BURLINGTON, MA — Attorney David W. Bertoni brought bad news for some of the dozen attendees at the privacy session at the New England Direct Marketing Association annual conference here yesterday.
“I guarantee a significant number of direct marketers will be on the receiving end of class-action lawsuits involving commercial e-mail or will become aware of them by year's end,” said the partner at Brann & Isaacson, Lewiston, ME, which counts L.L. Bean among the 70 direct marketers it represents.
Bertoni backed up those words in his presentation with plenty of news on the subject, including that Federal Trade Commission staffing on privacy matters has doubled.
“The initiatives that are being taken both at the federal and state level … are designed to change drastically the landscape of both the Internet and also marketing,” he said. “A lot of people will get first notice of this when their company is sued as a class-action defendant for violating a lot of these laws. That's the new mode of enforcement. Individuals are taking these laws, and they're acting as private attorneys general and suing companies.”
Bertoni recounted the story of clients sending 1 billion commercial e-mails annually. That was followed by the news that California is poised to change its laws to provide a $500 fine per e-mail for violations he described as inconsequential and trivial.
“You didn't put your phone number,” he said. “You didn't put your correct address.
“In this rush to put privacy policies up on the Web, companies didn't really pay attention to what they were doing … and they also didn't put in place mechanisms to make sure that those policies remained accurate,” he said. “Michigan has gone after a number of direct marketers that did not disclose their use of cookies or Web bugs. If you put a privacy policy on your site, you better describe everything you're doing and describe it accurately, and that includes surveillance techniques.”
He advocated the use of a privacy policy audit that would answer several questions, including:
· Is your policy accurate regarding what you do with information?
· Is your policy accurate regarding what information is collected?
Are consumers clearly notified of your practices?
