Privacy policies or privacy codes are an organization’s guidelines for protecting the privacy of its customers, clients, and employees.

In many corporations, senior management has begun to understand that when they collect vast amounts of personal information, they must protect it.

In addition, many organizations give their customers some voice in how their information is used by providing them with opt-out choices.

The opt-out model of informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.

Privacy advocates prefer the opt-in model of informed consent, which prohibits an organization from collecting any personal information unless the customer specifically authorizes it.

Data Collection

Data should be collected on individuals only for the purpose of accomplishing a legitimate business objective.

Data should be adequate, relevant, and not excessive in relation to the business objective.

Individuals must give their consent before data pertaining to them can be gathered. Such consent may be implied from the individual’s actions (e.g., applications for credit, insurance, or employment).

Data Accuracy

Sensitive data gathered on individuals should be verified before they are entered into the database.

Data should be kept current, where and when necessary.

The file should be made available so that the individual can ensure that the data are correct.

In any disagreement about the accuracy of the data, the individual’s version should be noted and included with any disclosure of the file.

Data Confidentiality Computer security procedures should be implemented to ensure against unauthorized disclosure of data. These procedures should include physical, technical, and administrative security measures.

Third parties should not be given access to data without the individual’s knowledge or permission, except as required by law.

Disclosures of data, other than the most routine, should be noted and maintained for as long as the data are maintained.

Data should not be disclosed for reasons incompatible with the business objective for which they are collected.

One privacy tool available to consumers is the Platform for Privacy Preferences (P3P), a protocol that automatically communicates privacy policies between an electronic commerce Web site and visitors to that site. P3P enables visitors to determine the types of personal data that can be extracted by the sites they visit. It also allows visitors to compare a site’s privacy policy to the visitors’ preferences or to other standards, such as the Federal Trade Commission’s (FTC) Fair Information Practices Standard or the European Directive on Data Protection.

Despite privacy codes and policies, and despite opt-out and opt-in models, guarding whatever is left of your privacy is becoming increasingly difficult. However, several companies are providing help in maintaining your privacy, as illustrated by the following examples,

• Snapchat (www.snapchat.com): This smartphone app is a picture and video viewer, marketed to teenagers, that offers the illusion of security because “snaps” automatically self-destruct. The app also contains a notification feature that lets you know if someone performs a “screen grab” of any photos that you send.
• Wickr (www.wickr.com): This smartphone app allows you to send military-grade encrypted texts, photos, and videos to other Wickr users.In addition, it deletes information such as location and type of device from files before sending them. Nothing is stored on Wickr’s servers that could be used to track (or subpoena) someone.
• Burn Note (https://burnnote.com): This smartphone app sends encrypted notes that selfdestruct after a set amount of time. The notes are deleted from the recipient’s computer, and they are not stored on Burn Note servers. Burn Note also displays only a specific spotlit area of a note as the recipient mouses over it. As a result, it is difficult for a screenshot to capture an entire note.
• TigerText (www.tigertext.com): This app is marketed to businesses that need a secure messaging system, especially in healthcare. For example, your physician can use TigerText to securely text X-rays of your knee to a colleague. TigerText also allows you to retrieve messages that you have already sent.
• Facebook Poke (www.facebook.com): Facebook’s smartphone app lets you send messages, photos, and videos that expire after a set time limit. It also notifies you if the recipient takes a screenshot of your message.
• Reputation (www.reputation.com): This company manages your online reputation, which is the process of making people and businesses look their best on the Internet. Reputation will search for damaging content online and destroy it. In addition, it helps its clients prevent private information from being made public.