Privacy Policies, Terms of Service, and PIAs! Oh My!

Sep 20, 2013

Guest post by Cheryl Hackley who works in the Office of Public Affairs at the Federal Trade Commission.

From my early days of using email, sites like MySpace, and later getting my first smartphone, it was a common practice for me to breeze right past or simply “accept” privacy policies on websites and apps. That was until a few years ago when I joined the Federal Trade Commission (FTC) as its first social media strategist. Right off the bat, our chief privacy officer asked me to analyze privacy policies and Terms of Service, and draft Privacy Impact Assessments (PIAs) for various third-party sites we were interested in using.

For the first time, I had to read the fine print of sites I had already provided with virtually every detail of my personal life. It was daunting and, not surprisingly, eye opening. I already knew our agency’s privacy policy provided notice to citizens about what kind of information the FTC was potentially collecting when they visited our website. But, what about the privacy policies of third-party services we were using to conduct official business? Did we really have an obligation to make sure citizens’ were aware of what liking our Facebook page, following us on Twitter, commenting on our blog, etc., meant? Absolutely!

We not only need to understand what personally identifiable information we have access to on these sites and apps, but when, how and why we collect it; how we share it; and how we safeguard it. Furthermore, we need to help citizens understand, too. Finally, conducting these privacy analyses is just good business.

Transparency—especially regarding citizen privacy—continues to play an important role as we move forward with open government.