Privacy Policy / 2010-02-25

I was recently required to choose between a handful of retirement-plan vendors, so I’ve had some information booklets lying around. One day on a stroke of pure reckless abandon, I decided to read a couple of the privacy policies, just to see what it said. Of the two I read, MetLife’s struck me as most interesting.

For instance, one of the reasons they list for why they might have to share information is to “help us prevent […] terrorism […] by verifying what we know about you.” Not to mention the all-inclusive reason: “Help us run our business”.

Then there’s “How We Get Information”. I may as well quote verbatim here:

What we know about you we get mostly from you. But we may also have to find out more from other sources to make sure that what we know is correct and complete. Those sources may include adult relatives, employers, consumer reporting agencies and others. Some sources may give us reports and may disclose what they know to others.

(emphasis mine)

As a software engineer, I’m particularly struck by the specificity of their method for protecting computer data: “We also take steps to make our computer data bases secure and to safeguard the information we have.” Good. I’m glad they’ve taken steps. The other privacy policy I read listed five specific techniques they use to protect computer data.

I didn’t choose MetLife.

This makes me want to start a Privacy-Wiki where people can read privacy policies and EULAs and create summaries for mass consumption. That’d make it harder for companies to hide things.