Lessons from the Facebook settlement (even if you’re not Facebook)

The terms of the FTC’s proposed settlement apply only to Facebook. But to paraphrase noted legal scholar Bob Dylan, companies that want to stay off the law enforcement radar don’t need a weatherman to know which way the wind blows. What practical pointers can your business take from the Facebook case and other recent FTC actions dealing with consumer privacy?

1) Promises, promises. Not making any privacy promises? Think again. Reread your privacy policy to see just what you’re telling customers and visitors you do with their information. And take a look at the privacy settings and other controls you offer. Like any other advertising claim, what you say about how you handle people’s info has to be truthful, not deceptive, and backed up with objective proof.

2) Legal-ease. Now that you have your privacy policy in front of you, show it to a real person — your receptionist, the guy in the warehouse, a member of your family. If they’re not clear on what it says, chances are your customers aren’t sure either. Yes, run it past Legal, but like the rest of your site, your privacy policy should be clear, direct, and easy to understand. Keep geek-speak and legal mumbo jumbo to a minimum.

3) Attitudes, not platitudes. “We at Acme Industries use every means to protect your privacy and never share your information without your permission.” Some retailers lace their privacy policies with lofty language, but don’t back their words up with actions. Remember: Statements like that aren’t just yadda yadda. They’re promises you have to keep. For example, the FTC settled a case with a company that claimed “We are committed to maintaining our customers’ privacy,” and yet failed to protect personal information from a well-known and easily preventable form of hack attack.

4) Color my world. Let’s face it: A lot of privacy policies mumble “Don’t read me.” The type is tiny and the text is dense. They’re often formatted in snooze-inducing shades of grey, in contrast to the eye-catching graphics on parts of the website designed to sell something. So here’s a crazy idea: How about giving your creative team a crack at rebooting the look of your privacy policy? A little color here, a bigger font there. Why not give it a shot?

5) Ch-ch-ch-changes. For security-minded customers, your information practices may be a key factor in their decision to do business with you. But what if you collected info from them under one set of rules and now want to change what you do? Wise marketers call customers’ attention to the proposed change and get their express OK first. Just editing what you say in your privacy policy won’t alert them to what you plan to do.

6) Time for a tech tune-up. If it’s been a while since you wrote your privacy policy, reconsider it in light of new technology you’ve put in place. What was true back in the day may not be the case if you’ve introduced a mobile app, switched service providers, or made other changes to your business.

7) Natural resources. You’ve got a business to run, so save time and money by using free resources from the FTC. Bookmark the Business Center’s Privacy & Security portal for the latest on law enforcement and plain-language compliance suggestions. Visit OnGuardOnline.gov for tips from the federal government and the technology industry.