Apparently the preparations for the nation-stopping Privacy Awareness Week (we celebrated with cake) were not enough to divert the Privacy Commissioner’s efforts from conducting an audit of the privacy policies of 20 major organisations operating in Australia.

The subjects were big players (including the big 4 banks and the likes of Instagram, LinkedIn and Twitter).  The Commissioner found that 55% of the privacy policies he audited didn’t make the grade, with the most common issue being that they didn’t properly outline how the organisation would deal with a privacy complaint. Some of the other problems he identified were not outlining how an individual can access or correct their information; not adequately describing how information was protected; and not disclosing whether information would be disclosed overseas and to which countries.

One of the other shortcomings was a failure to provide a privacy policy which was ‘clearly expressed’.  We reckon that’s a pretty difficult case for the Commissioner to objectively demonstrate, but he has given it a go, using measures such as the Flesch-Kincaid Grade Level.  Yes, it’s a thing.  The result gives you a score which equals the number of years of education the reader needs to be able to understand your policy (and apparently the Commissioner thinks the average 14 year old should be the benchmark).

It looks like this:

Level = 0.39 (total words/total sentences) + 11.8 (total syllables/total words) – 15.59

Seriously?  We’re all for Plain English, but this just takes the fun out of it. We’ve run some tests, and the way to score well is to use only one syllable words, and ideally one word sentences.  To get the 14 year olds in we suggest throwing in some hashtags and a YOLO or two.

How does your privacy policy score?