Share with your friends

Rocket Lawyer news about business law

Privacy as a Commodity Brings Business Opportunities — and Liabilities

A few years ago, businesspeople everywhere would have nodded in agreement with the words of cryptographer Bruce Scheiner: “privacy never seems to sell. Those who are interested in privacy don’t want to pay for it.” But change is in the air, and if you believe recent reports, privacy is the next big thing. What’s behind this shift in the notion of Internet privacy?

In the past, while Internet users worried about how their identifying information was gathered and used, there was not much they could hope to know about their own data. In order to control the flow of their own information, their only choice was to pay for costly software, and limit their online activity, thereby excluding themselves from the conveniences and rewards of social media use and e-commerce. According to the 2006 Privacy report by Harvard’s Berkman Center for Internet and Society, “too often the costs of withholding, in the interest of privacy, will appear higher than both the values of the information withheld and of the privacy gained from withholding it.” Even companies that tried to protect their customers’ privacy had a hard time doing so: very few laws exist to regulate privacy practices, and the proliferation of third-party cookies makes it difficult to track just who knows what.

The difference between the privacy concerns of a few years ago and the ones now doesn’t have to do with changes in the landscape—if anything, there are more tracking bugs and advertising companies than ever. Instead, what’s changed is that Internet users now know more about who is accessing their information and how it’s being used. With this knowledge comes a desire to share the profits flowing through the Internet advertising market. It’s not so much a question of keeping personal information secret, but a question of making informed choices about how to use that information.

This shift is potentially great news for businesses with an online presence, as it opens new markets. But once customers become partners, and personal data is treated like property, other legal issues arise. While the Internet remains a somewhat lawless place, there are some best practices and even some legal tools that companies can implement to help both their customers and their business. Here are a few things to consider about privacy and your business.

Disclose Privacy Policies
Privacy and honesty go hand in hand, which is why it’s a good idea to post your company’s Online Privacy Policy up front. But you may need to go one step further than merely posting your legal rules: after Facebook received criticism for its lengthy and labyrinthine privacy policy, which made it hard for users to understand how to control their privacy settings, it worked on translating the jargon from legal-ese into a more comprehensible format.

Part of honesty in a privacy policy is transparency. Disclose any practices that you think some users may be concerned about. If you use cookies to track your customers, let them know. U.S. courts have ruled that it’s legal to deploy cookies, and cookies in and of themselves aren’t bad— in fact, they can make your customers’ lives easier by remembering passwords, preferences, and contents of shopping carts. At the same time, customers may wonder who has access to their information, and in what form. If you tell them up front how and why you use cookies, they may be more willing to go forward with a transaction.

However, if you’re going to notify your customers of cookie use, you may also need to look into any third party cookies on your site, some of which you may not even be aware existed. This is particularly true of Flash cookies, which users can’t remove. Tracking companies sometimes hide files within free software or within other tracking files and ads, which could mean that you are inadvertently installing cookies on your customers’ computers.

Treat data like a commodity, and protect it as such
“Data is a new form of currency,” said Shane Green in a recent Wall Street Journal article. Green is the chief executive of a Washington-based start-up that lets individuals provide their personal information to advertisers for a profit. He’s not the only one with this idea: similar companies are popping up across the US and even in the UK as consumers realize that while they can’t protect all their information, they can monetize it. Once people start to think of their identity as a product that can be exchanged for services, this could open more business opportunities for your company.

While offerings of increased privacy services alongside opportunities to share information and profits could bring in more customers, they could also present more liability risks. Just as you would have a legal document in place for sharing actual or intellectual property with a contractor or partner, contracts may be a good way to protect you from liability when it comes to personal data transactions. Whether it’s in the form of a Privacy Policy, a Terms of Service Agreement, or even something similar to an Activity Release of Liability, you may wish to hire a lawyer to draft a document that suits your needs.

Create Internal Policies
While respecting and protecting customers’ privacy is important, don’t forget to protect your own company’s privacy. Creating internal privacy policies helps your employees understand their personal rights, and also gives you legal resource in the event that any private materials are leaked.

Business owners may already use Confidentiality Agreements or Non Disclosure Agreements when it comes to employee or contractor relationships, but they may not know about other legal documents that can help them manage internal information. One important but little-known form is a company E-mail Policy. If an e-mail system is owned by an employer, the employer has the right to inspect the contents of employee e-mails stored on the system. Any e-mails sent from a business location or using company equipment are probably not private. In most states, there is no law requiring employers to notify employees  that e-mail or internet systems are monitored. Internet policies are similar to e-mail policies in that they explain what the companies considers is acceptable or unacceptable use of its Internet system.

Related articles

Comments are closed.