ACLU to companies: take the pledge!

Yesterday the American Civil Liberties Union released its report on how the government uses corporations to collect information about the American people on an unprecedented scale.  OK, so the concept is not front page news, but this does a good job of documenting and quantifying the problem.  
There's very little legislation in our country governing what companies can and cannot collect from customers (and that term is very very loose), with or without their knowledge.  Like it or not, most lawsuits over misuse or security of consumer data are based on a company's breach of its own, voluntarily assumed policies.  Accordingly, the ACLU urges companies to make such promises, and consumers to look for them and take their business to companies that promise to respect their privacy.  My gut reaction is to prefer this approach over the government getting in  between consumers and companies.  If I choose to give up some of my personal information to get something I perceive as valuable, say, a chance to win a Mini Cooper, that's my business.  If I want privacy, I should be able to shop for a company that offers it.  But my cynical side says it is probably too easy to take the pledge.  How many companies now promise only to share information with their "partners" and "affiliates," not mentioning that they'll "affiliate" for this purpose with anyone who writes them a check? And then often, the right hand doesn't know what the left hand is doing.   For the boycott approach to work, consumers still have to be suspicious about pledges or someone has to make sure companies are living up to them.  Talk is cheap.