Register

To become a member of ITProPortal Register here.

Already a member? Login here

Please register below. All we need is a valid email address and a password.

Please use a real email address as we need to email you to confirm your account.
Must be at least 6 characters long.

Benefits of joining ITProPortal:

  • Unlimited Access to Special Reports and White Papers
  • Exclusive offers and discounts
  • Free entry to all competitions
  • Access to beta sections of ITProPortal.com

Login to your account



Forgot your password?

Submit
Register
Cancel

Average privacy policy takes 10 minutes to read, research finds

You are reading page 2 of 2
Average privacy policy takes 10 minutes to read, research finds
  • Digg del.icio.us reddit Facebook

"This leads to two implications. First, Internet users likely do not understand the risks to their privacy … second, if the privacy community can find ways to reduce the time cost of reading policies, it may be easier to convince Internet users to do so. For example, if we can help people move from needing to read policies word-for-word and only skim policies by providing useful headings, or if we can offer ways to hide all but relevant information and thus reduce the effective length of the policies, more people may be willing to read them," it said.


The researchers concluded that in order for web users' privacy to be protected, some regulation may be necessary.

"Some corporations take the view that their users should read privacy policies and if they fail to do so, it is evidence of lack of concern about privacy," they said. "Instead, we counter that websites need to do a better job of conveying their practices in useable ways, which includes reducing the time it takes to read policies. If corporations cannot do so, regulation may be necessary to provide basic privacy protections."

Struan Robertson, a technology lawyer with Pinsent Masons and editor of OUT-LAW.COM, said that in the UK, organisations should layer their privacy policies.

"Certain information should be given without the need for any clicks," he said. "This is the data protection notice and its appearance should be a mandatory screen in any online process. The additional details can go into a privacy policy."

"Before a user submits any personal details at a site, this notice should identify the data controller (generally the company behind the website), the purposes for which they will use the details, and anything else needed to ensure fairness," said Robertson.

"This should be an unavoidable step, to comply with the Data Protection Act. However, we recommend that sites give additional information in a privacy policy, accessed by a link from this notice and through privacy policy links on each page of the site," he said.

"This layering of information is important to compliance and also usability. As long as information is presented in a way that lets users skim the essentials, it will not matter to the site's compliance if the user decides to read no further – though it's a sensible step to offer the additional information as reassurance to those who want it," he said.

You are reading page 2 of 2
Team Outlaw

Posted by Team Outlaw on 06 Oct. 2008

This article was contributed by OUT-LAW.COM, part of international law firm Pinsent Masons. See http://www.out-law.com for further details.

Tags: Privacy