Cory over at Boing Boing blogged last week about an online service that helps you manage bills and informal cash flows with your roommates and friends. The service, called BillMonk, is interesting, but what's even more interesting is BillMonk's privacy policy, which is the shortest, clearest, and most substantively protective policy we've read in a long while.
The BillMonk policy is a mere 729 words, almost all of which a third-grader could understand (by comparison, Google's general privacy policy is 1867 words, not counting the supplemental policies for specific products; AOL's is 2481; and MSN's is a whopping is 3377). But you don't need many words to communicate broad, unequivocal privacy assurances like this one from BillMonk:
"We will never sell, rent or share your personal information with a 3rd party, especially your email addresses and phone numbers, without your express permission, unless required by law. Never ever!"
The lesson? Long, hard-to-read privacy policies are usually bad privacy policies. If a company plans to protect your privacy, it won't need lots of weasel words, CYA language, ambiguous constructions and excess verbiage. If, like BillMonk, it has no intention of ever sharing your data except when presented with a valid subpoeana or search warrant, it can just say what BillMonk says: "Never ever!"
(Bonus privacy points: BillMonk apparently uses SSL to encrypt all interactions with its site.)