Privacy Policy in Corporate Practices

By: Sonny Zulhuda

Today my MBA students presented their assessment on privacy policy. This is a practical session for them to see how the principles of personal data protection are being put in in real life corporate conduct. They form a group and choose company of their own in order to look at their privacy policy as stated in their official websites.

The session was very informative and interactive, in which students were to highlight in summary what those companies do in general and what they do with personal information. Then they presented their assessment, examining how good the privacy policy is prescribed, and how well it is compliant with the principles of personal data protection law.

Among the interesting findings that they presented were:

  • ‘Cookies’ enjoys permanent mention in all the companies assessed. That makes the policies sound ‘tasty’ at lest.
  • One regional airline company collects personal data through surveys by third parties.
  • An online photo sharing service’s privacy policy (owned by one Internet giant) is comprehensive and extensive enough that the students could not cover them all in ten minutes given for presentation.
  • A renowned international e-payment company provides that they ‘cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk.’
  • A local telecommunication company may share customers data to some related parties, including to ‘others’.
  • A local higher education institution does not provide their privacy policy in their official website thus inaccessible to external people.
  • A local online auction company lacks mainly on the fact that they collect some data which may be deemed unnecessary and extensive.
  • An international computer manufacturer is so generous that they put for themselves 30-day period to notify the customers should there be any change to the privacy policy.
  • Like many other online companies, a social networking company does not inform clearly how long they keep personal data.

Overall, the presentation was going well and kudos for everyone who had contributed to the presentation and discussion today.


  1. Thank you doctor for being concerned and careful about our points of view in presenting privacy policy. about the second point I would like to add what we could not completely cover in our presentation which is about the functionality of this third parties one like Google Inc.

    a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies which are text files stored on your computer to help analyze your use of the website. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where this is required by law or insofar as third parties process this data on behalf of Google. Google will never associate your IP address with any other data held by Google.

  2. That was a good practicing, thanks dear lecturer, and also i do not have any comment from you yet, to be sure if my blog is OK or not. thanks for your consideration. arezoo amiri

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s