The Shocking Truth Behind Privacy Policies in the Enterprise

Post Date: 07/23/2014
feature image
I recently had the opportunity to discuss the current state of privacy policies and how to make them more effective for an article on TechRepublic. In a world where online privacy is of utmost importance, consumers often do not meet companies halfway by reading privacy policies advertised on websites. Why don’t we take the time to even glance through them, but instead blindly click accept? It’s simple: We avoid reading the lengthy, jargon-filled content so we can begin using the service we downloaded, bought, or installed as quickly as possible. In the article, I highlight four distinct causes and effects surrounding privacy policies:
  • Consumers don't read a website's privacy policy.
  • If consumers attempt reading the website's privacy policy, most fail to understand the details.
  • Website owners want to eliminate all possible liability, meaning privacy policies are loaded with legalese.
  • Website privacy policies may not represent what the company is actually doing.
So how we begin to reverse this trend and create a more honest, transparent privacy policy process? Because of the high rate of data influx, most companies should look at software tools to help identify risks and provide real-time solutions when it comes to assessing customer data privacy. From experience, I have learned that does not mean just any software. The software should have the following attributes: Say it: After establishing information privacy policies to ensure the security of sensitive or regulated content; be sure your selected process is in accordance with U.S., international, and vertical-specific compliance regulations. Do it: Determine the risk severity of the captured data using advanced risk calculators. Look for a software tool with options such as highlighting areas that violate the specified compliance standards or guidelines as well as providing multiple perspectives on potential risk. Prove it: Prove policy compliance with ongoing monitoring, detailed reporting, and incident tracking. Effective tools produce detailed reports of preventative and corrective actions taken to ensure content is uploaded, stored, classified, and secured in accordance with information governance policies. To read more about the lack of honesty in the relationship between companies and their customers when it comes to privacy policies, please visit TechRepublic. To learn how AvePoint Compliance Guardian allows you to say it, do it, and prove it, please visit our website.

Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: Twitter:

View all post by Dana S.

Subscribe to our blog