3 ‘PRIVACY’ Takeaways from the Google Buzz FTC Settlement in March 2011
As you may have heard, Google settled with the Federal Trade Commission regarding its rollout of Google Buzz and its alleged privacy violations during that rollout. There are a few SAAS privacy or software privacy tips here, so I have tried to outline/simplify them for you.
1) It is All About DEFAULT Privacy Settings. Think about it this way, if you add a new feature to your SAAS service where you connect customers/people/partners, etc. who submitted information subject to your privacy policy, you need to think about whether this feature is by default on or off (open or closed, enabled or disabled . . . you get the idea). I generally think that you should turn these off initially, and then educate your customers why they may want to use that new feature (i.e. it should be their choice). Well, Google got this wrong and opened up Buzz to gmail’s contacts by default, and caused all kind of issues.
2) What Google Learned About its Privacy Policy (and you should know). Most privacy policies state that information subject to the policy will not be used for a purpose other than for the purpose for which the information was disclosed (translated into English, if a customer provides a company registration data then the data should only be used for registration purposes, without that customer’s consent). Read your policy, because it may say something like this. If it does, make sure you know what it means, before the FTC comes a calling.
Here is the actual text from the Google Privacy Policy.
3) Appoint Someone in Charge. I bet you this privacy blunder occurred at Google, as the left hand did not know what the right hand was doing (i.e. their in-house privacy attorneys were probably not aware of the details of the Buzz rollout). You really don’t have that excuse, as unless you are a super large company this mis-communication should not happen. For a SAAS or software company, even if you don’t have an in-house attorney (which of course most don’t), you can appoint someone to be in charge of your privacy policy, which can really help to ensure you are complying with it. Maybe someone in the marketing department?
As you can see this is not that hard, but at least learn the basics of what is going on in the privacy regulatory world, as a simple change of default settings (opt in or out) can cause the Federal Trade Commission to take action against you (not a good thing).
Resources.
Disclaimer:
This post is for informational and educational purposes only, and is not legal advice. Hire an attorney if you need legal advice.