Avoid Liability for Privacy ViolationsAs the debate over privacy protection legislation rages in Congress, many online marketers are unaware that they already face potentially crippling liability from failure to adhere to express privacy policies, existing state privacy rules and Federal Trade Commission privacy protection requirements.
With consumer and regulatory hysteria growing daily, it is certain that the dangers inherent in online data trading will continue to grow for the foreseeable future. The question then, given the hodgepodge of state laws and the potential effect of the passage of federal privacy legislation (which may pre-empt the states'), is what can a company that collects personally identifiable data do to protect itself?
· If a site is directed to children younger than 13, the Child Online Privacy Protection Act of 1999 prohibits the marketer from collecting personal data without the express written permission of the parents. Because of the difficulties inherent in obtaining verifiable permission, some top Internet companies have halted all data collection from young children because they have found compliance with COPPA to be overly difficult and extremely costly.
· Every existing set of self-regulatory principles (including FTC suggestions and the self-regulatory principles recently issued by the Interactive Advertising Bureau) requires that online marketers give their customers the choice of whether their information can be used.
This principle is also included in many state laws and almost certainly will be part of any federal legislation. To comply, a consumer must be given the ability to opt out of data sharing. For those companies that wish to be more conservative, consideration can be given to allowing consumers to opt in where data will be shared with third parties. Whether it's opt out or opt in, the procedure should be simple and easily accessible, and they should be able to opt out at any time.
The bottom line is, regardless of whether the marketplace hysteria over consumer privacy is based upon perception or reality, a company can take simple steps to avoid most of the risks involved in collecting data from consumers. Federal legislation may be inevitable, and once enacted is certain to be enforced with vigor. Those companies that have not adopted privacy policies may find themselves on the receiving end of that enforcement.