The non-profit trustmark group also found that of those small businesses that do have a policy in-place, odds are it came from someplace else: A third of privacy policies were cut-and-pasted from the Web, according to TRUSTe.
Only a quarter of businesses with privacy policies wrote the policy themselves, which can also be a matter of some concern, considering the wide variations in definitions of privacy, and legal and regulatory privacy mandates. 30% of the survey participants didn't know if their businesses were PCI compliant.
Interestingly -- and in some ways amazingly -- 79% of the respondents were aware of trustmarks -- a seal of trustworthiness displayed on Web pages -- and fully half consider trustmarks to be important. And yet those same businesses, a large percentage of them anyway, don't practice proactive privacy policies.