TrustArc Blog

Transparency Starts From Within (Your Company)

May 21, 2010

Fran Maier


What is privacy? Privacy is a system that provides its users with transparency, accountability and choice. What does that mean? “Transparency” means there should be openness, clear and prominent expectations surrounding the collection and use of user personal information. If you’re committed to privacy then your users shouldn’t be surprised at what goes on behind the scenes. “Accountability” refers to the notion that parties collecting and processing user personal information need to remain accessible and responsive should problems arise. If a user has a privacy issue with your product or service they should be able to reach you and if it’s a reasonable and realistic request, you should be able to fix it. And finally “choice”: this means providing users with timely and meaningful options regarding the collection and processing of their personal information. Don’t hide choice and don’t make it an afterthought – you should loudly advertise it and make it as prominent as possible in your design. Consumers have a deep appreciation for this consideration and you might just be pleasantly surprised at what users choose when given choices.

Today I want to focus on the “transparency” aspect of privacy and note that providing transparency to your users only works insofar as you understand the full scope and impact of your data collection and processing practices. That sounds obvious (of course you should understand how your website/application/company works), but in a world that produces increasingly complex and sophisticated methods of data collection (think location based advertising served on your mobile phone!) the consumption and generation of data has proliferated to astounding levels, and sometimes people within a company don’t even realize or can’t see the full extent of their data operations.

Last week, I blogged about Facebook. This week, Google joins the party by stirring up European privacy regulators following the revelation that their Google Street view cars designed to snap photos for upload to Google Maps were inadvertently collecting and storing data (personal and otherwise) from unsecured wireless networks in the neighborhoods these cars traveled through. In total some 600 GB of data was collected! The data ranged from the benign to the deeply personal, including snippets of email messages and passwords.

I consider myself an early adopter and embrace technological innovation. But as we continue to push forward into unchartered data collection territory, both online and off, I would ask that custodians of personal information (from businesses to website operators, to app developers and beyond) stop and take the time to carefully evaluate the scope of their data collections. Products and services can have unintended privacy consequences and you shouldn’t use your users as guinea pigs or mining canaries to alert you to data privacy problems. In a world this complex, internal transparency doesn’t just happen – it must be actively encouraged and advanced each and every day. A hard, but not unachievable goal that every company and data custodian should strive to reach.