How to hide privacy violations in a privacy disclosure statement, part 2
It seems that nearly every privacy statement somebody sends me doesn’t actually protect my privacy. They start out saying all sorts of great things, like
Company X is committed to maintaining the privacy of its customers.
After the section listing what information they collect, there’s the section describing who they will disclose it to.
We do not share non-public personal information with outside parties except as permitted by law…
Oh, gee, thanks. Your policy is not to do anything illegal. And you need a privacy statement for this?
Actually, it’s worse, The full sentence goes like this:
We do not share non-public personal information with outside parties except as permitted by law or as is necessary to service customer accounts.
Notice the “or” rather than the “and”. That means that they reserve the right to violate the law if it is necessary to provide service to a customer.
And then, if they haven’t already promised to protect nothing, they throw this in:
Additionally, except as prohibited by law, we may disclose non-public personal information to companies that perform marketing services on our behalf or to other institutions with whom we have joint marketing agreements.
Translation: We will sell your personal information to other companies for marketing purposes to the maximum extent permitted by law.
But that’s okay, because they restate their commitment to privacy in a final italicized paragraph.
Protecting the confidentiality of your non-public personal information remains a priority for us, and is one way in which we respond to the trust you have placed in our organization.
Because if you put it in italics, you really really mean it. Even if the other stuff contradicts it.