4. Agenda
• Quick look at some important items
– What should you be thinking about?
– Common Myths
– What Should Be Your Concerns?
– How Are People Addressing Privacy?
– Best Practices
• The Current State of Privacy
• The Future of Privacy
• Enforcement
• Options For Help
• Q&A
5. Why We Are Here
• Business is moving to social media
• Open & transparent / Real-time
• Scaling efforts with efficiency
• Protecting brand trust & brand equity
• Avoid common pitfalls
• Create a culture of compliance
• Regulation is here to stay
9. Common Myths
• Only bloggers / only Tweets
• Only online programs are at risk
• The rules are different for digital marketing
• My agency will handle it
• Build a buzz
• Just a comment
• Fines & penalties
10. What Are The Concerns?
• Public Backlash
• Mainstream Media Criticism
• Regulatory Action
• Two-Way Communications
• Scaling efforts (technical & human resources)
• Brand Trust & Brand Equity
11. How Are People Addressing This?
• Ignorance is not bliss
• Your agency *might* handle it
• Ad-hoc compliance solutions?
• Site-wide disclosures
• Affiliate marketing programs
12. Best Practices
• Think first
• Create a process
• Standardize and streamline
• Disclose and inform
• Document and monitor
• Follow up and takedown
• Open and transparent
• Ask for help
13. The Past In Digital Marketing
• Grab whatever you wanted
• Opt-out
• Gave choice
• Privacy policy
15. Current State of Privacy
• US
– Not a fundamental human right
– Patchwork of industry, local, state and federal laws.
– Typically an opt-out scheme with a dash of opt-in and notice.
– Privacy is a process of need by sector
• Canada
– Fundamental human right
– Personal Information Protection and Electronic Documents Act (PIPEDA)
– Privacy law, not an email law
– Opt-in in model
– Give clear notices on why the need, uses, and secures data.
– Gives control of opt-out and inaccurate data
– PIPEDA follows an ombudsman model
• Europe
– Fundamental human right
– Privacy law, not an email law
– Opt-in in model
– E.U. Data Protection Directive
– Member nations are compelled to enact data protection laws and create supervisory bodies.
– Applies to processing of personal data by automatic means in a filing system
16. Privacy Fundamentals
• Notice – When data is used
• Purpose – What data being used for
• Consent – Not disclosed without permission
• Security – Kept secure from abuse and sight
• Disclosure – Informed who is collecting
• Access- Ability to correct or remove
• Accountability – Data collectors held
accountable
17. Role of privacy in my email program
• Notice: Opt-in in most cases
• Choice: Provide opt-out or preference center
• Purpose: Use data for only what you said you
would use it for
• Disclosure: In some countries, you can’t track
by default
• Don’t sign up customer for whatever you feel
• Don’t use to much PII in email programs
• Don’t link to customer accounts
18. Privacy practices
• Privacy is becoming an increasingly important topic for
both brands and consumers
– Facebook changes without permission
• In the relationship between the advertiser and
customer, sensitive information can be
transmitted, whether financial or personal
– Single Sign On
19. A Global Perspective is Needed
LEGEND (as of September 2008)
National privacy or data protection law in place
Other significant privacy laws in place *Courtesy of the IAPP
Emerging privacy or data protection laws
23. Privacy in the future for US
• Looking at umbrella system like Canada and EU
– Notice and consent for covered/sensitive information
– Over broad definition
– Transferring information to third parties
– Notices needs to be on home page
– Used for any purpose
– Consent for tracking
– Opt-out needs to be clear
2
23
3
24. Moving Forward Into The Future-
Canada
• Fighting Internet and Wireless Spam Act or C28
o Opt-in
o Prohibits Commercial Messages
o Prohibit installation of programs without consent
o No false information - Sender or Subject Lines
o No harvesting or dictionary attacks
o More than email: IM; SMS; social media; voice,
o Other requirements: identification; contact information; unsubscribe
mechanism
o Certain messages exempted altogether: family or personal relationship;
business inquiry/relationship
o Proper identification
o No more no-reply@ - Unsubscription method
o Private Right of Action Included
o Enforcement cross border - Can’t hide under HQ location
o Protection for “Honest” Mistakes
2
24
4
26. Regulatory Environment
As a practical matter, social media is now a regulated industry;
and all stakeholders are responsible for compliance with the
FTC Guides. As a result, all marketers, agencies, and brands must
develop a 'culture of compliance' where the vocabulary of risk
management is a central aspect of an advertising strategy.”
– Tony DiResta, Partner at Winston & Strawn
General Counsel of WOMMA
"If law enforcement becomes necessary, our focus will be
advertisers, not endorsers – just as it’s always been.”
– FTC Factsheet on Update to Endorsement Guides
26
27. FTC Requirements
All material connections must be disclosed with documented process
• Inform & Disclose
– Disclosures must be clear & conspicuous
– Advertisers and agencies are liable
– Create a process that ensures a culture of
compliance between
advertisers, employees, agencies and
influencers
• Document & Monitor
– Must know what your influencers are saying
– Process & procedures must be documented
• Follow Up & Takedown
– Expectation is not that you will catch everything
but you must be responsive and proactive in
addressing required compliance
27
29. FTC Further Clarification
• November 2011: Hyundai, and an agency were investigated by the FTC for blogging campaign
designed to build interest in ads premiering during Super Bowl XLV (45)
– An advertiser's provision of a gift to a blogger for posting specific content promoting the advertiser's
products or services is likely to constitute a material connection that would not be reasonably expected by
readers of the blog.
– Investigation was closed
• Hyundai did not know in advance about the incentives, which were offered by an employee of Hyundai's marketing
agency.
• Offering an incentive to post about or endorse a Hyundai product was contrary to the social media policies of both
Hyundai and its marketing agency.
• The “3 M’s” Mnemonic:
1. Mandate a disclosure policy that complies with the law;
2. Make sure people who work for you or with you know what the rules are; and
3. Monitor what they're doing on your behalf
Key takeaways: Have a documented policy and process; monitoring and follow up is a key
factor in compliance
30. Risks of Non-Compliance
• Court of Public Opinion
– Consumers, bloggers,
– Social media backlash
– Blacklisting
• PR Nightmares
– Scandals, reports & investigations
– Bad press & negative opinions
• Regulatory Action /
Investigations
– Significant legal costs
– Penalties and settlement terms
– Potential for erosion of brand trust
• Legal Exposure / Liability
– 3rd party lawsuits / consumer actions
– Responsibility for representatives
– Lack of documentation
30
31. First FTC Investigation
“…Bloggers who attend will receive a
special gift, and those who post
coverage from the event will be entered
in a mystery gift card drawing…”
“…the [Ann Taylor] case serves to
let marketers know that the FTC is
keeping a close eye on their
interactions with bloggers.”
32. Connections Must Be Disclosed
• Tweeted from CES, encouraging his
followers to purchase stock
• He owned a substantial stake in that
company
• A 13D disclosure of ownership was filed
with the SEC
• He failed to disclose his connection in
Tweets under FTC guidelines
33. OFT Actions in UK
• UK’s OFT took action for Sponsored Tweet programs
Handpicked Media - December 2010
– Sponsored Tweet programs lacked disclosure
– It is prohibited to use editorial content in the media to promote a product,
where the trader has paid for the promotion, without making that clear in
the content.
– It is also prohibited to mislead consumers by act or omission (for example
in relation to any endorsement of the product), where this is likely to have
an impact on the consumer's decision making about the product.
– These rules apply to any trader involved in the promotion, sale or supply
of products to or from consumers.
34. Vendor help
• CMP.LY
– Product line that addresses compliance requirements
for SEC, FINRA, FDA, as well as other regulatory needs
– Enables companies to create, document, measure and
monitor disclosures and other “fine print” in social
marketing and communication efforts.
– Identifiable icons and URLs, provides a universally
recognizable convention that communicates required
disclosures across platforms such as
Facebook, Twitter, blogs, and other digital media
channels
35. Coalition help
• Word of Mouth Marketing Association (WOMMA)
– Organization dedicated to advancing and advocating the discipline of credible
word of mouth marketing
– Social Media Marketing Privacy Guidelines
• Brands should be open and honest about PII that they are collecting, using and
sharing from consumers.
• Brands should use PII collected from or about consumers for the purposes that they
have clearly communicated.
• Brands should collect PII that is relevant and necessary to accomplish the specified
purposes.
• Brands should not retain PII for longer than necessary to fulfill the specified
purposes or to otherwise meet legal requirements.
• Brands should employ relevant and reasonable measures to protect PII.
• Brands should be accountable for complying with these principles, by providing
consumers with a readily accessible means to express concerns or complaints.