Interpreting Privacy Policies

Companies collecting personal data are required to publish a privacy policy on their home page. Like many legal documents, reading a privacy policy is a skill. Here is a brief laypersons guide to understanding the privacy policy of anyone collecting your personal information.


Look for the following sections in other organizations privacy policies:


Information Collected Automatically

Most companies will gather technical data relating to the way you interact with their web services. This data typically includes your internet IP address (where you are), your computing device identity (what type of device you are using), and your “clickstream” (what pages you visited).

This information is fairly benign in the context of provider data collection, and is typically used by service providers to improve their products and services.

Look for guarantees in the privacy policy statement that this information will not be combined with your personal data for resale, and will only be used in a manner that does not reveal your identity. At Sanator we will never combine your technical data with your personal data that would reveal your identity.


Information Collected Explicitly

Companies should describe the extent of the data they will collect from you including all personally identifiable information. In the context of provider directory management this information will include your name, date of birth, email, telephone, fax and mailing address, education and other professional identifiers.

As the purpose of the service will be to collect an extensive amount of data about you and your professional practice, this disclosure should not be surprising to you.

Use/Disclosure of Information

Organizations that are collecting your information for resale often attempt to downplay this fact as much as possible. Look out for companies that use wording similar this these examples:

Companies that feel the need to obfuscate the sale of your data know it’s objectionable or they would just come out and say it. As we tell our children, it’s not the crime, it’s the cover up.


At Sanator we will never directly, or indirectly exploit your personal data for commercial reward other than the specific services you have contracted from us.

Opt-Out Option

Companies collecting your data are required to offer a facility to “opt-out” of unsolicited communications. Unfortunately, you won’t know what to opt-out of until you are contacted by a third-party, and then the responsibility is on you to contact that vendor and request to be unsubscribed from future communications.

The Sanator policy has a default setting of opt-out of all unsolicited communications.  You can be sure that companies that offer you an opt-out-after-the-fact policy are selling your data to third party marketers.

Contact Details

Companies are required to publish the full contact details of the primary point of contact for all matters related to privacy policy or use of your information. If you are unsure of how your data is being used, you should make contact by email and maintain a log of your communications. Be sure to ask explicitly how your data has been used and how it will be used in the future. Our contact details are found on the Privacy Policy statement of this site.