Upload
vivastream
View
804
Download
1
Embed Size (px)
Citation preview
Is More Data Always Better? The Legal Risks
of Data Collection, Storage and Use in
Marketing
Jordan AbbottAcxiom Compliance Counsel
WHO, WHAT, WHY, and HOW
• Who is collecting the data• What are they collecting• Why are they collecting it• What principles (if any), govern
the collection of data• Advocates’ attitudes• Court cases• How to minimize your risk
“Over-Collection” of Data
- The Good- The Bad- The Ugly
DATA IS GOLD
Who collects and uses data for marketing?
Start Ups SOHO Fortune 500Mid TierSmall Tier
Everybody.
Politicians
EntertainmentGamingFinancial ServicesRetail
TechnologyInsurance
Travel
UniversitiesTelco ManufacturingAutomotiveConsumer
Goods
TelevisionHealth CareLaw Firms
Security Collections Government MORE!
Offline and online
– Name – Name variations– Addresses– Address Histories – Associates– Public Records
• DMV• Criminal & RSO• Voter• Real Property• Licenses• Bankruptcy, Tax Lien, Judgment• Deceased
MORE
– Purchase data
– IP Addresses
– Peer to Peer Transfers
– Social Networks
– Geo-Location
– Click Stream
– Browsing Behavior
– MORE ?????
Data Elements “in Play”
Data Elements “in Play” On and Offline – Anonymous and PII
• Contact Data– Name– Address– Email address– Phone– Cell phone
• Shopping behavior• Viewing Behavior (Digital TV) • Geo-Location (Mobile Device) • Place and Time • Browsing behavior• Click stream• Purchase behavior• Demographics• Sociographics• Life Stage
• Analytics and Segmentation• Cookies• Email behavior – click &
open • Social Network Data • # of Networks• # of Friends • Fan Pages• Blog Data• Preference data • Response data
• MORE
WHY….? ….because businesses want to know their customer
and customers want to be delighted, amused and protected
MarketingAcquisitionUp-sell /Cross-sellRetention
Risk Verification
AuthenticationFraud
Prevention
Identity
SOLVING BUSINESS ISSUES – CREATING CONSUMER VALUE
CUSTOMERS’ LIVES ARE CONSTANTLY CHANGING
Every hour of every day
5,769 people changed jobs
2,748 people moved
509 people were married
244 people got divorced
186 people declared bankruptcy
Channels Are Multiplying Rapidly
New Types of Data Exploding VolumeIncreasing Velocity
DMA’S GUIDELINES FOR ETHICAL BUSINESS PRACTICES
Article #32 – Personal Data“Marketers should be sensitive to the
issue of consumer privacy and should only collect, combine, rent, sell, exchange, or use marketing data. Marketing data should only be used for marketing purposes.”
COLLECTION LIMITATION PRINCIPLE
“There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject”
IDENTIFYING PURPOSES• Identify the purpose for which the personal
information is collected at, or before, the time of collection• Allows the organization to determine the
information it needs to collect to fulfill those purposes
• When collecting information, there is a tendency to collect more than what is needed “just in case” you need it at a later date
• Unless you have clearly indicated how that information will be used, you should not collect it
• Scrutinize the need for each piece of information you collect.
• If you don’t need it, don’t collect it.
OVER-ARCHING CONCERN… CONSUMER ATTITUDES
• Privacy is an emotionally charged issue – Being watched, monitored, taken advantage of
• Consumers feel like they are losing control
• Consumers don’t understand our information based economy– Information technology is part of our economic
infrastructure– Benefits are not fully understood by consumers or law
makers– Technology used often “unappreciated” by consumers
POLICYMAKERS’ ATTITUDES
• “When personal data collected by one organization for a stated purpose is used and traded by another organization for a completely unrelated purpose, individual rights could be seriously threatened.”
•102 Cong.Rec. 36893-4 (1974), quoted in Ash v. United States, 608 F.2d 178, 180 (5th Cir. 1980).
THE NEWS!
“…growing concern on Capitol Hill about the expanding business of tracking consumer behavior online.”
“…the analytical skill of data handlers…is transforming the Internet into a place where people are becoming anonymous in name only.”
“’the wall has been breached’ between what users share under their real identity online and what information they provide under the cover of anonymity.”
“Mr. Markey said he wasn't satisfied that "consumers are able to effectively shield their personal Internet habits and private information from the prying eyes of online data gatherers.”
“Eleven of the nation's largest website operators defended their privacy practices to lawmakers, saying it is impossible for them to monitor all the tracking technologies their sites install on visitors' computers.”
“…vast data gathering…used to discriminate in the services that companies offer customers or government agencies offer citizens.”
“…consumers who surf the Internet unintentionally surrender all kinds of personal information to marketing firms that use invisible tracking technology to monitor online activity”
MORE NEWS!
"Consumers still get the short end of the stick when industry shows that it is incapable, or unwilling, to better articulate what information they are collecting from consumers and why we should trust industry to protect consumers' personal information.”
"It is technically impossible for Yahoo! to be aware of all software or files that may be installed on a user's computer when they visit our site," Anne Toth, Yahoo's vice president of global policy and head of privacy, wrote to U.S. Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas).”
“…Stalkers Exploit Cell phone GPS “
“As WiFi Data Collection Revealed, New Investigation Begins”
GOOGLE STREET VIEW
- Premise is awesome and beneficial
- Collected personal information from unsecure WiFi networks
- “Probably the single greatest breach in the history of privacy”
- Numerous court cases and enforcement actions around the world
iPHONE LOCATION TRACKING
- Hidden file that stores latitude, longitude, and timestamps
- Post-hoc explanation did not do much to quell controversy
- Lawsuits, Congressional inquiries
COMSCORE ALLEGATIONS
-August 2011-Online tracking-Class action lawsuit-Alleged to have secretly collected SSNs, credit card #s, and passwords
TO DO’S- Have an effective Data Governance Plan
- Assess needs and purposes- The more you collect, the greater your fiduciary
duty- Don’t keep what you don’t need-Regularly monitor compliance
-Have an effective Security Incident Response Plan-Question of “when,” not “if”- Assess your technical, physical and
administrative vulnerabilities- Address them-Understand what your obligations are in the
event of a breach- Have it in writing and keep it up to date
Pending Legislation
• HR 611 §303• S. 799 §301