Avoid Liability for Privacy Violations

Share this content:
As the debate over privacy protection legislation rages in Congress, many online marketers are unaware that they already face potentially crippling liability from failure to adhere to express privacy policies, existing state privacy rules and Federal Trade Commission privacy protection requirements.


With consumer and regulatory hysteria growing daily, it is certain that the dangers inherent in online data trading will continue to grow for the foreseeable future. The question then, given the hodgepodge of state laws and the potential effect of the passage of federal privacy legislation (which may pre-empt the states'), is what can a company that collects personally identifiable data do to protect itself?


The answer is surprisingly simple. It can craft a comprehensive privacy policy that provides flexibility while meeting the basic requirements of the various state laws and self-regulatory schemes created by the technology industry in concert with the FTC.


If a company collects any data from its customers, it should consider itself at risk. It can, however easily minimize such risk by instituting and adhering to a privacy policy that includes certain minimum requirements.


· A privacy policy should be easily located through a clearly marked link. The link should be on the home page and, if feasible, every other regularly accessed page on a site. The policy should be written in clear language. It should contain the name of the company, the company's address and phone and e-mail information for contact purposes.


· A privacy policy must describe what personally identifiable information (such as name, street address, e-mail address, phone number) and anonymous information (such as site usage) is collected on the site. It must disclose whether the site uses cookies or other software tools to collect data. It must also state how the information will be used (for internal use only, to market to potential advertisers, etc.) and declare whether it will be shared with third parties. If a company says it does not share with outside parties, it must be prepared to face difficulties if it later changes that aspect of its policy. In that respect, a company is probably better off reserving the right to sell its customer database without customer permission.


· If a site is directed to children younger than 13, the Child Online Privacy Protection Act of 1999 prohibits the marketer from collecting personal data without the express written permission of the parents. Because of the difficulties inherent in obtaining verifiable permission, some top Internet companies have halted all data collection from young children because they have found compliance with COPPA to be overly difficult and extremely costly.


· Every existing set of self-regulatory principles (including FTC suggestions and the self-regulatory principles recently issued by the Interactive Advertising Bureau) requires that online marketers give their customers the choice of whether their information can be used.


This principle is also included in many state laws and almost certainly will be part of any federal legislation. To comply, a consumer must be given the ability to opt out of data sharing. For those companies that wish to be more conservative, consideration can be given to allowing consumers to opt in where data will be shared with third parties. Whether it's opt out or opt in, the procedure should be simple and easily accessible, and they should be able to opt out at any time.


The bottom line is, regardless of whether the marketplace hysteria over consumer privacy is based upon perception or reality, a company can take simple steps to avoid most of the risks involved in collecting data from consumers. Federal legislation may be inevitable, and once enacted is certain to be enforced with vigor. Those companies that have not adopted privacy policies may find themselves on the receiving end of that enforcement.


Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here