What to look for in a privacy policy


At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here’s an explanation for

Don’t overlook the fine print

Everyone knows they should read the fine print, but more often than not, they don’t.

An April Fool’s joke three years ago by a British online game retailer underscored just how often consumers will click “I accept” without reading. Almost nine out of 10 GameStation customers gave away their immortal souls after the retailer added a prank clause to its terms and conditions. Buyers could opt out by clicking a link and getting a special discount, but hardly anyone did that day.

If people are so quick to give away their souls, what about their privacy?

In the era of Big Data where companies seek new ways to monetize what they know about you — where you like to shop, whether you take your medicine as prescribed and how much money you make — it’s becoming more important for consumers to know what they share and with whom.

The best way to do that is to read the fine print in company privacy policies. Reading 2,000 words or more can be a hassle, but there are certain keywords to look for that can tip you off as to whether what you’re agreeing to could impact your privacy.

More On Information Privacy:

What is collected?
What is collected? © Pressmaster/Shutterstock.com

Is the company asking for some information from you? If so, it’s a good bet that any personal information you voluntarily enter into a website form, such as your name, billing addresses, shipping addresses and purchase information, is collected by the company. What’s not so obvious is the other electronic information, known as tracking cookies, that is also gathered, says Aaron Messing, a privacy attorney at OlenderFeldman LLP in New Jersey.

For example, Amazon culls information on whatever Internet browser you use, your time-zone setting, your operating system and purchase history. The company also can collect location information when you download its apps.

Messing recommends offering only the necessary information to complete a purchase. Leave any unrequired fields, such as age, race or sex, blank.

Avoid linking accounts to your social media accounts, too, says Professor Jim Gibson, the director of University of Richmond (Va.) School of Law’s Intellectual Property Institute. Stick to the tried-and-true strategy of designating an email just for your online transactions.

Also, when looking over the agreement, look for words such as “collect” and “gather” that can tip you off to what they might be doing with your information.

“You can’t expect the law to help you. You’re your own best self-help,” Gibson says. “The best thing you can do is limit the amount of personal information you convey.”

More On Information Privacy:

How is your information used?
How is your information used? © Tashatuvango/Shutterstock.com

Once you know what information a company has, check the privacy notice to find out what the company will do with it. Unfortunately, the explanation often can be vague and seem innocuous, says David Jacobs, the consumer protection counsel for the Electronic Privacy Information Center.

“Almost every company states that it will use personal information to improve its products and services,” he says.

For instance, Facebook faced stiff opposition two years ago when it tried to loosen its privacy controls and give mobile app developers the ability to see a Facebook user’s home address or cellphone number. The company faced more criticism this year when it wanted to sell Instagram users’ photos to advertisers.

“If you were a consumer who objected to one of those developments,” says Jacobs, “it would have been very difficult to read the privacy policy and know exactly what was coming.”

In those instances, keep an eye out for changes in privacy policies. Google’s privacy policy has undergone a dozen revisions since its first edition in 1999. Policies usually can change at any time to authorize practices that you didn’t originally OK, says Jacobs. Look for the phrases “how we use” or “conditions of use” when looking at changes or when first signing an agreement so you know what a company plans on doing with your information.

More On Information Privacy:

Who sees your information?
Who sees your information? © Sergey Nivens/Shutterstock.com

Now you know what is being collected and how it’s being used. But who else gets a gander at your personal information? Many companies share consumer information with affiliates and third parties. It’s important to know who those parties are.

Look out for phrases such as “trusted partners” or “selected companies” and what they do, says Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse.

“In some cases, companies may share for order fulfillment, if they outsource it,” says Stephens. “It will be difficult to handle that order without sharing.”

But in other instances, companies may share the information for “service enhancement” or “marketing purposes,” says Jordan Kovnot, another privacy attorney at OlenderFeldman LLP.

“Which basically means we can rent, sell or give away everything we know about you to whoever we please,” he says.

Look for opportunities to opt out of the sharing, says Gibson. Financial institutions are required by law to allow you to not have your information shared with certain third parties. Other companies may offer opt-out provisions. Otherwise, you may be out of luck.

“There’s only so much you can opt out from,” says Gibson.

More On Information Privacy:

How secure is it?
How secure is it? © Lichtmeister/Shutterstock.com

If you decide to do business with a company and, consequently, share your personal information, make sure to check on their security measures. Look for a security certification seal or at the very least, to see if the company offers a way for consumers to update information that the company has on file.

Every privacy policy should include an email or other contact information in case you feel your personal information was compromised. Messing recommends asking websites how long they retain your information and what rights you have to delete your information, including the data that have been shared with third parties.

And many websites won’t collect personal information from children under a certain age. Apple says it will delete any information that unknowingly comes from a minor under 13.

“Ultimately, if a company is strong on privacy, they will advertise this fact directly,” says Jacobs. “You won’t have to wade through the privacy policy to find it.”

More On Information Privacy: