Why Is a Privacy Policy Important?

By , November 10, 2010

A reader asked why I pointed out that certain directory sites lacked a privacy policy, in my “Affiliate Program Directories” page.

A privacy policy is one of the most basic requirements for any professional web site. If a web site doesn’t have a conspicuous link to a privacy policy, it simply isn’t very professional, and is less trustworthy.

Consumers constantly evaluate the trustworthiness of web sites they visit, and they recognize that most professional, credible web sites include certain important links, including “privacy policy,” “about us,” and “contact us.” The presence of those links only provides a very subtle reassurance, but the absence of any of those links is a huge “red flag.”

Note that the actual content of the privacy policy isn’t nearly as significant as its presence. A web site could conceivably have a privacy policy that says, “we will track everything you do, and gather as much information as possible, and then sell your information to the worst people on the planet to use for any nefarious purpose.” While that would be quite unprofessional, very few consumers ever click to view a site’s privacy policy.

In March 2002, I posted information about the impact of privacy policies on visitors to an e-commerce merchant, in the I-Privacy Digest email discussion list. The most significant observation, drawn from a brief “slice” of one merchant’s log-file data:

“Of the 359 customers who actually placed orders, only 10 had reviewed the privacy/security policy during the same visit.” (Who Reads Privacy Policies?, in I-Privacy Digest #3, March 28, 2002.)

2 Responses to “Why Is a Privacy Policy Important?”

  1. Mark Welch says:

    Here’s the text of my relevant 2002 posts to the I-Privacy discussion list:

    From the I-Privacy Discussion List (March 28, 2002 Issue # 003)

    ===> TOPIC: WHO READS PRIVACY POLICIES?

    From: Mark J. Welch

    Mike Valentine reported (in I-Privacy #001):

    >> “Harris found that 91% of US consumers say they would be more likely to do business with a company that verified its privacy practices with a third party.” < <

    Steven Rothberg replied (in I-Privacy #002):

    >> I’d be interested in learning how many of the 91 percent say they would be likely to spend even five seconds reading the privacy policies of companies with which they are considering doing business. My experience is that the vast majority of users say that they are concerned about privacy, but their actions are completely inconsistent with those concerns. < <

    That’s a really good question, which I answer with some “hard numbers” below.

    I thought Steven was right: I thought I was “one of the few.” I always check the privacy policy before I place an online order. I usually check the privacy policy before providing my email address or other information. I rarely read the whole thing — but I always check to see that there is a privacy policy (I would never order from a firm that didn’t have one). And I usually check the terms quickly to make sure the policy doesn’t say “we will give all your private info to everyone.” Before ordering, I also always check to make sure the company lists its address and telephone number somewhere (and usually you can find it at the end of the privacy policy).

    And it certainly would be entirely reasonable for consumers who rely on a third-party verification of the privacy policy, to then not bother reading the privacy policy — that’s one reason to have third-party verification.

    But none of this is meaningful without some “real world” numbers, so here goes:

    I ran a WebTrends analysis for a very short interval of traffic at MovieGoods.com (an online retailer of movie posters).

    During that short period:

    • the site received more than 30,000 visitors – 362 visitors put something in the “shopping cart”
    • the “Shipping Info” page was requested 155 times by 145 visitors
    • Orders were actually placed by 138 customers
    • the “About Us” page was requested 132 times by 116 visitors
    • the “Privacy/Security” page was requested 91 times by 84 visitors

    This certainly suggests that a significant number of people did check the privacy policy before placing orders.

    I am sure that not all of the 84 people who checked the privacy policy, actually placed orders, and I would be quite surprised if 50% of customers (people placing orders) ever checked the privacy policy. I don’t have the time to trace how many of the 138 people who placed orders also checked the privacy policy (and in any event, some of them might have checked during an earlier visit before the time period I analyzed, and some of the people checking the privacy policy might have ordered at some later time). I also did not check to see what “path” consumers used — did they check the privacy policy before adding items to their carts, or while starting the checkout process, or only when they were asked for a credit card number?

    My conclusion is that a “significant” number of actual customers have read the privacy policy before placing an order. I think this means more attention should be paid to writing clear and concise privacy policies, and making sure that links to the policy appear on every page of the site so consumers can check the policy whenever they want. Also, since shoppers probably check the “privacy page” quite late in the shopping process, and are apparently preparing to “commit” the order, this page might be used to present other information relevant at the “close” (such as a prominent link to shipping info).

    * * *

    ===> TOPIC: WHO READS PRIVACY POLICIES? FOLLOW UP

    From: Mark J. Welch

    After my earlier analysis, I ran a new WebTrends report on another slice of MovieGoods traffic, looking only at requests for two files: the privacy/security page, and the “order confirmed” page.

    As Steven suspected, the overlap is minimal. Of the 359 customers who placed orders, only 10 had reviewed the privacy/security policy during the same visit.

    From the I-Privacy Discussion List (March 28, 2002 Issue # 003)

  2. Mark Erney says:

    Well, I believe it’s time to add a privacy policy to my web site after 10 years of having none. I’ve never put one on my web site because I DO NOT COLLECT “ANY” information and use no third party ads or cookies. We gather NO information other than basic browsing stats. But I’m figuring out now, “If you don’t tell people that, how will they know”? So I’m gonna put together at least a basic template today and see if it makes any improvements on how many people contact me. For as many hits as I get each day, it seems like I would get more email inquiries. My thought is, maybe people are leery that I would sell their email address. So it’s time to tell people I do not try to profit from their visit to my web site. I just want to get them there and communicating with me about possible work. People’s privacy is a HIGH PRIORITY to me. So it’s definitely time to let them know. Thanks for the forum information. My work is “professional”, so my web site should be also.

Leave a Reply

*

OfficeFolders theme by Themocracy