Notice, Choice, and Access (Opt-In vs. Opt-Out)

Notice describes information practices; choice lets individuals control collection/use - opt-in is an affirmative yes, opt-out implies consent unless the person objects; access lets individuals view their data. Privacy notice promises are enforceable by the FTC and the states.

Notice describes an organization's information practices and serves two purposes: consumer education and corporate accountability. A typical notice states what is collected, how it is used and disclosed, how to exercise choices, and whether the individual can access or update the data. For most industries, promises in a privacy notice are legally enforceable by the FTC and the states.

The chapter distinguishes privacy notice (an external communication to consumers) from privacy policy (often the internal standards used within the organization).

Opt-in vs. opt-out
Term	Mechanism	Effect of silence (no answer)
Opt-in	Affirmative express act ('yes')	Information is NOT shared
Opt-out	Implied unless the person objects ('no')	Information IS shared

Access is the ability to view personal information an organization holds, often supplemented by updates or corrections. U.S. laws often provide access and correction when information is used for substantive decision-making, such as credit reports.

Key terms - quick answers

What is “Notice”?

A description of an organization's information management practices, serving consumer education and corporate accountability.

What is “Choice”?

The ability to specify whether personal information is collected and how it is used or disclosed; may be express or implied.

What is “Opt-in”?

An affirmative indication of choice through an express act; failure to answer means the information is NOT used or shared.

What is “Opt-out”?

Choice implied by a person's failure to object; failure to answer means the information IS used or shared.