Privacy notes – read ‘em to make sure you don’t weep

Your data is valuable. Service providers know this, but they also know they have an obligation – often a legal one – to protect your privacy.

That’s why the privacy notes they provide are carefully worded, and it’s why you need to make sure you read and understand them.

Risk Evolves Managing Director Helen Barge was recently asked to review a privacy policy for software that analyses the spend and usage of cloud-based infrastructure. She was expecting the notice to cover low risk administrative data, such as name and email address.

What she discovered reinforced her belief that some companies are over-zealous in the amount and scope of data they collect, and it’s not always clear where your data will end up.

 

The first red flag 🚩 was the company involved transfers data to the US and relies on consent as the safeguard. However, it is difficult for a potential user to give consent freely if they need to provide this to access the product.

A second red flag🚩 was raised when it was revealed the product made use of Google Analytics. Guidance in the privacy policy advised that it was possible for the user to block cookies in their browser. Unfortunately, it was likely that if they followed that route then the product might not work.

Meanwhile, the extent of data capture provided a third red flag 🚩. The policy stated that ‘other data’ may be captured and went on to define this as:
  • sex
  • age
  • date of birth
  • place of birth
  • passport details
  • citizenship
  • registration at place of residence and actual address
  • telephone number (work, mobile)
  • details of documents on education, qualification, professional training
  • employment agreements
  • non-disclosure agreements
  • information on bonuses and compensation
  • information on marital status, family members, social security (or other taxpayer identification) number, office location and other data.

The UK’s Information Commissioners’ Office (ICO) recently produced a short but useful guide on key questions to ask when you are faced with a privacy policy:

  • Is the policy clearly written and easy to understand?
  • Will the provider delete your data when you stop using their service?
  • What measures do they have in place to prevent hackers from accessing your information?
  • Who are they sharing your information with?
  • Are you happy with where your information could end up?

Remember, an organisation that values your privacy will make its policy easy to understand and clearly set out how it will use your information.

Risk Evolves can help you navigate the risks involved in signing up to vague and unnecessarily comprehensive privacy policies.

If necessary, we can help you create your own clear policy. Get in touch for a free no-obligation consultation.

Contact Us01926 800710

More news

Upcoming events