March 02, 2009
By Dennis Dayman
Before you dive into all this information I want you to understand my purpose here of this post. While the majority of you in the email industry tend to focus on the day to day email operations around best practices (complaints, hard bounces, blocks, etc), I feel as if many of you haven't taken the time to see what's next on the horizon for us. There is a new compliance issue coming and it's not as simple as the email stuff you deal with today. Some of you here have a great opportunity to learn something new and take your careers even further still being attached to email and marketing. I have two things I am responsible for here at Eloqua, email best practices for clients and our company and privacy issues for clients and our company. They go hand in hand in a lot of ways and in others they do not, but the compliance aspect of both are VERY similar when it comes to email. So, as you read this... think a little outside your email box today and see what you need to be auditing your clients and company for.
I know some of you email heads have been making sure you have a privacy policy that accurately describes all use of the data you collect and the internet technologies you use and how you monitor that any affiliate or partners that advertise your products, services or website are honoring their imposed can-spam requirements (you’re not free from their actions), but has anyone read or been concerned with some of the impending state legislation about email or website tracking? Now don't be scared just yet...
If your not aware of this, states like New York (NY AB 1393/SB 0616 - Assembly Committee on Consumer Affairs and Protection) are seeking bills to regulate online advertising networks and online preference marketing. It restricts the collection and use of information for online preference marketing, including barring the use of Personally Identifiable Information (PII) in preference marketing, except for PII provided with consent, and requiring the ability for consumers to opt out of the use of their non-PII in online preference marketing. The bill also would require clear and conspicuous privacy and opt-out notices. Sounds easy enough? Well it is and is well supported throughout the advertising industry.
The New York bill like many others are similar if not identical to the
Network Advertising Initiative (NAI) principles. The NAI Principles detail the consumer protections its member ad networks agree to provide with regard to the use and collection of personally identifiable and non-personally identifiable information for the purposes of targeting marketing efforts. Included in this framework are the principles of consumer notice, choice, and fair dispute resolution. Here is a graphical representation from the NAI on this if you don't have time to read the above linked principles.
If you not also aware, on February 12, 2009 the Federal Trade Commission (“FTC”) released a revised set of four principles for the self-regulation of online behavioral advertising. Goodwin Procter did a GREAT breakdown/client alert of these principles here.
The highlights from that alert:
Transparency and Consumer Control
This Principle provides that a website utilizing behavioral advertising should provide a clear, concise, consumer-friendly and prominent statement that behavioral data is being collected. Such a statement should also provide that consumers can choose whether or not to participate. Websites are encouraged to provide consumers with a clear method for exercising the opt-out option.
Security and Data Retention Policies
Websites that collect and store user data are encouraged by this Principle to use reasonable security measures to guard that data. Factors to consider in determining the appropriate level of security include the sensitivity of the data, the risks a company faces, the nature of the business and the availability of reasonable protections to the company.
Express Consent for Material Changes
The company should obtain consumer consent before it uses previously collected data in a way that differs materially from the privacy policy that existed at the time the data was collected. For example, if an acquisition prompts a change in the use of collected data, this Principle encourages the surviving corporation to obtain consumer consent for the new policy.
Express Consent to Use of Sensitive Information
The fourth Principle urges companies to collect sensitive data via behavioral advertising only after a consumer expressly consents to its collection. Such data would include, for example, health information, Social Security numbers and information about children.
So where does your clients and company stand in all of this? Are you in support? Can you comply? Can you stay in business with the methods you use today? This isn't like dealing with Can-Spam here folks. For many this is a whole new ball game for you.
Talk to your attorney's or compliance people about this.
-Dennis
Don't Just Send, Deliver!
I read your post on internet marketing and found it interesting to add it in my college notes. I am an IT student and I need to go around on the web to search for new IT info.
Posted by: Jeff Paul Internet Millions | March 12, 2009 at 02:31 AM