Privacy Is As Privacy Does

Make Sure That Your Privacy Policy Matches Your Privacy Actions; On Issues Of Liability, You Will Be Judged On What You Do, Not What You Say.

By Benjamin P. Michaelson

What do you do if someone tells you that they do not want you to use that picture or that piece of information that they provided to you? That should be an easy decision, but does your company make any other privacy claims that governs its use of that information? No? Check your website terms. Check your customer agreements. Check your employee manual. Check your employment posters. (Check with the Privacy Rights Advocacy Group in the shadows behind you.) Chances are that you have made many privacy claims in privacy policies and through other mediums.

As Vizio recently learned, the Federal Trade Commission (FTC) takes this very seriously, and you should too. Since 2014 Vizio smart TVs collected over 100 data points of information from the private owners and users of that TV – without their consent. The collected information included age, gender, marital status, viewing habits, IP information that was crossed referenced with public records to include names and addresses, and scores of other data types. Vizio then commercialized that data … and later paid $3.7MM in fines and other non-monetary damages for doing so without proper customer authorization for collection and use of the data.

The practical takeaway is that you need to reread your privacy policies and agreements to ensure compliance with your commitments, and revise those policies before collecting or using the data in any way that is not authorized. Consumers and the government take the privacy of personal information very seriously, so do potential joint venturers and buyers of a business (we’ve seen many deals fall apart due to privacy policy risks) – so be vigilant about what you do with other people’s data, it is in both of your best interests to do so.