What is a “Privacy Policy,” Really?

Why you should read them, what to look for, and why you should know your rights.

How many times a week do you receive a privacy policy? You probably see one every time you sign up for an online account, go to a medical office, or receive a financial statement in the mail. And then there are the updated ones that show up in your mail or email. With all these privacy policies, you might think that our privacy would be 100% secure, but that’s far from true. So, what is a privacy policy, really?

What to look for in a privacy policy

Here’s what a privacy policy isn’t: a guarantee of privacy. But rather is: a statement of how a business or other organization will use your data, who they will share it with or sell it to, and for what purposes. It’s up to you to read the privacy policy, find out if you have a say in how your information is used, who your information is shared with, and decide whether you want to do business with that organization. For example, at IDX we are 100% committed to protecting our members’ privacy, and we clearly state in our privacy policy that we do not sell personal data to other companies.

Privacy policies can be long, so here are the important things to look for as you scan one:

• How is your information collected? Is it just information that you supply, such as your name, address, phone number, and email, or does the business also track your online or other behavior to build a profile on you? Look for discussion of “cookies” (tokens that identify you to websites). Many companies, IDX included, collect data from third party cookies to improve the user experience and provide more relevant advertising. But some companies use cookies to collect more personal information. Check the policy to see what data they’re collecting.
• What information is collected and how is it used by that organization and by its business partners? Is it information that seems necessary to the services or products they’re providing you, or are they collecting other information? If they collect information about the device you’re using to run their mobile app, that may be important to provide you with future releases of the app. If they’re tracking your movements from your mobile device, that may not be OK.
• What other businesses will your information be shared with and for what purposes? For example, do they share it with business partners who do data processing or other tasks for them? Are those partners in the U.S. or overseas in countries that may not have strong privacy laws? Do they sell it to other businesses for marketing purposes? Will your medical information be shared for research? You might be happy to contribute data for research if the policy guarantees that the information will be “de-identified” (made anonymous, so it can’t be traced back to you).
• Can you opt out of having your personal information collected or having it shared? For example, do they give you a choice of what cookies they will use with your web browser, ones that simply help analyze their website performance or ones used to gather personal information about you. How easy is it to opt out of information collection?

Let’s look at an example of a very consumer-friendly privacy policy (the IDX privacy policy, in fact) and see what you can expect when organization puts your privacy first.

What a privacy-first policy looks like

The IDX privacy page is a great example of a privacy-first policy. We collect anonymous data about how people use our site and engage with our content so that we can improve the customer experience and provide more relevant messaging and offers. Even though we don’t sell data to other companies, the anonymous data we do collect is very important to us. So, we’ve simplified our privacy policies and provided advanced controls that allow people to decide exactly what kind of information they’re willing to share with us.

We provide a clear breakdown of what information we collect, how, and for what purposes. We also explain how your data is used, how it is protected, and how it is shared securely with specific business partners, such as a partner who provides credit monitoring service. To manage your privacy preferences, you can just click a button, read a simple explanation, and set your privacy preferences.

At IDX, privacy is our business, and this privacy page is one of the ways we walk our talk. We hope that, someday, every business will make your privacy choices this easy.

Spend a Little Time to Save Some Time

Privacy policies certainly aren’t the most exciting reading, but the more information any organization gathers on you, the greater the risk if it falls into the wrong hands. (And even if it doesn’t, it’s also not fun being bombarded with annoying pop-up ads when your data is shared with advertisers.) It’s worth taking a moment, scanning a privacy policy for the important stuff, and making an informed decision whether to give that organization your business. In the long run, it may save you time, whether in dealing with unwanted ads or in dealing with more serious privacy or identity problems in future.