Enonymous.com, a company best known for its digital wallet, has released a report on the privacy policies of over 30,000 Web sites. The good news is that most of these sites have policies. The bad news is that these policies don't promise much.
Still, there's a large gap between posting a policy and posting a good one. Junkbusters founder Jason Catlett points out that most of today's policies "are not promising a whole lot of privacy and what they are promising appears to be getting worse."
The Internet Privacy report agrees with that verdict. Only 3.5 percent of the surveyed sites have policies that earned enonymous' highest rating: four stars.
To make that grade, a policy must promise not to contact you without permission, and not to share personally identifiable information with third parties. It must also promise not to suddenly change.
Tim Kane, enonymous' Director of Privacy and co-author of the report uses Amazon.com as an example. The bookseller "has a great policy," he says, except for one sentence that "admits that the policy can change at any time." Enonymous.com gives Amazon a low one-star rating.
Bigger Is (Usually) Better
As a rule, bigger sites did better than smaller ones, although there's still plenty of room for improvement.
A full 8.6 percent of the top 1,000 sites made the four-star rating. Why? According to Kane, "Bigger sites know how to write a better policy."
Who Measures Up?
What the report doesn't measure is how well companies live up to their own stated policies--a far more difficult problem to measure.
While breaking promises could get a company into legal hot water, it's not unheard of. A study published in January by the California Healthcare Foundation found "instances where personally identified data is transferred to third parties in direct violation of stated privacy policies."
Such out-and-out lying is probably rare. It's much safer to tell the truth in such a way that most people will never figure out what you're saying.
According to Junkbuster's Catlett, the hidden meaning in most privacy statements is "Yes, we'll sell your information, and if you don't like it, you can go and pound sand."