Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/10/2009
12:03 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

TRUSTe: Majority Of Small Businesses Have NO Privacy Policy

A new survey of small businesses found that close to 60% of the 1,700 businesses polled had no privacy policy whatsoever and, according to privacy verification company TRUSTe, many of the other businesses simply grabbed their privacy policy from online sources.

A new survey of small businesses found that close to 60% of the 1,700 businesses polled had no privacy policy whatsoever and, according to privacy verification company TRUSTe, many of the other businesses simply grabbed their privacy policy from online sources.The TRUSTe survey, performed last November, found that a formal and in-place privacy policy is nonexistent for 56% of the 1,743 small business owners surveyed.

The non-profit trustmark group also found that of those small businesses that do have a policy in-place, odds are it came from someplace else: A third of privacy policies were cut-and-pasted from the Web, according to TRUSTe.

Only a quarter of businesses with privacy policies wrote the policy themselves, which can also be a matter of some concern, considering the wide variations in definitions of privacy, and legal and regulatory privacy mandates. 30% of the survey participants didn't know if their businesses were PCI compliant.

Interestingly -- and in some ways amazingly -- 79% of the respondents were aware of trustmarks -- a seal of trustworthiness displayed on Web pages -- and fully half consider trustmarks to be important. And yet those same businesses, a large percentage of them anyway, don't practice proactive privacy policies.

In light of the growing awareness of consumer skittishness over untrustworthy sites (reflected in a wariness to purchase or even shop on sites they don't know and whose privacy isn't verified) the ongoing lack of privacy policies put in place, privacy procedures followed, privacy protected as vigorously as every other aspect of doing business, the lack of a coherent, externally verified privacy policy is a vulnerability that needs to be remedied now.

TRUSTe offers a simple privacy policy self-assessment quiz here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25414
PUBLISHED: 2021-06-17
A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.
CVE-2021-32078
PUBLISHED: 2021-06-17
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
CVE-2021-31818
PUBLISHED: 2021-06-17
Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables.
CVE-2021-34825
PUBLISHED: 2021-06-17
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
CVE-2021-32944
PUBLISHED: 2021-06-17
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service c...