Privacy Policy Database Overview and Tutorial How the PPD was created
The Privacy Policy Database is organized around 13 industry sectors, including financial services, healthcare, telecommunications, Internet, tourism and education. Each industry has search capabilities based on privacy policy topics and consumer options. P&AB experts have assembled privacy policies from both company websites and offline mailers. Privacy policies located online were converted into PDF form. Online policies located on more than one webpage were combined into a single PDF file. To provide users with a more accurate account of how consumers would be expected to read and navigate through a policy, the top-level table of contents for policies located on multiple webpages has been given live links. Offline policies have been scanned and placed into a single PDF file in a manner most closely resembling their true appearance. Once the policies were assembled, the P&AB staff coded each policy based on a list of terms thought to be useful to PPD users. Two different types of terms were used for coding.
Some of these terms can have multiple meanings or be interpreted in a variety of ways. Furthermore, actual business practices do not always fit perfectly into a particular category. To ensure accuracy and consistency throughout the coding process, P&AB has created a detailed glossary of all the coded terms and the specific way the each term was applied during the coding process. The Privacy Policy Database provides users with a way to see how other organizations are formulating and expressing their privacy policies. Each industry is distinct and no "model" privacy policy can be all-encompassing or ideal for every company. The nature of the data collected, how it is used and varying business-consumer relationships all require privacy policies to be case-specific. As such, the PPD was set up to provide users with the flexibility to search for policies that meet their organizationŐs objectives. Users can benchmark their policies against those in the same industry, generate a list of policies bound by the same privacy-related federal regulations, or view a list of policies that explain a specific Internet term. What the user can learn from the results is open-ended. For example, users can evaluate the scope of policies among industry peers, or see how organizations explain their use of cookies or other online tracking devices. The Privacy Policy Database does not rank the attributes of a policy, such as readability or content. The policies do provide users with a representative sample of privacy policies within a specific industry. P&AB has coded each organizationŐs privacy policy based on the policyŐs presentation and the specific privacy practices communicated by the organization. P&AB makes no promise that organizations will actually adhere to and comply with the privacy practices laid out in their policies. For example, if a company provides a toll-free number for customers to opt-out of third party information sharing in its privacy policy, then "toll-free number" will be coded as a consumer response method.P&AB does not try to verify that such a consumer response method is actually available or how well it is administered. Conversely, organizations might adhere to certain privacy practices, but fail to explicitly state them in their privacy policy. For example, if Company A provides a toll-free number for customers to opt-out of third party information sharing, but fails to note this in its policy, searching for companies that provide toll-free numbers will not yield Company A. Since privacy policies are a way for organizations to communicate with customers, P&AB has based its coding system only on the terms that are explicitly communicated in the policy. POLICY SEARCH PAGE By checking a term and hitting the search button, a user will generate a list of all policies that apply to that term. For example, checking "banking" and hitting the search button will generate a list of all bank privacy policies. Checking multiple terms and hitting the search button will generate a list of policies that cover ALL of the selected terms. For example, checking "banking," "online," and "cookies" will generate a list of online bank privacy policies that discuss cookies. Online bank policies that do not discuss cookies will NOT be included in the search results.
|
|
RESULT DISPLAY Search results will be displayed on the Result Display page. Users will see a list of organizations with privacy policies that match the desired search criteria. Next to each organization will be a link to a detailed description of the organizationŐs privacy policy. |
RECORD DETAILS This page will present the user with a profile of an organization. All of the terms that apply to the organizationŐs privacy policy will be displayed. Additionally, the Record Details page will allow users to view a copy of the organizationŐs privacy policy.
|
How to interpret terms with multiple meanings Industry-specific meaning While most of the searchable terms have the same meaning throughout all of the policies in the database, the meaning of a select few depends on the particular industry in which the policy falls.
A word about COPPA The Childrens Online Privacy Protection Act mandates specific privacy provisions for companies or groups that either operate commercial Web sites or online services directed at children under 13, or that knowingly collect personal information from children. While all online companies have to be in compliance with COPPA, P&AB has decided to only designate companies that are currently geared toward children or knowingly collect personal information from children as bound by COPPA for the purposes of this database. When COPPA is selected as a search criteria under "Legal Requirements," only companies believed to fall under the "geared toward children" and "knowingly collect information from children" categories will appear on the Results Display page. It is important to note that any organization with an online presence must comply with COPPA if its online information collection and use practices should change. The Federal Trade Commission has jurisdiction over COPPA enforcement, and the law is written in a way that gives the FTC discretion to determine whether or not an organization is making an effort to ensure that childrens information is not improperly gathered or used. The openendedness of the law has caused many organizations to address the issue even when no products and services are directed toward children. Organizations that fall under this category have been coded for Addressing "Child Users," which is located under "Other Criteria."
|