Large majorities of consumers believe that the term "privacy policy" conveys a baseline level of information practices that protect their privacy. In short, "privacy," like "free" before it, has taken on normative meaning in the marketplace. When consumers see the term "privacy policy," they believe that their privacy will be protected in specific ways. In particular, when consumers see the "privacy policy" they assume that a web site will not share their personal information. Of course, this is not the case. Privacy policies today come in all different flavors. Some companies make affirmative commitments not to share the personal information of their consumers. More frequently, however, privacy policies are used to inform consumers that unless they "opt-out" of certain information sharing, the company will communicate their personal information to other commercial entities. Given that consumers today associate the term "privacy policy" with specific practices that afford a normative level of privacy protection, the use of the term by a web site in the absence of adherence to these baseline practices can mislead consumers to expect privacy that, in reality, they are not afforded. This is not to suggest that companies are intending to mislead consumers, but rather that consumers today associate certain practices with "privacy policy" just as they associate certain terms and conditions with the word "free." Because the term "privacy policy" has taken on a specific marketplace meaning and connotes a particular level of protection to consumers, the Federal Trade Commission should police the use of the term "privacy policy" to assure that companies using the term deliver a set of protections that meet consumers’ expectations, and that the term "privacy policy" doesn’t mislead consumers during marketplace transactions.