ThePrivacyPlace.org is currently conducting a survey to gauge user comprehension and views on privacy policies. While conducting the survey, we’ve received several pieces of valuable feedback from our participants. One particular area of interest is the lack of enforceability of privacy policies. Many respondants expressed concerned that privacy policies are useless because the privacy practices of an institution may not be in compliance with their privacy policy. Furthermore, the privacy policy may not be a consideration when the business is sold or goes bankrupt.

This is a very good point. However, we cannot abandon privacy policies because of current lack of enforcement. We will need to maintain privacy policies for those mechanisms that are in place, or being put into place, to ensure compliance of the policies. For example, consider the UK Information Commisioner’s Office’s recent unveiling of their new enforcement strategy. David Smith, the new deputy information commissioner, has announced that his office will bring enforcement actions against businesses that deliberately or repeatedly ignore their responsibilities under the Data Protection Act of 1998.

Privacy policies are necessary policies because we require accountability. We need to hold organizations accountable for their privacy practices, and one such way of doing so is to ensure that companies are keeping their promises (via the privacy policies) to consumers.

Read more about the Information Commisioner’s Office’s new Strategy here.

This entry was posted by matthew () on Monday, November 28th, 2005 at 2:48 pm and is filed under Government Programs. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Note: Blog posts are the opinions of their authors and do not reflect the official opinion of the National Science Foundation or North Carolina State University.