Privacy Policy – Definition

Cite this article as:"Privacy Policy – Definition," in The Business Professor, updated April 9, 2019, last accessed October 27, 2020,


Privacy Policy Definition

A company Privacy Policy explains the methods adopted by an organization in handling customers, clients, or employee details gotten in its operations.

The Privacy Policy declares the policy of a firm or website in its collection of information and the release of that information about a website visitor. Usually, it declares the exact information collected. Also, it states if the details collected are sold to or shared with other researchers, sellers, or firms and if it is kept confidential.

A Little More on What is Privacy Policy

Privacy policy, in Law, is a legal document which reveals certain or every way a party gathers, reveals and manages the data of a customer. The specific contents of a privacy policy always depend on the applicable law and these contents may have to address the prerequisites of different jurisdictions or countries.

The majority of websites allow free access of their privacy policies to their website visitors. All personally identifiable details that are gathered should be specified by the privacy page. These personal details include name, credit card number, and address. Also, other details such as uploads, browsing habits, downloads, order history, and cookies should be specified. The policy is meant to explain if data such as cookies will be stored on a user’s personal computer. According to best practices, it’s mandatory for the policy to reveal if data would be sold to or shared with third parties and in a case where it occurs, its purpose should be stated.

The contention between privacy policies being legally binding or not and consistent enforcement have not been agreed upon. In the U.S., the enforcement of industry self-regulation and existing laws are promoted by the Federal Trade Commission (FTC). For the FTC, once money is not lost during a breach, legal actions are not executed as a result of data breaches.

The Data Protection Directive of the European Union has questioned a company such as Google concerning privacy changes which violated the E.U. law. Hence, threatening penalties on the big company.

Seal programs or online certification are instances of industry self-regulation of privacy policies. Usually, seal programs demand fair information practices implemented in which the certification program is the determinant. Continuous compliance monitoring may be required as well. TRUSTe was the first online privacy seal program and by 2007, it comprised over 1,800 members. Trust Guard Privacy Verified program, Webtrust, and eTrust, are other online seal programs.

References for Privacy Policy

Academic Research on Privacy Policy

Consumer trust, perceived security and privacy policy: three basic elements of loyalty to a web site, Flavián, C., & Guinalíu, M. (2006). Industrial Management & Data Systems, 106(5), 601-620. This article centers on the three fundamental elements of website loyalty. These elements are perceived security, consumer trust, and privacy policy. The reason for this work is to examine how privacy and perceived security affect the trust of the internet consumer. Furthermore, it plans to test and reveal the close bond between web site trust and the level of loyalty to the trust in a site. The major features of the examined concepts are explained with emphasis on the multi-faceted nature of the variables and their existing relationships. The next step is to examine the validity of the measuring instruments.

A privacy policy model for enterprises, Karjoth, G., & Schunter, M. (2002).In Computer Security Foundations Workshop, 2002. Proceedings. 15th IEEE (pp. 271-281). IEEE. This research paper focuses on a suitable privacy policy model for enterprises. The need for privacy is increasing in the marketplace. Despite the promises of enterprises to provide good privacy practices to customers, no technical mechanism is available for internal enforcement. A privacy policy model which protects personal information from privacy violations is described in this paper. This model enforces privacy policies which are enterprise-wide. By extending a research work on Flexible Authorization Framework (FAF) using obligations and grantors, a privacy control language which comprises obligations, distributed administration, and user content are created. Conditions impose the restricted use of the collected details.

Self-disclosure on the web: The impact of privacy policy, reward, and company reputation, Andrade, E. B., Kaltcheva, V., & Weitz, B. (2002). ACR North American Advances. This paper analyzes self-disclosure on the internet with an emphasis on the effect of reward, privacy policy, and company reputation. Companies need to gather customer information in order to capitalize on the personalization opportunities provided by the web. On the contrary, consumers have serious privacy concerns about releasing these personal details. Three approaches that encourage self-disclosure of personal details are examined. They include privacy policy completeness, company reputation, and offering a reward. Based on the results, privacy policy completeness and company reputation lower the level of worry over self-disclosure. On the other hand, offering a reward increases concern.

The effect of online privacy policy on consumer privacy concern and trust, Wu, K. W., Huang, S. Y., Yen, D. C., & Popova, I. (2012). Computers in human behavior, 28(3), 889-897. This article examines how online privacy policy affects consumer privacy concern as well as, trust. It investigates privacy concerns and trust in relation to the willingness to release personal details online based on cross-cultural effects. The study examined the relationships among privacy concerns, consumer trust, the content of online privacy statements, and moderating impact of respondents’ various cultural backgrounds. The survey carried out involved 500 participants, with 250 individuals from Taiwan and another 250 from Russia. The discoveries show a relationship between trust or privacy concern and privacy policy content. The cross-cultural impact on relationships was found to be important.

A roadmap for comprehensive online privacy policy management, AntĂłn, A. I., Bertino, E., Li, N., & Yu, T. (2007). Communications of the ACM, 50(7), 109-116. This article is based on privacy policy management. A framework that supports the life cycle of privacy policy helps in guiding the research type to consider before the realization of sound privacy answers.

Privacy policy statements and consumer willingness to provide personal information, Meinert, D. B., Peterson, D. K., Criswell, J. R., & Crossland, M. D. (2006). Journal of Electronic Commerce in Organizations (JECO), 4(1), 1-17. A major obstacle to e-commerce succeeding is the concerns of consumers about information privacy. A direct response to this challenge is adopting privacy policy statements. The study analyzed graduate students’ willingness to release different personal information types based on various levels of protection provided by privacy policy statements. The results showed that the willingness to divulge information to internet merchants increased just as the privacy level assured by the statements heightened. Also, the results showed that while the majority of people knew of privacy policy statements, not up to half of these respondents had tried reading a privacy statement.

Privacy in information technology: Designing to enable privacy policy management in organizations, Karat, J., Karat, C. M., Brodie, C., & Feng, J. (2005). International Journal of Human-Computer Studies, 63(1-2), 153-174. This article explores information technology, organizations, and privacy policy management. It is believed that due to the spread of information technology, there will be increased awareness of the need to address privacy issues. In order to do this, policies which govern the use of information along with technological development that can implement these policies need to be understood. This research explains efforts made in designing a system which would facilitate the authoring of privacy policy, its implementation, and also its compliance monitoring. The article explains the work of spotting organizational privacy requirements, carrying out laboratory tests which would guide certain design decisions in order to satisfy the needs of privacy enabling technologies, and much more.

The influence of the informal social learning environment on information privacy policy compliance efficacy and intention, Warkentin, M., Johnston, A. C., & Shropshire, J. (2011). European Journal of Information Systems, 20(3), 267-284. This paper seeks to explore the impact informal social learning environment has on the efficacy of information privacy policy compliance. All over the world, regulatory requirements now protect sensitive personal details. These regulatory requirements have transformed into important new compliance supervision roles for IT managers who are legally mandated to ensure that single employees are fully prepared to observe policies made to ensure compliance. 234 healthcare experts are used for the survey and it is discovered that some social factors within the organization add to an informal process of learning. The informal process varies from the formal compliance training processes.

Public opinion surveys and the formation of privacy policy, Gandy Jr, O. H. (2003). Journal of social issues, 59(2), 283-299. This article analyzes public opinions and how privacy policy is formed.

Privacy policy compliance for Web services, Yee, G., & Korba, L. (2004, July). In Web Services, 2004. Proceedings. IEEE International Conference on (pp. 158-165). IEEE. This article seeks to discuss privacy policy compliance for web services. The expansion of the internet has brought about that of web services such as e-health and commerce. The growth of web services and the increasing legal and regulatory requirements for personal privacy have brought about the need to safeguard web service users’ personal privacy. In order to protect personal privacy, the negotiation approach is suggested. On the other hand, it is obvious that approaches are required to ensure that web service providers abide by the privacy policy of service users. An architecture is proposed for a privacy policy compliance system which would satisfy the requirements and also mention the merits and demerits of the proposed architecture.

Privacy policy and PETs: The influence of policy regimes on the development and social implications of privacy enhancing technologies, Phillips, D. J. (2004). New Media & Society, 6(6), 691-706. This research work seeks to examine PETs and privacy policy. Privacy, in itself, is ambiguous as it covers democratic participation, social coordination, identity management, and personal autonomy. Each of the aforementioned privacy ideals portray various social concern types. A wider understanding of privacy and identification should inform disclosure of policy.

Was this article helpful?