creepy privacy policy
Nasir Pasha & Matt Staub

Ep 38: Creepy Privacy Policies & Protecting Proprietary Info

The guys discuss how companies use the data they collect and answer, “How can I make sure my employees don’t steal my proprietary info after they leave?”

Transcript:

NASIR: This is Legally Sound Smart Business.
My name is Nasir Pasha.
MATT: My name is Matt Staub.
NASIR: Wait. I know. You don’t have to say my name. I said my name and then you can just say, “This is…”
MATT: I guess there’s never been an episode intro… well, there was one when you missed, but every single episode starts off with you and me. So, at this point, it’s not like it’s a rotating group of podcast hosts.
NASIR: Yeah, and we’ve talked about this before, even in our standard intro, it uses our names. So, when we introduce ourselves, it’s kind of redundant but that’s how we do it!
MATT: Name repetition is how it’s done.
NASIR: All right, let’s get into our creepy story of the week.
MATT: It talks about creepy. I guess it kind of is but it’s more about a lot of businesses collect data from their customers and it’s talking about what these businesses do with the data and this is how it gets into the creepy part is when people think this is creepy.
I’m sure a lot of people know that businesses sometimes collect data, they sometimes sell it to third parties for whatever reason. This is all stuff they need to inform.
So, if you go to a website and click down on the privacy policy or the terms of use, this is where you find all that stuff. I’m sure 98 percent of people do read these.
NASIR: Yeah.
MATT: I know, before, every website I go to, I make sure to read all this just to make sure that everything is covered. It’s actually funny how many websites you’ll click on that because I actually click on them just to see.
NASIR: Sure. I do, too. Yeah.
MATT: It’s kind of surprising how many are nonexistent. It’s just there, but it links to nothing.
NASIR: Exactly.
MATT: Or they’ll have some kind of boiler plate that doesn’t even make sense. Like, there’s other companies’ names in it and it doesn’t even apply. I’ve seen that many, many times. When you launch a website, it’s sometimes the last thing you think of.
MATT: Yeah.
NASIR: But, you know what, I really do think that, if people really knew how much they could track – and I think people that are tech-savvy already know but I think some of the common users would be a little creeped out by it because what’s hard to understand too is that there’s a lot of companies that, when they buy into ad networks on their site, that they can track you from one site to another. It’s not just on the same site, too.
For example, Facebook is a good example. When people put in their Facebook plug-ins into their sites and so forth – I don’t know if they still do this, I know they used to – even if you go to a blog that’s totally unrelated to Facebook, they can tell that you’ve been to that. I even read a story this week where it seems a little goofy to me but someone that’s basically turned themselves off against Google and I think she’s some kind of journalist and she was trying to prevent anyone on the internet – meaning Google or Facebook – knowing that she was pregnant. And so, she had to tell all her friends and so forth and she tells her experience of how difficult it was to make sure that no one would mention that she was having a baby because, you know – I think we’ve been through this, too – when I was getting engaged, I saw ads for rings for the longest time – like, months afterwards, right? You had the same experience.
MATT: Yeah, we were talking about that.
NASIR: That’s creepy, right?
MATT: Yeah. I mean, a quick tangent on that, I got an email – this was a year and a half after I’d been married, let alone about the engagement ring – I got something about deals on engagement rings. I’m like, “What do you assume – I’ve already gotten divorced and found another person I want to marry?” It’s just kind of weird how that stuff works out.
NASIR: Yeah, let’s just follow-up with him in a year and a half from now. He’ll probably be divorced and ready to get remarried.
MATT: Yeah, it is kind of creepy if we want to keep using the word “creepy” how I do a search for something or a major thing in my life that happens and then all of a sudden all the ads that pop up relate to that. And so, it’s a little bit intrusive, I suppose. I mean, I never even look at ads or click on them unless it’s accidentally but I can see a lot of people being a little perturbed about this.
I guess the best way to approach it from a business perspective is kind of circling back to the beginning – having a good policy in place that actually works on the website and just informs people of what the businesses using the customers’ data for.
NASIR: Yeah, and not all states require privacy policies. I know California does. I’m sure eventually all the other states will follow. I believe the latest is that the FCC hasn’t required them yet. I’ll have to double-check. But I do know though that, if you have one, you have to follow it.
The reason why it’s state-by-state is because not every state has privacy laws and California is classic to have a pretty robust privacy law section and they’re both in their Constitution and in their statutes. That’s something to think about.
And so, no matter what, put a privacy policy on there but I’d be careful about just kind of copying and pasting and boiler plating it out because a lot of these boiler plates are very general and even though you say, “Pretty much, we can collect anything you want,” you want to prevent any kind of blowback from you customer base, especially if you’re online-heavy, because some heavy users or super users are going to look into those privacy policies and say, “Hey, I don’t want my information like that being shared,” or what-have-you.
MATT: Yeah, and one of the points – especially for California I guess, but it applies really to any state – if you have a policy, you’ve got to follow it. We shouldn’t have to tell people that but, when you do a cut and paste, it’s easy to not follow it because you don’t even know what’s even in there. So, I guess that’s something for people to be aware of but, to me, the bottom line is, if I want to visit a website or if I want to buy a product or what-have-you, that’s going to trump whatever privacy data collection they’re going to do – or at least for me, I don’t know.
NASIR: I think the FCC has released some guidelines for privacy policies but I can’t recall whether it’s an actual requirement but I think, in our practice from day-to-day, we always require for our clients when they have any kind of websites because just to safer than sorry, especially if you have any kind of interaction with children under the age of 13, any kind of registration, collection of data, there’s other requirements beyond that when it comes to handling those kinds of data as well.
MATT: Data, data, I like data.
NASIR: From Star Trek?
MATT: I don’t watch Star Trek.
NASIR: Actually, neither do I, but I pretend I do.
MATT: In what circles?
NASIR: You know, like, when I go to programmers’ meetup or whatever.
MATT: Got you.
NASIR: I have to blend in.
MATT: Oh, first I’ve heard of that.
[MUSIC]
NASIR: All right, let’s get to our question of the day.
MATT: Question of the day.
“How can I make sure my employees don’t steal my proprietary info after they leave?”
This comes from a telecom company in New York City.
NASIR: New York City. This is unfortunately a reoccurring nightmare for employers, over and over again. Sometimes, it happens more than one time, and the problem is that, on one hand, there’s some contractual things that you can do and there’s some practical steps – security-wise – to do. But, let’s be honest here. If you have an employee that is upset and wants to harm you, because they’re an employee, they have access to certain data and I don’t care how you protect it – whether it’s physically or electronically or password or whatever – there’s always some way, there’s always some hole because they’re in your system. They’re part of your group and they can always do something about that.
First, I would say that’s a very difficult task and no answer is going to be a full solution.
MATT: To me, it’s the same sort of thing. When someone asks, “Well, how can I prevent my business from being sued?” It’s like, well, you can’t; if someone wants to sue you, they will. It’s the same thing with this. You know, if someone wants to take your proprietary info that worked for you, they will. If you have an agreement that’s signed, that’s obviously an important thing. But, at that point, it would be breaking the rules, breaching the agreement, but if they want to then they’re probably going to.
But there are things you do can. You mentioned some sort of confidentiality agreement. You know, some other things too is, if they were given access, I’d assume they had some sort of email, maybe cut off their email privileges as soon as possible. If they have access to the client database – ugh, I said “database” too – see?
NASIR: Database, duh.
MATT: I just said I like “data” and then I say “database.”
NASIR: Well, they’re two different words – data and database are different.
MATT: Yeah.
NASIR: I forgive you.
MATT: Anyway, the database or database, if they have access to that, cut that off as soon as they’re done. Basically, any access they have to anything that’s on your servers. That’s something you can cut off as soon as possible.
NASIR: Let’s focus on the confidentiality agreements, et cetera – other agreements that you may have regarding this. A lot of times, employers look at these as, “Okay, this is a way that I can restrict legally my employees from divulging confidential information and that’s true but don’t think of it as a way that, okay, if they do something wrong, then I can go after them and sue them and get all this money from them because, most likely, first of all, they don’t have the money to go after and your purpose is to protect the information itself. So, my point is that the best repercussion you can have out of these confidentiality agreements is that, if, for example, that person goes to a competitor and divulges the proprietary information or starts using it for themselves, that contract is going to give you the ability to walk into a court and possibly get a temporary restraining order and eventually a preliminary injunction in order to protect your information and that’s the real value of a confidentiality agreement.
MATT: Right. I mean, this is good advice. I know you have a lot of restraining orders filed against you on a regular basis – business and personal, apparently. Just kidding.
NASIR: That’s why I just stopped signing these NDAs. I hate those things.
MATT: Just refuse to sign.
NASIR: Actually, I do. Like, people don’t understand the attorney-client privilege and sometimes they’ll ask you to do that. Of course, respectfully, I kind of have to explain how it works.
MATT: That’s true. Yeah, I’ve been in that situation as well. But something else I thought of that’s good that we haven’t mentioned yet is letting, especially if there’s someone that works very heavily with your customers, letting your customers know that this person left.
NASIR: Yeah, good point.
MATT: Because they might not even know. Maybe their point of contact is this employee that left and they’re just emailing the employee and they have no idea this has even happened. If it goes on for a little bit of time, maybe they say, “Hey, well, I like this employee so I’m just going to stick with them and not the company.”
NASIR: It’s true. Customers and I think you mentioned vendors, too. Any kind of third parties that you may work with. I’m sure we mentioned it, too, but conducting exit interviews and terminating them in a way that is going to minimize blowback. In other words, if they like you as an employer – and it’s impossible to prevent that totally and this is a general answer – if they like you, they’re not going to steal from you. They’re not going to damage you and so forth. That’s why treating people how they deserve to be treated – fairly and also with some compassion, even if they did do something wrong – goes a long way in order to protect your business.
MATT: Yeah, make the exit as clean as possible. The better terms you are on with the person, the less likely they’re going to try to take any information.
NASIR: Absolutely. This reminds me of another question that I got this week but I don’t think we have time to cover it but it has to do with non-competes and, well, I don’t think we can cover it but darn it.
MATT: Maybe we’ll cover it on the Friday show.
NASIR: Yeah, maybe we can fit that in.
All right. Well, I guess that’s our show. Unfortunately, I wanted to get that question in. I feel so disappointed. I was excited to talk about it and then I’m like, it’s kind of not even related, too. It’s related to non-competes and not confidentiality.
MATT: Well, luckily, this is only Episode 38. So, we’re going to do more episodes after this.
NASIR: We are?
MATT: Yeah, I think we’ll have time to answer it in a later episode.
NASIR: Okay. I’m excited now.
MATT: Yeah, and if anyone else has a question, ask@legallysoundsmartbusiness.com is where you can send those questions in. Or you can visit the website – legallysoundsmartbusiness.com. Fill out the little questionnaire thing on there. Tell us in person – like, “This happened…” Send an email, fax, whatever. However you want to ask a question, it’s fine. Write something in the sky with a plane. All options are open.
NASIR: We leave everything on the table.
All right. Well, that’s our episode and have a good day!
MATT: Keep it sound and keep it smart.

Play

Read More