Web Writing That Works!

           A Project of
           The Communication Circle

Guidelines Rants Patterns Poems Services Classes Press Blog Resources About Us Site Map

HomePatterns > How to write a privacy policy > Case study: Privacy policy at VeriSign


Case study: Privacy policy at VeriSign

VeriSign, a company that issues and manages certificates of authenticity for software, Web sites, and even individual documents, is in the business of trust, so they have developed an elaborate privacy statement, following the guidelines of another organization, Truste Privacy Program, which places its seal on sites that agree to follow its rules (and pay a licensing fee).

So the VeriSign privacy policy sounds a lot like the policies on other TRUSTe-endorsed sites, but the VeriSign lawyers have added their own special edits.

Printed out, the statement takes up eight pages, with seven major headings, and 13 subheads--and 37 very long paragraphs in between.

The team of lawyers start out with an impassioned appeal:

Because we respect your right to privacy, we have developed this Privacy Statement to inform you about our privacy practices for the entire VeriSign site (which covers verisign.com and signio.com).

The parenthetical comment adds a lawyerly touch.

The privacy page exists on the VeriSign site, and its URL begins www.verisign.com. I have never heard of this other site devoted to signio.com. The editorial insertion (in the interests of complete accuracy and legal precision) dilutes the force of the original sentence.

And that's the way a lot of the text goes.

Earnest beginnings trail off into legal or technical jargon.

Repetitions, acronyms, passive verbs, and weasel words make the prose seem to frown like a judge:

With respect to VeriSign's Public Certification Services, the VeriSign Certification Practice Statement ("CPS") presents the practices that VeriSign and our affiliates, subscribers, customers, and relying parties follow in issuing, managing, and using certificates and in maintaining a certificate-based public key infrastructure and related trust services. The CPS is intended to legally bind and to provide notice to all parties that create and use certificates within the context of VeriSign's Public Certification Services.

Surely, this kind of talk is aimed at lawyers, not consumers.

And, sure enough, in another tangled paragraph, the writers admit that this privacy statement only covers "non-Public Certification Services" for "our site visitors and subscribers."

Of course, ordinary visitors like us have no idea what the difference might be. We saw their certification on a public site, so is that covered by this other document, the famous CPS? Who knows?

The lawyers forgot to tell us outsiders. But we can tell they have definitely covered their butt.

Related article

Privacy policy, a chapter from Hot Text, Web Writing that Works (PDF, 255K, or about 5 minutes at 56K)

Getting past the lyric outbursts ("Privacy is of great concern to most users of the Internet and is a critical part of an enjoyable and satisfactory user experience,") and wading through the legalisms, we do discover a few phrases that sound like one person talking to another, albeit a little coldly:

  • "…We do not collect personal information from you unless you provide it to us."
  • "We use links throughout our site to provide you with the opportunity to contact us via e-mail to ask questions, request information and materials, or provide comments and suggestions."
  • "When you visit our site, our computers may automatically collect statistics on your visit."

The tendency to cover the waterfront (like telling us all the reasons we might ask them to e-mail us) stems from the merging of the legal and the technical mind--both of which hate half thoughts, incomplete statements, partial truths.

So this document is thorough enough to intimidate anyone who might just wonder whether VeriSign was passing along personal information to its licensees.

(The answer is yes, but the third parties must sign a confidentiality agreement.)

The sentences go long, the lines extend far across the page, and the paragraphs extend to a dozen or more lines.

The phrases that answer key questions lie deep within those nests, almost inaccessible to the average reader.

Fortunately, the statement includes the street address, if you care to use snail mail. Ironically, the only e-mail address I could find is for customer support for people who have already purchased something called a Digital ID. The rest of us will just have to put our questions on paper, rummage up a stamp and envelope, put the address on there, and carry our little letter out to the mailbox. Hey, we should hear back within a month or two.

The company seems reliable, even valuable, but the privacy statement is written by and for lawyers and engineers, not the "visitors and subscribers" they claim to be committed to.

I get the feeling this statement will work well in court. And, if the aim is to baffle ordinary consumers, keeping the real practices a commercial secret, the statement succeeds. It keeps the policy private.


Is this what I ordered?


Home | Guidelines | Rants | Patterns | Poems | Services | Classes | Press | Blog |
Resources | About Us | Site Map

Web Writing that Works!
 © 2002-2004 Jonathan and Lisa Price
The Communication Circle
Discuss at HotText@yahoogroups.com
Email us directly at ThePrices@ThePrices.com
Order Hot Text (the book) from Amazon