Why Is a Privacy Policy Important?
A reader asked why I pointed out that certain directory sites lacked a privacy policy, in my “Affiliate Program Directories” page.
A privacy policy is one of the most basic requirements for any professional web site. If a web site doesn’t have a conspicuous link to a privacy policy, it simply isn’t very professional, and is less trustworthy.
Consumers constantly evaluate the trustworthiness of web sites they visit, and they recognize that most professional, credible web sites include certain important links, including “privacy policy,” “about us,” and “contact us.” The presence of those links only provides a very subtle reassurance, but the absence of any of those links is a huge “red flag.”
Note that the actual content of the privacy policy isn’t nearly as significant as its presence. A web site could conceivably have a privacy policy that says, “we will track everything you do, and gather as much information as possible, and then sell your information to the worst people on the planet to use for any nefarious purpose.” While that would be quite unprofessional, very few consumers ever click to view a site’s privacy policy.
In March 2002, I posted information about the impact of privacy policies on visitors to an e-commerce merchant, in the I-Privacy Digest email discussion list. The most significant observation, drawn from a brief “slice” of one merchant’s log-file data:
“Of the 359 customers who actually placed orders, only 10 had reviewed the privacy/security policy during the same visit.” (Who Reads Privacy Policies?, in I-Privacy Digest #3, March 28, 2002.)
Here’s the text of my relevant 2002 posts to the I-Privacy discussion list:
From the I-Privacy Discussion List (March 28, 2002 Issue # 003)
===> TOPIC: WHO READS PRIVACY POLICIES?
From: Mark J. Welch
Mike Valentine reported (in I-Privacy #001):
Steven Rothberg replied (in I-Privacy #002):
That’s a really good question, which I answer with some “hard numbers” below.
I thought Steven was right: I thought I was “one of the few.” I always check the privacy policy before I place an online order. I usually check the privacy policy before providing my email address or other information. I rarely read the whole thing — but I always check to see that there is a privacy policy (I would never order from a firm that didn’t have one). And I usually check the terms quickly to make sure the policy doesn’t say “we will give all your private info to everyone.” Before ordering, I also always check to make sure the company lists its address and telephone number somewhere (and usually you can find it at the end of the privacy policy).
And it certainly would be entirely reasonable for consumers who rely on a third-party verification of the privacy policy, to then not bother reading the privacy policy — that’s one reason to have third-party verification.
But none of this is meaningful without some “real world” numbers, so here goes:
I ran a WebTrends analysis for a very short interval of traffic at MovieGoods.com (an online retailer of movie posters).
During that short period:
This certainly suggests that a significant number of people did check the privacy policy before placing orders.
I am sure that not all of the 84 people who checked the privacy policy, actually placed orders, and I would be quite surprised if 50% of customers (people placing orders) ever checked the privacy policy. I don’t have the time to trace how many of the 138 people who placed orders also checked the privacy policy (and in any event, some of them might have checked during an earlier visit before the time period I analyzed, and some of the people checking the privacy policy might have ordered at some later time). I also did not check to see what “path” consumers used — did they check the privacy policy before adding items to their carts, or while starting the checkout process, or only when they were asked for a credit card number?
My conclusion is that a “significant” number of actual customers have read the privacy policy before placing an order. I think this means more attention should be paid to writing clear and concise privacy policies, and making sure that links to the policy appear on every page of the site so consumers can check the policy whenever they want. Also, since shoppers probably check the “privacy page” quite late in the shopping process, and are apparently preparing to “commit” the order, this page might be used to present other information relevant at the “close” (such as a prominent link to shipping info).
* * *
===> TOPIC: WHO READS PRIVACY POLICIES? FOLLOW UP
From: Mark J. Welch
After my earlier analysis, I ran a new WebTrends report on another slice of MovieGoods traffic, looking only at requests for two files: the privacy/security page, and the “order confirmed” page.
As Steven suspected, the overlap is minimal. Of the 359 customers who placed orders, only 10 had reviewed the privacy/security policy during the same visit.
From the I-Privacy Discussion List (March 28, 2002 Issue # 003)
Well, I believe it’s time to add a privacy policy to my web site after 10 years of having none. I’ve never put one on my web site because I DO NOT COLLECT “ANY” information and use no third party ads or cookies. We gather NO information other than basic browsing stats. But I’m figuring out now, “If you don’t tell people that, how will they know”? So I’m gonna put together at least a basic template today and see if it makes any improvements on how many people contact me. For as many hits as I get each day, it seems like I would get more email inquiries. My thought is, maybe people are leery that I would sell their email address. So it’s time to tell people I do not try to profit from their visit to my web site. I just want to get them there and communicating with me about possible work. People’s privacy is a HIGH PRIORITY to me. So it’s definitely time to let them know. Thanks for the forum information. My work is “professional”, so my web site should be also.