–Geoff-Hart.com: Editing, Writing, and Translation —Home —Services —Books —Articles —Resources —Fiction —Contact me —Français |
You are here: Articles --> 2002 --> Privacy means never having to say you're sorry
Vous êtes ici : Essais --> 2002 --> Privacy means never having to say you're sorry
by Geoff Hart
Previously published as: Hart, G. 2002. Privacy means never having to say youíre sorry. http://www.techwr-l.com/techwhirl/magazine/usersadvocate/usersadvocate_privacy.html
For those of us who regularly visit certain Web sites, the value of identifying ourselves to those sites grows quickly and painfully obvious: accepting cookies from a Web site could potentially eliminate endlessly retyping our personal information, memorizing yet another login password, repeatedly re-customizing how a site responds to us, and enduring irrelevant information such as untargeted banner ads. Yet even those of us who appreciate the value of sharing personal information with Web sites and their designers have grown increasingly uncomfortable with the potential for abuse inherent in having confidential information about our identities and preferences broadly available. Even if a site isn’t cracked and our private information stolen—always a risk on the Web—the site owner is bound to sell the information to commercial mailing lists, thereby guaranteeing us a lifetime supply of junk mail. Worst of all, we won’t even be able to burn that junk on cold winter nights to stay warm.
Outside the computer community, the issue of privacy has received considerable—and largely unfavorable—attention. Though many of the concerns raised by commentators are valid, the press’s scaremongering has led a great many readers to consider the Internet to be the worst threat to privacy since the government in George Orwell’s 1984. It's hard to overcome such fears, particularly when they’re ill-informed, and relying solely on logic to make the case that a site will protect confidential information ignores the fact that privacy violations are an emotional issue, not a purely rational one. Keeping that in mind when we work on a Web development team provides important insights into how to create and maintain a reputation for integrity. That job, of course, requires precisely the skills we can offer.
First, let’s look at how we create that reputation. Start by honing that empathy I mentioned in the previous paragraph, because once you understand your own fears about privacy, you’ll understand your audience’s concerns about providing confidential information to your site. That understanding provides the starting point for developing and implementing solutions that will ease those concerns. As in any other project, this process requires two-way communication: you must ensure that you fully understand the user’s concerns, and users must understand what you're trying to achieve by asking for their personal information. The most common concerns involve the sale of information to other companies without prior approval, using the information to send out unsolicited and unwanted information, leaving mysterious (and thus, worrisome) cookies on a hard drive, and letting crackers obtain compromising information.
One guiding principle is to treat the user’s personal data with as much respect and security as your own company’s data; where visitors to your Web site are the source of your business, their privacy is every bit as important as your company's data. A second principle is that both your design team and the visitor must have the same understanding of what you plan to do with the information you collect. Among other things, this means that someone on the development team must take responsibility for monitoring how data is really being used. Only someone on that team can reliably find out how developers are accessing and using this information and can thus confirm that those uses conform with your privacy policy. But you should arrange to work with that person because you’re the one most likely to see how your employer’s goals for the site might conflict with the goals of its users. At this point in your analysis, don’t forget to ask yourself whether all that information is truly necessary. Many sites require users to specify their “gender”: it’s bad enough that they assume our sex (male or female are sexes, not genders) affects how we’ll use the site, but on top of this, they want to know about our sexual identity (the actual meaning of gender).
With large or complex sites, the teamwork required to do this job right poses a sizeable challenge and holds many traps for the unwary. There are too many potential concerns to list here, and these concerns depend strongly on the nature of your site. The way to find out what those concerns actually are begins with your personal analysis of the concerns of users of your site. You can broaden your understanding by visiting your competitors’ Web sites to identify any issues they thought of that you missed. But in the end, you’re still going to have to talk to your own site’s visitors to find out what everyone has missed.
Once you understand the concerns, create a policy that addresses them. Explain precisely what you plan to do with the information you're collecting and how that usage benefits them—assuming that it does. Ask typical visitors to review your policy to confirm that it's really as clear and comprehensive as you believe. Typical policies, such as the one provided by Yahoo (http://privacy.yahoo.com/privacy/us/) run for multiple screens, and while the contents surely keep the lawyers happy, they don’t do much for those of us (users, site developers, and technical communicators) who must understand the policy. Consider, for example, the statement that “This policy does not apply to the practices of companies that Yahoo does not own or control”. How do I know which companies those are when I’m accessing sites via Yahoo? How can I find out what those sites plan to do with the information? Later, Yahoo’s policy notes that “Yahoo also automatically receives and records information on our server logs from your browser”. What information? Can I stop this?
Let me be clear about one thing: I don’t mean to pick on Yahoo, since their policy is actually better than most that I’ve seen, but even Yahoo could surely do better.
My advice: Create a policy simple enough that it fits on a single screen and clear enough that nobody fails to understand it. For example:
“We won’t share any information we collect on you with anyone. Period. Promise! We’ll safeguard your data as if it were our own dirty secrets. We’ve provided a list of links [click here] to other sites whose services might interest you. Check out their policies, and if you like what you see, sign up for their services. We get paid for referring you, but heck, everyone’s got to make a living, right? And anyway, you’re the one who decides whether to sign up: we won’t provide confidential information on your behalf.”
This approach, implemented with a little less “attitude”, lets you make money from the data you collect (by an approach widely known as an “affiliate program”), yet you’re not the one responsible for revealing private information. Placing the power of decision in the user’s hands satisfies their need to decide how and where their private information will be used and minimizes the risk of failing to follow your own policy: if you don’t give out the information, you can’t violate your policy.
Make sure your policy is readily available. Never make visitors hunt for the obscure corner of your site that explains what you’re doing and offers them a chance to stop you from using the information. Picking on Yahoo again for a moment, it’s unfortunate that their privacy policy is accessed only from the last line of the home page, buried where only a dedicated computer columnist would notice it. One problem with most policies is that they assume you’ll be happy to provide your information with no strings attached; only if you really dig will you find a way to opt out. Why shouldn’t visitors be able to "opt out" easily without impeding their ability to use your site efficiently? My vote is for an “opt in” policy that only lets you use personal data if a visitor explicitly asks you to do so. (Of course, then the site design must be sufficiently clear that visitors can find the option to opt in and the information design must be clear enough that you persuade them to do so.)
Once you’ve earned a reputation for respecting privacy, you must maintain it. To do so, take on the role of user’s advocate and regularly monitor whether your site continues to live up to the established policy. One enormous benefit of making your policy clear enough for visitors to understand is that the site’s developers can also understand and comply with it. The longer the policy, the more likely that some well-intentioned programmer or designer will misunderstand it or miss a section and inadvertently violate the policy. Those who frame the privacy policies for your Web site must work closely with those who implement the policies to ensure correct implementation. There's no easier way to lose your audience’s trust than to say one thing but do something else entirely—even if it’s a perfectly innocent mistake.
It can be difficult to reconcile the conflicting needs for efficiency, customization, and the desire to earn a profit with the potential for abuse of the personal information that lets you meet these needs. It may not even be fully possible. But often all you really need to do is work closely enough with your audience to establish a reputation for honest responsiveness to their needs. The credibility you gain can allay their fears, and privacy becomes less of an issue with people who trust you. Spend some time thinking about how to establish and maintain that trust.
©2004–2024 Geoffrey Hart. All rights reserved.