collect consumer info? What data do they collect? What do they do with it? What privacy policy governs this off-property data collection?”
Oakbrook Terrace, IL-based Redbox doesn’t tell you what information they’re collecting and who they’re sharing it with, Gilbert says. If you go to a Redbox kiosk, it raises the question of what Redbox is learning about you, he says.
“Redbox is an example of doing everything wrong,” Gilbert says. Redbox, Hyatt, Norwegian, Mercari, and Gallup haven’t responded to requests for comment.
Many big companies are crossing marketing, legal, engineering, and other teams with one another to develop quality policies. Gilbert says Mountain View, CA-based Symantec (NASDAQ: [[ticker:SYMC]]), a cybersecurity software company, has an 802 rating from Osano.
“As for what makes them better, we treat our algorithm with a great deal of secrecy in order to avoid anybody gaming the system,” Gilbert says. “But generally, the types of things that can make a company do well are around transparency, ease of readability, whether they collect data that they don’t need to collect, how long they store data, and how easy they make it to remove the data that they have about you.”
Some businesses, including many startups, don’t have the resources or personnel to do that, and that’s where Osano makes its money. It sells a software-as-a-service product that helps advise companies on maintaining their own privacy policies—helping them determine what rules and technical measures a business should or must follow, Gilbert says.
Osano also sells products, including access to more granular privacy scores, to help IT executives pick vendors and service providers that have high-quality privacy policies and secure data management systems like cloud storage or customer relationship management systems, Gilbert says. The company charges between $50 to $250 per month, depending on the features you select.
Gilbert says Osano’s plug-in and monthly “Misleader Board” reports are efforts for the public good, and notes that Osano is a public benefit corporation. Whereas sharing data was unheard of 20 years ago, it’s common practice now, and consumers often lack the know-how to control it.
“People feel very powerless,” Gilbert says. He shares an example: Anyone can walk into a grocery store, look at a can of tuna fish, and use consumer information on the can to determine if the fish was line-caught or net-caught and how much sodium is in it, and then decide which can to buy. The same isn’t always true for data privacy. “Our hope is that we’ll get somewhere with federal privacy laws, [so] that it’s that easy for a consumer to make that same decision.”
