In my software consulting years, it was remarkably routine for clients to concede that they had never read their own procedures and documents. While it lent itself to amusing anecdotes like the database administrator who kept his notes in Klingon, the phenomenon reflects a practical problem: employees cannot fulfill obligations they do not know about. Ignorance makes compliance impossible.
Yet many mistakes are easy fixes. Here are the top ten we deal with most often.
10. Wrong State. Different states impose different requirements. For instance, Connecticut requires specific provisions pertaining to Social Security Numbers. All too often however, policies do not address the nuances of applicable state laws. The company needs to be familiar with the applicable state law, and the Policy should reflect that.
9. Wrong Data. Systems evolve. Features are added. Bugs are discovered. And these changes invariably impact the data that is collected. Each change may be marginal on its own. Their cumulative and compounded effect however, is often gargantuan. If the Policy does not accurately reflect the data currently being collected, it is simply a powerful tool in the hands of plaintiff’s counsel.
6. Wrong Promise. Privacy Policies often promise never to sell data. But that may be an impossible promise. In an era of mergers, acquisitions and sales, such a promise can – and has – created impediments to sales of the company. After all, if the value in the company is its data, regulators, including the FTC, have taken the view that sale of the company amounts to an impermissible de facto sale of the data. Don’t paint yourself into a corner.
4. Wrong Guarantee. Privacy Policies frequently promise excellent security: “state of the art” is one term that crops up with disturbing frequency. Even assuming that this is a promise that is kept, the problem is that “state of the art”, like beauty, lies in the eye of the beholder. Stay away from promises that lend themselves to differing interpretations.
| © Poyner Spruill LLP. All rights reserved.