled with spam.

Ok, maybe government organizations and banks might be trustworthy. Others organizations might *THINK* they that won't violate their own privacy policies, but do so anyway due to their own incompetence (case in point: AOL releasing users search data). Others still don't release info intentionally only to have their information stolen when their website gets hacked.

Honestly, reading privacy policies is mostly a waste of time. The real trick is to *NEVER* provide real information to ANYONE on the internet. Unless you absolutely know that some organization has a real and valid requirement to ask your real name, address, date of birth, etc. then I would highly recommend lying when asked.

[Hoser McMoose]

Reason for their recommendations

Ahh, never mind, I just checked out TRUSTe's website and all of a sudden it's obvious WHY their are making such pointless recommendations: they sell privacy policies. What an utterly pointless business, they might as well sell "Honest Person" badges for people to wear around town.