Avoid Liability for Privacy Violations

Share this article:
As the debate over privacy protection legislation rages in Congress, many online marketers are unaware that they already face potentially crippling liability from failure to adhere to express privacy policies, existing state privacy rules and Federal Trade Commission privacy protection requirements.

With consumer and regulatory hysteria growing daily, it is certain that the dangers inherent in online data trading will continue to grow for the foreseeable future. The question then, given the hodgepodge of state laws and the potential effect of the passage of federal privacy legislation (which may pre-empt the states'), is what can a company that collects personally identifiable data do to protect itself?

The answer is surprisingly simple. It can craft a comprehensive privacy policy that provides flexibility while meeting the basic requirements of the various state laws and self-regulatory schemes created by the technology industry in concert with the FTC.

If a company collects any data from its customers, it should consider itself at risk. It can, however easily minimize such risk by instituting and adhering to a privacy policy that includes certain minimum requirements.

· A privacy policy should be easily located through a clearly marked link. The link should be on the home page and, if feasible, every other regularly accessed page on a site. The policy should be written in clear language. It should contain the name of the company, the company's address and phone and e-mail information for contact purposes.

· A privacy policy must describe what personally identifiable information (such as name, street address, e-mail address, phone number) and anonymous information (such as site usage) is collected on the site. It must disclose whether the site uses cookies or other software tools to collect data. It must also state how the information will be used (for internal use only, to market to potential advertisers, etc.) and declare whether it will be shared with third parties. If a company says it does not share with outside parties, it must be prepared to face difficulties if it later changes that aspect of its policy. In that respect, a company is probably better off reserving the right to sell its customer database without customer permission.

· If a site is directed to children younger than 13, the Child Online Privacy Protection Act of 1999 prohibits the marketer from collecting personal data without the express written permission of the parents. Because of the difficulties inherent in obtaining verifiable permission, some top Internet companies have halted all data collection from young children because they have found compliance with COPPA to be overly difficult and extremely costly.

· Every existing set of self-regulatory principles (including FTC suggestions and the self-regulatory principles recently issued by the Interactive Advertising Bureau) requires that online marketers give their customers the choice of whether their information can be used.

This principle is also included in many state laws and almost certainly will be part of any federal legislation. To comply, a consumer must be given the ability to opt out of data sharing. For those companies that wish to be more conservative, consideration can be given to allowing consumers to opt in where data will be shared with third parties. Whether it's opt out or opt in, the procedure should be simple and easily accessible, and they should be able to opt out at any time.

The bottom line is, regardless of whether the marketplace hysteria over consumer privacy is based upon perception or reality, a company can take simple steps to avoid most of the risks involved in collecting data from consumers. Federal legislation may be inevitable, and once enacted is certain to be enforced with vigor. Those companies that have not adopted privacy policies may find themselves on the receiving end of that enforcement.

Share this article:

Sign up to our newsletters

Follow us on Twitter @dmnews

Latest Jobs:

More in News

News Byte: Comcast Expanding Global Ad Delivery Through Partnership

News Byte: Comcast Expanding Global Ad Delivery Through ...

Through a partnership with Adstream , Comcast's AdDelivery Service expands its footprint across the globe.

40 Under 40 2014: Nominations Are Now Open!

40 Under 40 2014: Nominations Are Now Open!

It's time to nominate the 2014 crop of young marketing luminaries for Direct Marketing News's 40 Under 40 Awards. The deadline is Friday, June 6, 2014.

News Byte: MediaCrossing Partners with ASL Marketing on Youth Marketing Tool

News Byte: MediaCrossing Partners with ASL Marketing on ...

The digital media trading firm and marketing database company aim to help marketers target 13 to 34 year olds.