Forethought is key to a workable privacy strategy, Eisenstein said.
He discussed several "danger areas." The first is adoption of a policy that does not clearly describe how personal information is collected and what is done with that information. Another is not implementing the policy.
"The state of Michigan says that if you don't disclose that, that is an unfair practice and we're going to take action against you," he said.
Another pitfall Eisenstein described as "a real emerging issue" is state spam laws. He told the audience that 26 states have laws dealing with this issue.
"Most of us think that the e-mail laws are designed to deal with what they first were designed to deal with -- [spam]," he said. "What they were originally designed to deal with were these e-mailers that were clogging up the ISPs ... with bulk e-mails and oftentimes fraudulent e-mails.
"More recently, states such as Utah have adopted spam laws that apply over and above ... to any e-mail that you send that is unsolicited unless the e-mail is sent to an existing customer. If there is any prospect out there for which you do not have an existing business relationship ... you're potentially responsible under that state's law."
And not being located in Utah provides no protection, Eisenstein said.
"[The Utah statute] says that if you violate the law, each e-mail for which you violate the law with is a statutory penalty of $10, regardless of what the damage is," he said. "[You are also] talking about attorney's fees."
Eisenstein said that a law firm in Utah has filed 200 lawsuits against companies accused of violating the law.
"Two of our clients have received a 'nice' letter from the law firm that says, in effect, 'We are prepared to file this lawsuit, but we'll go away for the mere sum of $10,000,'" he said.
A fifth problem is the failure to honor customer requests, including removal from a mailing or e-mail list, Eisenstein said.