Just in case you might be tempted to excuse Google for what some commentators just consider sloppy language (or over-reaching on my part) in its terms of service for its on-line apps, here's an example of how to do right by accepted corporate standards for security and privacy: the terms of service for PB Wiki, an on-line wiki provider that apparently takes seriously what Google and its lawyers (or whoever wrote those sloppy, loophole-full TOS) seems to not give a hoot about.
What PBWiki does is very carefully define what happens to data that a company puts into a private wiki running on PBWiki, and the terms of service are rather unequivocal in that regard:
Company agrees that it will use Confidential Information solely for the purpose of providing the pbwiki Service with respect to the private wiki to which such Confidential Information relates. In addition, Company agrees that it will disclose Confidential Information only to (a) Company's employees and contractors who have a need to know such Confidential Information for purposes of providing the pbwiki Service, (b) individuals who have the appropriate password for the relevant private wiki and (c) individuals to whom the Wiki Owner has authorized or directed Company to disclose Confidential Information.
Or, as PBWiki CEO David Weekly told me: "Your content is yours, we are not going to mess with it. We take confidentiality very seriously."
Now, if you read the full TOS, the company does two things that at the outset may look like PBWiki is hedging on Weekly's direct statement. The first is that the TOS starts first by defining what privacy and security guarantees are for a public wiki, which Weekly says really isn't the main focus of the company anyway. In the User Submissions section, you'll find the following language:
However, to enable Company to provide the pbwiki Service, you grant Company a worldwide and fully sub-licensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform, and publicly display your User Submissions (in whole or in part) in any format or medium now known or later developed.
Sounds like a wide open loophole, no? Well, yes and no, really. Yes insofar as if you're using a public PBWiki service, the company can do anything it wants with your content. I really have no beef with that issue, it's a free service and is not intended for enterprise use in any way.
But it's really not a loophole that lets PBWiki pull a fast one on a user. Weekly explained that there's another important reason why that loophole is there: to protect PBWiki from being sued for the secondary use of content that was posted on a free PBWiki service. If I take some content that someone else published on PBWiki and published it on my own, this clause effectively prevents the original content owner from suing PBWiki for copyright violation, as it is implied in the TOS that PBWiki can do anything it wants with the content, and therefore is not liable for uses that the original owner may not like. Fair enough.
The terms of service for private wikis also has some funny, lawyerly language, which goes like this:
In no event will the following information be considered Confidential Information under this Section 3: (a) any information that was publicly known prior to the time of disclosure to Company; (b) any information that becomes publicly known after disclosure to Company other than as a result of a breach of this Section 3 by Company; (c) any information that is already in the possession of Company at the time of disclosure to Company; or (d) any information that is independently developed by Company.
But this too has a reasonable explanation from Weekly. PBWiki wants to make sure that it doesn't get sued for IP theft from a private wiki owner who thinks that something PBWiki is developing or selling violates the private owner's IP rights. So Weekly's lawyers put this clause in to make it clear that PBWiki is released from protecting the confidentiality of information it doesn't consider confidential.
All in all, it's a pretty decent TOS, and one that seems to serve the needs of enterprise users and PBWiki well. And, as Weekly puts it, it wasn't that hard to do, once the decision had been made to actively protect enterprise wiki data. PBWiki wants to make money selling a superior wiki to companies like the Financial Times, Citi, AT&T and others, not sell advertising or services based on its customers' content. "We don’t make money mining our users data," Weekly points out.
Google, are you listening?