Regulation may be the only way to improve website privacy policies according to former Australian Privacy Commissioner, Malcolm Crompton.
Speaking at the Gartner Security & Risk Management Summit in Sydney, Crompton was responding to the results of a privacy sweep by current Commissioner, Timothy Pilgrim, which found that nearly 50 per cent of website privacy policies were difficult to read. On average, policies were over 2600 words long.
Crompton, who now works as managing director of Information Integrity Solutions, told media that companies should “start again” if their policy is not easy to read.
“The utility of a privacy notice is not about informing the individual. It is protecting the company against almost anything,” he said.
“If the company’s intent is to defend rather than inform, those policies will continue to be long.”
He added that global regulators may need to step in if website privacy policies are going to improve in the future.
- Privacy Amendment Bill passed, gives commissioner far-reaching powers
- Cyber security economics like a Ponzi scheme: Gartner
- Internet of Things expands security threat landscape: Gartner
According to Crompton, companies should create a layered privacy notice where the policy’s key points are contained on one page. The user can then access a longer privacy notice where more detail is set out.
He added that a policy should set out all the possible uses of customer information and how it is collected.
“If you come across a [privacy] document which is 2000 words long than you have to start asking yourself `How easy is this organisation to deal with and what is it they are trying to bamboozle me with?’
McMillan said that 80 per cent of the website policies he has read are "very long" while the remaining 20 per cent used plain language.
“It might be we have a consumer uprising in the future where the market will decide- are you easy to do business with or not? If you’re not, I will go to someone who is.”
Follow Hamish Barwick on Twitter: @HamishBarwick