«

»

Feb
15
2012

How many start-ups does it take to write a privacy policy?

Chris Babel
CEO | TRUSTe

Privacy breakdowns continue to pop up across a variety markets with the biggest headlines coming from two VC-backed mobile app start-ups, Path and Hipster. Both were called out by independent tech professionals for privacy violations stemming from the unauthorized access of user address books stored on their mobile phones, and both have quickly taken responsibility for the issue. Path has taken the additional step to seek help from privacy experts (in the spirit of full disclosure, Path has talked to TRUSTe regarding our privacy management solutions), while Hipster has elected an alternative approach, calling on their mobile start-up colleagues to jointly craft a privacy pledge for the mobile app ecosystem (see responses from Path and Hipster). While Hipster should be applauded for their efforts to raise visibility of an important problem, and while I appreciate the spirit of the suggestion, it is unlikely to address the core problem simply because the issue of privacy cannot be boiled down to taking a pledge to “do the right thing”. In order to define “the right thing”, one needs to fully understand the intricacies of data flows through the online ecosystem, all the nuances of privacy regulation, and how they might apply to each unique business model.

Privacy management is becoming increasingly complex due to the emergence of new compliance requirements, advancements in targeting capabilities, and supporting technology required to monitor and manage data privacy. 2011 saw a record number of FTC privacy cases, legislative proposals, and media coverage into online privacy. End-user concern was also at high levels – with 90 percent of consumers indicating they were concerned about their privacy online; and 88 percent of consumers indicating they would avoid doing business with companies they did not believe were protecting their privacy online.

While a Fortune 500 company might be able to staff a privacy team capable of staying abreast of the evolving compliance requirements, most small to mid-sized companies (like these venture backed start-ups) need to make sure their resources are laser focused on building and selling great products. As important as privacy is to the success of their business, they cannot be expected to be experts on both their target market (which in most cases is changing daily) and the dynamic privacy management space.

The good news is there are a wide range of resources for them to tap into to help create and implement a comprehensive privacy management strategy. These resources range from privacy attorneys at several major law firms, to tutorials and how to guides published by major associations like the MMA and IAPP, and of course, privacy management specialists like TRUSTe.

In an effort to help the start-up ecosystem get ahead of these challenges, in March, TRUSTe will offer a special Privacy Management workshop tailored to startups. The seminar will be free and help educate on the ins and outs of creating and managing a comprehensive privacy management strategy. Details on the seminar can be obtained by sending an email to dave@truste.com.

Comments