Washington State

Office of the Attorney General

Attorney General

Bob Ferguson


SEATTLE - Feb. 7, 2002 - With as many as 94 percent of Americans concerned about possible misuse of personal information, the business community has a strong interest in promoting consumer privacy policies that bolster consumer confidence.

 Privacy Report
(MS Word 401K)

(Acrobat PDF 308K)

 2/26/02 Addendum
Microsoft: Privacy Best Practices Comments
(Acrobat PDF 87K)

That’s the conclusion of a new report issued by the Washington State Attorney General’s Office and the University of Washington that provides businesses with a menu of “best practices” designed to help increase consumer confidence.

The report, issued today as part of National Consumer Protection Week, offers businesses examples of clear and effective privacy-policy disclosures and suggests ways businesses can safeguard consumer privacy. It also encourages consumers to look for those safeguards when doing business offline and online.

In order to increase consumer confidence, businesses need to do a better job of informing consumers about ways they can protect their privacy, said Attorney General Christine Gregoire. For example, when Congress ordered banks to explain how customers could limit the spread of their private information, only 5 percent took advantage, largely because the notices were written in jargon that most people couldn’t follow.

“These were notices that only a lawyer could love,” Gregoire said. “Not even the most diligent consumer was willing to wade through the small print and convoluted language.”
That’s why it is so important - in both the online and brick-and-mortar world - for businesses to summarize their policies clearly, conspicuously and in plain English. The report states that even if businesses, regulators and consumers can’t agree on what a good privacy policy should include, companies should nevertheless spell out their policies in clear and understandable ways.

“This is an attempt to spell out what we believe the ideal privacy policies are,” said study co-author Anita Ramasastry, associate director of the UW’s Shidler Center for Law, Commerce and Technology.

Co-author Paula Selis, a senior counsel with the Attorney General’s Office, said the need for safeguards is obvious, given the 1,000 complaints about privacy violations and identity theft that her office has received in the last year and a half. “Consumers are obviously very concerned about this issue,” said Selis.

Most importantly, the report calls for Internet businesses’ privacy policies to be posted in clear, simple language, in the form of a one-page summary, with the full text of the privacy policy consigned to linked Web pages. In the case of brick-and-mortar businesses, a one-page summary should be provided with references to an attached comprehensive version of the policy.

The report also encourages businesses to implement safeguards to keep customers’ private information from leaking out internally.

Industry self-regulation is needed, the report’s authors said, because the United States has no comprehensive privacy law, and tort laws do not prevent the collection and use of private information by private businesses. The report attempts to give the industry a guidepost to self-regulations through “best practices” that companies can adapt to their needs.

However, Ramasastry said, there will be tradeoffs between ease of use and keeping personal information private.

“Time conscious consumers have come to rely on the type of customized products and services that require high-tech data gathering,” she said, “including quick access to credit, being able to buy and sell stocks quickly and having the ability to check bank balances.”
The full report is posted at http://www.law.washington.edu/lct/ and at /pubs/PrivacyPolicy1.doc