Learning how an organization will use your personal information before you give it out is one approach to preserve your privacy. Most financial institutions, insurance firms, health care providers, government organizations, and e-commerce Web sites now publish information about their privacy policies to their clients and visitors. California law requires commercial Web sites that gather personal information from California residents to display and follow a privacy policy. The statute also covers “internet services.”
Before you fill out a credit application at a shop or bank, or enter your credit card information into an online purchase form, get a copy of the organization’s privacy policy. STOP if you are not satisfied with the provisions of the policy or if you are informed there is no documented privacy policy. Look for a different firm that values its consumers enough to explain how it manages and protects their personal information. A privacy policy should address at least the following fundamental concerns.
What kind of personal information are gathered?
What personal information does the organization get from you? Personal information requested by businesses and government agencies may include your name and home address, home phone number, email address, Social Security number, driver’s license number, financial information such as credit card numbers, bank account numbers, and household income, medical information such as your health insurance plan, diseases or physical conditions, and prescription drugs used, education and employment information.
The types of personal information gathered must be listed in the privacy policy of a commercial Web site or online service that gathers personal information about California customers.
How is information gathered?
An organization may gather information “automatically” via its Web site in addition to requesting you to enter personal information on a paper or online form. Cookies are one method for doing this. Internet cookies are little text files that a Web site you visit places on your computer. A cookie is data about you that your browser keeps and sends back to a website when you visit it again.
Cookies may be used by websites to monitor your purchases as well as the various pages you visit or advertising you click on. Such data may be used to develop a more thorough profile of you, which can then be sold to marketers.
In the privacy policy, look for a description of the site’s use of cookies or other tracking technologies. Visit the Electronic Privacy Information Center’s cookie website for additional information on cookies and how to control them.
Why is the data being gathered?
Is the personal information requested relevant to the transaction? Your name, home address, phone number, and credit card information, for example, may be required for making and sending your purchase. Your family income and leisure activities are not. Pay carefully if a company or website requests more information than is required for the transaction. The additional information’s purpose should be clearly explained. Look for a way to opt out of providing the additional information, or to say no. If you can’t complete the purchase without disclosing personal information that you believe is unnecessary, consider going someplace else.
What is the information used for?
A privacy policy should specify how the entity collecting the personal information plans to utilize the information. Will it just be used to accomplish the transaction that you requested? If other uses are planned, you should be given the option to opt out. For example, if a merchant intends to advertise to you using your information, you should have a simple means to say no. You should be given this option before receiving any unwelcome email advertisements, telemarketing calls, or postal offers.
Who will have access to the data?
Is the company’s or website’s customer information shared with other businesses? Is information shared with affiliates or firms in the same “corporate family”?
A commercial Web site or online service that collects personal information from California customers must indicate the categories of third-party individuals or organizations with whom such personal information may be shared in its privacy policy.
What are your options?
Look for ways to opt out of having your information used for marketing purposes and sharing it with others. It should be simple to opt out, such as by dialing a toll-free number or sending an email.
The better firms and Web sites, according to Consumer Reports’ E-Ratings, do not share personal consumer information with unrelated organizations unless the client consents in advance.
Can you look over or change your personal information?
An organization may allow you to evaluate or seek changes to the personal information it has acquired about you. Look for guidelines on how to achieve this.
Many businesses enable customers to see and request changes to their personal information. If a commercial Web site or online service collects personal information from California residents, it must outline its method for providing customers with access to their own personal information in its privacy policy, which must be displayed on the site.
What security procedures are in place to safeguard your personal information?
The privacy policy should include a basic summary of the security measures that the business employs to protect the personal information of customers and visitors. It should also include security protections that the firm expects from its business partners and contractors.
Secure Socket Layers (SSL), the industry standard for securing private information received over the Internet, should be used by websites that seek personal information. The data is encoded, or jumbled, into a code. This implies that your data cannot be read while it is being sent. Look for security indicators on Web sites where you submit personal information. In the address bar, look for “https” rather than the standard “http.” Look for a closed lock symbol in your screen’s bottom right or left corner. These indicators indicate that the connection is safe. You should stay in this safe zone during the checkout procedure.
Good security also entails implementing robust security methods, such as encryption, to secure personal information kept on workplace systems. It involves technology and methods for restricting access to personal information about consumers to those who need it to execute their tasks.
How long will the company follow through on its privacy policies?
When does the privacy policy go into effect? Is it stated in the policy that the organization will uphold its existing policy in the future? Is it stated that if the policy is changed, customers and site visitors will be notified? Is it stated that customers and visitors will be given the opportunity to opt out of having their information used in accordance with the terms of the new policy?
A commercial Web site or online service that gathers personal information from California residents must publish a policy effective date and information on how customers will be informed of changes in their privacy policies.
Who is responsible for the platform’s privacy practices?
Someone in the organization should be in charge of the organization’s privacy policies and procedures. Is there someone you can contact if you have questions or issues about the policy? Is there a simple method to contact the appropriate person—email or a toll-free phone number?