You may be concerned about your online privacy — and should be — but chances are you don’t read website privacy policies.
Few people regularly do, and no surprise. The typical privacy policy is about 2,500 words — roughly a 10-minute read — sometimes, with enough legalese to make Perry Mason wince.
Considering the typical American visits nearly 1,500 websites a year — each with a different privacy policy — it would take about 250 hours to completely read each, estimate Carnegie Mellon researchers. Just skimming all those privacy policies would take about 154 hours, nearly a full week of nonstop reading.
Maybe that’s why a slight majority — 52 percent of those surveyed by the Pew Research Center — mistakenly believe as true this statement: “When a company posts a privacy policy, it ensures that the company keeps confidential all the information it collects on users.”
Not necessarily. A privacy policy is a statement or legal disclosure that details how the website gathers, uses, manages and shares its customers’ information: what personal or financial data is collected, why it’s collected and what is done with it. This information could be your name and email address, credit card account, shopping or searching habits, even a compete dossier of your smartphone use.
That privacy policy should explain if your information is kept confidential or sold/bartered/traded to others — clients or partners that could possibly (if unknowingly) include spammers, scammers and future hacker targets in data breaches.
While reading those privacy policies may not be fun, they can be important. Some tips to tackle them without overtaxing your brain or time, according to the Center for Identity at the University of Texas at Austin:
1. A privacy policy should answer these six questions, says Center for Identity researcher Rachel German:
- Is your data used for secondary use, meaning a reason other than that for which you are explicitly providing it?
- Is your data shared with third parties? If so, does it specify for what purposes? (For example, it’s often a red flag if the policy states that data sent to third parties is used to deliver ads; that could equal a lot of spam in your inbox.)
- What are the terms for sharing your data with the government and with law enforcement?
- Is your data protected in all phases of collection and storage?
- Does the service allow you to delete your data?
- Does the service use your data to build and save a profile for non-primary use?
2. To hone on answers to those specific questions, German recommends using the manual search or “find” option on your browser to find key phrases. She suggests phrases such as “email,” “marketing,” “arbitration,” “waive” or “waiver,” “third-party,” “affiliate(s),” and “opt-out.” Also search the policy for any words and phrases in boldface or all UPPERCASE. Those tend to be important disclosures.
3. Consider an add-on to do the legwork. Released by the Center for Identity, PrivacyCheck is a free extension for Google Chrome that uses a data mining algorithm to provide a graphical, “at-a-glance” look at the ways in which companies use their customers’ personal data. Other companies offer enrollment-based services that search privacy policies and highlight pertinent information.
For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.
Photo: iStock/justock
Also of Interest
- What to know about the “Can you hear me?” scam
- A new breed of con artists
- Get help: Find out if you’re eligible for public benefits with Benefits QuickLINK
- Join AARP: Savings, resources and news for your well-being
See the AARP home page for deals, savings tips, trivia and more.
