Bell has a deficient privacy policy? I am SHOCKED. SHOCKED, I tell you

it's purdy

The Office of the Privacy Commissioner of Canada has just released the first results of their investigation into online privacy policies, as part of the Global Privacy Enforcement Network Internet Privacy Sweep, whatever the hell that is. The OPC found some interesting stuff. As they say in their blog post, the good, the bad, and the ugly. Major Canadian corporations with crappy privacy policies? Well obviously they need to hire a decent internet lawyer. (call me!)

The OPC examined over 300 privacy policies of a bunch of Canadian corporations. This report is only preliminary, but I guess they felt the need to shame some people into doing a better job as soon as possible. Because as I am sure I have written before, the OPC can’t do much else than shame. Not their fault, really, it’s PIPEDA that’s toothless. But I digress, as usual.

First, the OPC actually praised some companies. Tim Hortons was singled out as a good having a good policy. Would you expect anything less from Canada’s coffee maker? My favourite praise though, is for IKEA Canada. The OPC likes IKEA’s policy because it also mentions offline privacy info. Specifically this bit:

For security, safety and liability purposes, we use CCTV cameras in our stores and adjoining areas such as parking lots… By visiting a store, you consent to our use of such cameras and the recording of your information.

So we’re filming you, but it’s cool because we’re telling you!

OK good policies are boring, let’s go to the bad. Privacy Commissioner Jennifer Stoddart said this:

We also found a major fast food chain collecting personal information, such as photos, addresses and dates of birth, for various initiatives, and yet the privacy policy was just 110 words

Well c’mon, we all communicate in 140 characters or less now. 110 words is verbose! Well, maybe not for lawyers. The fast food chain turns out to be A&W. I would say boycott A&W, but who doesn’t love a Teen Burger and root beer? And those onion rings? YUM. And after some digging, I looked at A&W’s policy, and it seems they have added to it. By my count (well, MS Word’s), the policy now has 1595 words. So maybe the OPC shame has worked.

OK so we’ve buried the lede here. The OPC has reserved some shame for Bell Canada. They state in their blog post:

For example several sites, including theloop.ca and tsn.ca, linked to Bell Media’s Privacy Policy which reads in part:

QUESTIONS, COMMENTS OR SUGGESTIONS? If you have questions, comments or suggestions about this Privacy Policy or Bell Media's privacy practices that were not answered here, send us an email.

And that e-mail address is….?

Well, we couldn’t find it.

Hehehe, good one, Bell! Making it impossible for people to reach you? That’s some kind of irony.

Alas, The OPC’s shame has worked again! Looking at Bell’s privacy policy, the word “email” that you see in the screen shot the OPC used is now actually a mailto link to the address [email protected], which I am sure diverts to some spam folder. Interestingly the top of Bell’s privacy policy says the policy was last updated April 1, 2011. So this raises one of two possibilities:

  1. Bell’s lawyers forgot to update the date when they were shamed by the OPC, which I doubt considering Bell’s lawyers probably bill at $1000 / hour, or
  2. The OPC employees doing the study have some browser plug-in that strips out links, making their whole study dubious at best.

If I was to draw some conclusions about privacy policies from the OPC study, I would say that a good privacy policy should:

  1. Clearly and explicitly state what personal info is collected;
  2. Clearly and explicitly state what the company does with that personal info; and
  3. Have good contact info for website visitors if they want more information or have privacy concerns.

I could have told them that in two minutes.

Topics

Privacy

5 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *