Go back to my INLS 181 page
INLS187 Dr. G. Newby 
Assignment two: Policy Analysis 
Feb. 26, 2003 		 Nan Wang 
nanwang@email.unc.edu

Policy Analysis


AOL Privacy Policy :

I am a new user of American Online provided by Dell. This is my first time to find it intentionally from the website and read it carefully. In my point of view, the clients have the right and the responsibility to learn about the policy whenever they purchase a service or product. The main policy is about 13 pages in length, including many “learn more” links that lead to more detailed information about each item of every section throughout the policy.

This policy is an agreement between American Online Corporation and its clients for letting the clients to know how AOL protects member information and what choices the clients have about its use. The policy intends to give the members confidence whenever they use AOL or AOL.com—24 hours a day, seven days a week, 365 days of the year.

Policy Summary:

The policy is organized into three parts:

1. “We outline our Eight Principles of Privacy, our core commitment to protect your privacy. “

2. “We explain how we implement each principle. You can click on any principle to read the policy. “

3. “We provide Helpful Tips on how you can better protect your privacy in cyberspace.”

First of all, AOL makes a commitment to its clients to protect their personal privacy, which contains eight principles that explain and clarify how they safeguard the users’ privacy, how they treat personal information, and what choices the users have. These eight principles are:

  • We do not read your private online communications.
  • We do not use any information about where you personally go on AOL or the Web, and we do not give it out to others.
  • We do not give out your telephone number, credit card information or screen names, unless you authorize us to do so. And we give you the opportunity to correct your personal contact and billing information at any time.
  • We may use information about the kinds of products you buy from AOL to make other marketing offers to you, unless you tell us not to.
  • We do not give out this purchase data to others.
  • We give you choices about how AOL uses your personal information.
  • We take extra steps to protect the safety and privacy of children.
  • We use secure technology, privacy protection controls and restrictions on employee access in order to safeguard your personal information.
  • We will keep you informed, clearly and prominently, about what we do with your personal information, and we will advise you if we change our policy.


If the statement of each principle could be considered as the first level of the policy, the further explanation could be the second level. Right after each principle the meaning of them is interpreted in details and given with some examples. The explanation is quite thorough and easy to understand even for Internet novices.

At last the policy presents ten tips to help the users protect their privacy and security online, which means the users can take the responsibility to protect themselves. A checklist that will help safeguard the privacy and protect the integrity of users’ computer and AOL accounts is given to urge them to print and post it near the computer for themselves and their children.

Criteria for Evaluation:

The analysis of this policy was determined by comparing the components of the policy with the model recommended in the article "Considerations for an effective Telecommunications Use". This method identifies the strengths, weaknesses, opportunities, and threats of the policy in regards to the organization.

I. Statement of Policy

  • Scope and Applicability
  • Definition of Technology Addressed
  • Responsibilities

    II. Authorize Access

  • User Access
  • Fair and Responsible Use
  • Protection of Privacy

    III. System Management

  • Management of Stored Materials
  • Employer Monitoring
  • Virus Protection
  • Physical Security
  • Encryption

    VI. Violations of Policy

  • Procedures for Reporting Violations
  • Penalties for Violation

    V. Policy Review and Modification

  • Scheduled Review of Policy and Procedures for Modification

    Analysis and Recommendations:

    I. Statement of Policy:

    The scope of the policy is basically around the issues of how AOL will protect the users’ personal information. Within this scope, the definition of technology and AOL’s responsibilities are well declared. However, the policy does not mention any terms of the customers’ responsibilities, which could be important in real life.

    One of the advantages in the policy is that there is a precise outline at the beginning part, which will help people to grasp the critical points of the policy in a short time if they do not want to spend much time on it, although trying to make the policy as completed as possible is quite a wise way to avoid failures in legal dispute. As a world wide famous corporation, AOL always pays special attention to the policy terms of its products and services. Customers tend to choose companies with consummate policies since they feel such companies are reliable and secure. Thus, undoubtedly these companies will win excellent reputation in the market, which is very critical for their future developments. However, at the same time, the length of the document is also a disadvantage. The most serious problem of lengthy policy is that nearly nobody reads all the terms carefully. Most of my friends, as I know, never read any policy of a networking, email, software or Web use. People do not treat this kind of policies seriously, so few people are really aware of them. They think that reading these things is just a waste of time. Therefore, the idea of providing a outline is definitely a wise choice.

    II. Authorize Access

    For protection of privacy we saw a complete “eight-principle” architecture in the policy, which is the essential content of the whole policy. I think these principles are interpreted clearly by the second level explanation, by which AOL tries to present its honor and the high tech system to their clients. Many areas are covered in this part that are outlines in the criteria.

    III. System Management

    The policy provides some information about how AOL protects the users’ data confidentially. However, it does not show people what they do for virus protection and physical security. It would be better to include this kind of information since users may have some questions in these fields.

    VI. Violations of Policy

    The policy does not present any terms about the procedures for reporting violations and penalties for violation. AOL is only trying to persuade the clients that the service is reliable by making a number of “promises” and “commitments”. But without solid legal evidence, people will not really be “protected”. So my recommendation is to add terms about what AOL will do or be facing with if the violation exists some day.

    V. Policy Review and Modification

    There is no scheduled review of the policy and procedures for modification. It seems that AOL is very confident with this version of the policy and not willing to change it, but the fact is that the policy is just amended and updated this year. So why not just add a term of the modification for the policy? That will make the clients feel that AOL is serious with the policy, which means, with the issues of protecting their information and interests.

     

    References:

    AOL Policies--Privacy Policy:
    http://legal.web.aol.com/policy/aolpol/privpol.html

    Whitman Michael E., Townsend Anthony M., Aalberts Robert J. "Considerations for an EFFECTIVE Telecommunications-Use Policy". Communications of the ACM. June 1999/Vol. 42. No. 6, pages 101 – 108.

    		•