The non-profit trustmark group also found that of those small businesses that do have a policy in-place, odds are it came from someplace else: A third of privacy policies were cut-and-pasted from the Web, according to TRUSTe.
Only a quarter of businesses with privacy policies wrote the policy themselves, which can also be a matter of some concern, considering the wide variations in definitions of privacy, and legal and regulatory privacy mandates. 30% of the survey participants didn't know if their businesses were PCI compliant.
Interestingly -- and in some ways amazingly -- 79% of the respondents were aware of trustmarks -- a seal of trustworthiness displayed on Web pages -- and fully half consider trustmarks to be important. And yet those same businesses, a large percentage of them anyway, don't practice proactive privacy policies.
In light of the growing awareness of consumer skittishness over untrustworthy sites (reflected in a wariness to purchase or even shop on sites they don't know and whose privacy isn't verified) the ongoing lack of privacy policies put in place, privacy procedures followed, privacy protected as vigorously as every other aspect of doing business, the lack of a coherent, externally verified privacy policy is a vulnerability that needs to be remedied now.
TRUSTe offers a simple privacy policy self-assessment quiz here.