What is a privacy policy? And how does it protect you?

If you’ve spent any time at all around the internet, you’ve probably come across a number of different user agreements. These documents, often written in extensive legal-speak and required for access to the website, are (unfortunately) ignored by most of the public. Too often, users check the little box agreeing to the terms and then move on, never really giving a thought to what they just agreed to. 

That’s obviously a bad idea. It’s important to know and understand what you’re agreeing to whenever you establish an account, provide personal information, or otherwise engage in an online relationship with a web-based company. Take the time to read through the privacy policy and terms of service, all while knowing that if you disagree with the policy your only course of action is to not build that account with the company or website.

A privacy policy is a statement or legal document that explains what the company does with information gathered from customers. A good privacy policy should detail the data that is being collected, as well as how it is collected and stored and whether or not it will be shared with outside partners. 

It’s important to remember that there are currently no US laws that govern all privacy policies. There are individual laws that pertain to children or health records, for example, but there is no single, all-encompassing, absolute law about how companies have to treat your personal information. So what can companies legally do with your information? 

One of the largest complaints among internet users may be the sharing of information and search histories with companies that target consumers with advertising. This is harmless on the surface; if you’ve been searching on one website for a good deal on lawnmowers, wouldn’t you want to see ads for even better deals on home items when you go to a site that supports ads? It’s mildly alarming that the internet seems to be so good at figuring out what you’re up to, but remember that it’s all part of algorithms found in websites you already choose to do business with.

Where privacy policies become upsetting is in the ambiguous use of your data. If a company’s policy doesn’t explicitly state why they gather your information, how they protect it once they’ve gathered it, and what they are allowed to do with it, you might be more cautious about using that site. One user recently reported that she had uploaded her child’s picture for a contest (a common scam, by the way), then later found out the so-called contestants’ photos were available for sale; this is not only worrisome with regard to strangers paying for photos of other people’s children, but could also violate the agreement the users had with the original photographer, as this could be copyright infringement.

Protecting your privacy begins before you ever agree to a privacy policy, though. Remember that at the end of the day, you have very little control over someone else’s actions, especially where online data gathering is concerned. Be mindful of what and how much you share online, and never input your Social Security number or other highly sensitive personal information on a website. It’s nearly impossible to remove your information once an individual has chosen to make it available to others on the internet.

Now is a good time for you to review the ITRC privacy policy so that you are aware of how we use information. 

If you have any questions about a privacy policy you've come across on the internet, please feel free to contact the ITRC with your questions at This email address is being protected from spambots. You need JavaScript enabled to view it. or 888-400-5530.


ITRC Sponsors and Supporters 





Go to top


Need identity theft information on the go?

Download our ID Theft Help Mobile app.