Abstract
Three studies examined (a) the amount and types of personal information requested by Web sites from seven different categories, (b) the goals and readability of existing privacy policies for four categories of sites, and (c) users' comprehension and perceptions of privacy policies. Study 1 showed that different amounts of personal information were requested by Web sites, even within the same category. Content and readability analyses of 100 privacy policies in Study 2 showed that policies tended to be high on both privacy protection and vulnerability goals or low on both. The policies were also written at a reading level corresponding to 13 years of education. Study 3 showed, though, that even college students have poor comprehension of the content of privacy policies. The students perceived longer policies that included many privacy goals as providing better assurance of privacy than shorter policies that included fewer goals. From a usability perspective, there is considerable room for improvement in the design of organizations' Web sites with respect to the amount and types of person information solicited and the implementation of privacy policies.