Ring has been in the news for its ongoing struggles with privacy issues. Its latest response, not to mention its approach in general, could serve as a case study of what not to do.

Ring was first in the news over a number of incidents where individuals were able to hack the cameras, spy on and interact with the owners. Following that, VICE tested Ring’s security and found it was abysmal. The nail in the coffin was the Electronic Frontier Foundation’s (EFF) investigation that showed Ring was sharing a load of identifiable information with third-parties. The worst part is that users were not notified of what data was being collected and shared, let alone given a way to control or opt-out of the collection.

Now CBS News is reporting that “although it confirmed that it shares more data with third parties than it previously told users, the company said in a statement that it contractually limits its partners to use the data only for ‘appropriate purposes,’ including helping Ring improve its app and user experience.”

Essentially, the company is saying “yes, we got caught doing something we shouldn’t have been doing, but you should totally trust us that we’re doing it responsibly.”

Ring’s troubles and their response should be a lesson to every company that deals with customers’ private data: A strong commitment to privacy should NEVER be an afterthought, add-on or damage control. In an era when hackers are eager to take advantage of weak data policies, when companies look to profit from their customers’ data and when an interconnected world means that a single breach can have far-reaching consequences—privacy must be built-in from the ground up.

The fact that it should especially be built-in from the ground up in a service that is designed specifically to protect user privacy and security should go without saying. However, since Ring obviously needed someone to say it, the company should stand as an example of what not to do when it comes to protecting customer privacy.