Skip to main content
A Better Partnership


Jan 2009
January 23, 2009

Are Your Privacy Policies Risking Your Brand's Image?

Brand image is a valuable -- and sometimes the most valuable -- asset for an organization. While brand value is created over the life of an organization, it only takes one event to destroy the brand's hard-earned reputation. While some of these risks are unavoidable, many others are within an organization's control.

One risk that an organization can manage is the way in which it deals with consumer privacy protection. Privacy matters have become a more significant factor in how a customer views a brand. Lack of attention to the protection of consumer privacy can lead to a breach in trust between the consumer and the organization. An erosion of trust can be a significant factor in destroying brand value.

Privacy protection matters have increased in importance for all businesses over the last decade through regulation, contract and consumer awareness. There has been an ever-expanding regulatory framework for the protection of consumer data.

States have become more involved in how data is protected and even more aggressive in requiring the protection and reporting of privacy and data breaches. For example, Massachusetts recently introduced regulations that require all businesses that have personal information about Massachusetts residents to implement comprehensive information security programs, including written policies and procedures, for the protection of personal information.

In recent years, the federal government has been pushing privacy protection requirements on an increasing number of industries, and businesses that process credit cards now find that they have to contractually agree to protect the credit card data. The Federal Trade Commission has recently stated that it would like to create national standards for the protection of personal data applicable to all private entities.

The Presidential Identity Theft Task Force directed the FTC to look deeper into identity theft issues. The FTC looked at the relationship between the use of Social Security Numbers (SSN) and identity theft. After studying the issue for more than a year, the FTC created the following list of future actions it would like to see Congress take that would apply to all private entities:

  • Improve customer authentication
  • Restrict the public display and transmission of SSNs
  • Implement national standards for data protection and breach notification

Stated FTC goals include limiting the availability of SSNs and making SSNs less valuable to criminals. The FTC is expected to bring these ideas before Congress for action sometime in the near future.

While the FTC wants to expand privacy protection requirements, your organization should not wait until the FTC acts. The consumer has already spoken. Protecting consumer data is not just about complying with laws and regulations, but also about protecting corporate images. Consumers have become increasingly aware of the possibility that their lives may be turned upside down by a criminal who has accessed their private data. Consumers also have heightened their expectations of the businesses with which they interact. They expect these businesses to handle their private data with a reasonable level of care that will protect them from the criminal elements. Any lack of attention to the protection of consumer data is sure to reflect poorly on a company's brand image and value.

There are reasonable steps your organization can take to proactively protect consumer data and sustain its brand image. All protective measures start where privacy protection regulations start, with a written privacy policy. Many organizations ignore this simple brand protection measure because often it is not a legal or regulatory requirement.

Existence of a written privacy policy is a sign of an organization that is customer focused and sensitive to the daily threats that consumers face. In addition, a written privacy policy helps establish consistency in how an organization protects information, while at the same time allowing operational flexibility in the future. A written policy outlines specific operational procedures and can be adjusted for future laws, regulations, or circumstances. A privacy policy has a beneficial marketing, operational and legal effect.

A privacy policy is most effective when it is tailored to your organization. Privacy policies do not have to include over-the-top protective measures guarding against every threat that ever existed to every organization. Instead, the privacy policy only has to be reasonable for your organization and industry. A privacy policy without the requisite implementation, however, may lead to greater troubles down the road, and an even bigger hit to a brand's image.

To create a proper privacy policy that will assist in protecting your brand, please contact Marcus Jones of Warner Norcross & Judd at or 616.752.2773 or Norbert Kugele at or 616.752.2186.

NOTICE. Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any matter that may involve you until you receive a written statement from us that we represent you.

By clicking the ‘ACCEPT’ button, you agree that we may review any information you transmit to us. You recognize that our review of your information, even if you submitted it in a good faith effort to retain us, and even if you consider it confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you.

Please click the ‘ACCEPT’ button if you understand and accept the foregoing statement and wish to proceed.



+ -