Upload
vivastream
View
386
Download
1
Embed Size (px)
Citation preview
Is More Data Always Better? The Legal Risks
of Data Collection, Storage and Use in
Marketing
Jordan AbbottAcxiom Compliance Counsel
WHO, WHAT, WHY, and HOW?
• Who is collecting the data?• What are they collecting?• Why are they collecting it?• What principles (if any), govern
the collection of data?• Advocates’ attitudes• Court cases• What to do to minimize your risk.
“Over-Collection” of Data
- The Good- The Bad- The Ugly
DATA IS GOLD
Who Collects and uses data for “marketing”?
Start Ups SOHOFortune
500Mid TierSmall Tier
Everybody…
Politicians
EntertainmentGamingFinancial
SvcRetail
TechnologyInsurance
Travel
UniversitiesTelco ManufacturingAutomotiveConsumer
Goods
TelevisionHealth CareLaw Firms
Security Collections Government MORE!
On and Offline
– Name – Name variations– Addresses– Address Histories – Associates– Public Records
• DMV• Criminal & RSO• Voter• Real Property• Licenses• Bankruptcy, Tax Lien, Judgment• Deceased
MORE
– Marketing data?
– Purchase data?
– IP Addresses?
– Peer to Peer Transfers?
– Social Network?
– Geo-Location?
– Click Stream?
– Browsing Behavior?
– MORE ?????
Data Elements “in Play”
Data Elements “in Play”
On and Offline – Anonymous and PII• Contact Data
– Name– Address– Email address– Phone– Cell phone
• Shopping behavior• Viewing Behavior (Digital TV) • Geo-Location (Mobile Device) • Place and Time • Browsing behavior• Click stream• Purchase behavior• Demographics• Sociographics• Life Stage
• Analytics and Segmentation• Spotlights• Footlights• Cookies• Email behavior – click &
open • Social Network Data • # of Networks• # of Friends • Fan Pages• Blog Data• Preference data • Response data
• MORE
WHY….?
….because businesses want to know their customer
and customers want to be delighted, amused and protected
Marketing
Acquisition
Up-sell /Cross-sell
Retention
Marketing
Acquisition
Up-sell /Cross-sell
Retention
Risk
Fraud
Authentication
Verification
Risk
Fraud
Authentication
Verification
IdentityIdentity
SOLVING BUSINESS ISSUES – CREATING CONSUMER VALUE
CUSTOMERS’ LIVES ARE CONSTANTLY CHANGING
Every hour of every day
5,769 people changed jobs
2,748 people moved
509 people were married
244 people got divorced
186 people declared bankruptcy
These people are your customers
Channels Are Multiplying Rapidly
New Types of Data Exploding VolumeEscalating Velocity
OVER-ARCHING CONCERN… CONSUMER ATTITUDES
• Privacy is an emotionally charged issue – Being watched, monitored, taken advantage of
• Consumers feel like they are losing “control”
• Consumers don’t understand our information based economy– Information technology is part of our economic
infrastructure– Benefits are not fully understood by consumers or law
makers– Technology used often confuses consumer
POLICYMAKERS’ ATTITUDES
• “When personal data collected by one organization for a stated purpose is used and traded by another organization for a completely unrelated purpose, individual rights could be seriously threatened.”
•102 Cong.Rec. 36893-4 (1974), quoted in Ash v. United States, 608 F.2d 178, 180 (5th Cir. 1980).
THE NEWS!
“…growing concern on Capitol Hill about the expanding business of tracking consumer behavior online.”
“…the analytical skill of data handlers…is transforming the Internet into a place where people are becoming anonymous in name only.”
“’the wall has been breached’ between what users share under their real identity online and what information they provide under the cover of anonymity.”
“Mr. Markey said he wasn't satisfied that "consumers are able to effectively shield their personal Internet habits and private information from the prying eyes of online data gatherers.”
“Eleven of the nation's largest website operators defended their privacy practices to lawmakers, saying it is impossible for them to monitor all the tracking technologies their sites install on visitors' computers.”
“…vast data gathering…used to discriminate in the services that companies offer customers or government agencies offer citizens.”
“…consumers who surf the Internet unintentionally surrender all kinds of personal information to marketing firms that use invisible tracking technology to monitor online activity”
MORE NEWS!
"Consumers still get the short end of the stick when industry shows that it is incapable, or unwilling, to better articulate what information they are collecting from consumers and why we should trust industry to protect consumers' personal information.”
"It is technically impossible for Yahoo! to be aware of all software or files that may be installed on a user's computer when they visit our site," Anne Toth, Yahoo's vice president of global policy and head of privacy, wrote to U.S. Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas).”
“…Stalkers Exploit Cell phone GPS “
“As WiFi Data Collection Revealed, New Investigation Begins”
Surveillance Society...
Collecting even “private” data, little governance, little enforcement…lots of secondary commercialization
Apps
Captures device data points, formulates “fingerprint,” spoofable, not “categorized” as pii…yet used that way
Device Fingerprint
Sits on networks, watches traffic, sniffs out brand and…”listens”
Sniffers and Listeners
Offers even more tracking & collection, utilizes the Cloud
HTML5
Multiplied by time; checking in
Precise GeoLocation
Rides the pipes, capturing and closing the loop on every data point including digital dust and digital exhaust of digital device
Meters
Relies on the Cloud, devices monitor, report back
eHealth & HITECH
Multiply in order of magnitude
The Internet of Things…
You are known and treated in place and time via the cloud
Placefulness
GOOGLE STREET VIEW
- Premise is awesome and beneficial
- Collected personal information from unsecure WiFi networks
- “Probably the single greatest breach in the history of privacy”
- Numerous court cases and enforcement actions around the world
iPHONE LOCATION TRACKING
- Hidden file that stores latitude, longitude, and timestamps
- Post-hoc explanation did not do much to quell controversy
- Lawsuits, Congressional inquiries
COMSCORE ALLEGATIONS
-August 2011-Online tracking-Class action lawsuit-Alleged to have secretly collected SSNs, credit card #s, and passwords
DMA’S GUIDELINES FOR ETHICAL BUSINESS PRACTICES
Article #32 – Personal Data“Marketers should be sensitive to the
issue of consumer privacy and should only collect, combine, rent, sell, exchange, or use marketing data. Marketing data should only be used for marketing purposes.”
COLLECTION LIMITATION PRINCIPLE
“There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject”
IDENTIFYING PURPOSES
• Identify the purpose for which the personal information is collected at, or before, the time of collection• Allows the organization to determine the
information it needs to collect to fulfill those purposes
• When collecting information, there is a tendency to collect more than what is needed “just in case” you need it at a later date
• Unless you have clearly indicated how that information will be used, you should not collect it
• Scrutinize the need for each piece of information you collect.
• If you don’t need it, don’t collect it.
TO DO’S- Have an effective Data Governance Plan
- Assess needs and purposes
- The more you collect, the greater your fiduciary duty
- Don’t keep what you don’t need
-Regularly monitor compliance
-Have an effective Security Incident Response Plan
-Question of “when,” not “if”
- Assess your technical, physical and administrative vulnerabilities
- Address them
-Understand what your obligations are in the event of a breach
- Have it in writing and keep it up to date
Pending Legislation
• HR 611 §303• S. 799 §301