The Codex of Business Writing Software for Real-World Solutions 2.pptx
May 2012 - Business Law & Order - Anthony Targan
1. If Privacy is None of Your Business,
You Could Soon Be Out of Business
Anthony Targan
Senior Corporate Counsel
ProQuest LLC
2. Overview
Disclaimer: Views presented are my personal opinions and do not
necessarily represent those of ProQuest LLC
Privacy laws and enforcement on the increase
White House: “Consumer Privacy Bill of Rights”
Federal Trade Commission
Internet businesses require global compliance
Privacy Policy requirements, domestic and abroad
Social Networking and User Generated Content
DMCA and EU safe harbor
3. Privacy: What’s the Big Deal?
Common Misperceptions…
Facebook Generation: Nothing is private, right?
Privacy Policy = “We won’t sell your personal info”
If you don’t like it, just unsubscribe or opt out
I’m in MI, so I only need to worry about US law
4. “Consumer Privacy Bill of Rights”
Consumers have the right to:
Control how personal data is used
Avoid having information collected in one context
and then used for an unrelated purpose
Have information held securely
Know who is accountable for the use or misuse of
an individual’s personal data
5. “Do Not Track”
Mechanism to give consumers more control over
the data that is being collected from them,
including for delivering behavioral advertising.
Digital Advertising Alliance, Google, Microsoft,
Yahoo, and Twitter have committed to develop
technology to handle Do Not Track signal.
Facebook?
6. Federal Trade Commission
Enforcement Authority by US FTC:
FTC regulates “deceptive” or “unfair” privacy practices.
Companies that adopt FTC's “best practices” subject
themselves to FTC enforcement for any lapses.
Authority to enforce Privacy Bill of Rights IF:
Congress passes accompanying legislation; or
Companies adopt voluntary codes of conduct
7. International Laws
Canada
European Union – Does not allow data transfer to
countries with inadequate privacy laws (US)
Italy – Google executives sentenced for failure to
remove video that showed bullying of autistic boy
by teenagers in Italy (2010)
Asia-Pacific Economic Cooperation (APEC)
US goal: global privacy policy equality to promote
international interoperability and consistency
8. Privacy Policy Essentials
What sites are covered? One size does not fit all
What is personally identifiable information?
YES: Full name, social security number, IP address,
phone number, birth date, residence address
NO: Business card information
What information do you collect?
How do you use or display information collected?
9. Privacy: Social Networking
User Generated Content
Connecting via Facebook
Contests and Surveys (including via Facebook)
Social Networking On-line Protection Act
Cookies
Children
10. Privacy Policy… “What Ifs”
Selling Out: What happens if you sell your
business?
Opting Out: How do people unsubscribe or
terminate their account? What happens to info?
Third Parties: Hosting company or service
providers may have different policies.
Security measures
Changes to the policy
11. Digital Millennium Copyright Act
DMCA safe harbor provisions protect websites
from liability for material posted by their users
Remove known infringing material
Comply with notice and take-down procedures
12. EU Safe Harbor Certification
Notice – Inform individuals how data is collected
and used
Choice – Ability to opt out of data collection and
transfer
Onward Transfer – Only to companies that follow
adequate data protection principles
Security -- Reasonable efforts to prevent data loss
13. EU Safe Harbor Certification…
Data integrity – Data must be relevant and reliable
for the purpose it was collected for.
Access – Individuals must be able to access
information held about them, and correct or delete
it if it is inaccurate
Enforcement – Effective means of enforcing rules,
including dispute resolution process (such as
Better Business Bureau)
http://www.whitehouse.gov/the-press-office/2012/02/23/fact-sheet-plan-protect-privacy-internet-age-adopting-consumer-privacy-bIndividual Control: Consumers have a right to exercise control over what personal data organizations collect from them and how they use it.Transparency: Consumers have a right to easily understandable information about privacy and security practices.Respect for Context: Consumers have a right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.Security: Consumers have a right to secure and responsible handling of personal data.Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate.Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
Consumer Privacy: Can the FTC Enforce a Voluntary Code of Conduct?http://www.readwriteweb.com/enterprise/2012/03/consumer-privacy-can-the-ftc-e.phpCompanies that commit to respecting Do Not Track will be subject to Federal Trade Commission (FTC) enforcement.
Canada: Personal Information Protection and Electronic Documents Act http://laws-lois.justice.gc.ca/PDF/P-8.6.pdfEuropean Commission http://ec.europa.eu/justice/data-protection/index_en.htmData Protection Directive (officially Directive 95/46/EC) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:NOTUnder European law, Internet service providers are not responsible for third-party content but are required to remove any content considered offensive if someone complains about it.APEC voluntary system of Cross Border Privacy Rules: http://www.apec.org/Groups/Committee-on-Trade-and-Investment/~/media/Files/Groups/ECSG/CBPR/CBPR-PoliciesRulesGuidelines.ashx
Myths and fallacies of “Personally identifiable information”http://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf
“If you connect to a Site via Facebook, we may collect certain information from your Facebook account, including your Facebook User ID, any Facebook posts, Facebook friends, the amount of activity (i.e., comments, likes) that may occur in response to posts, certain demographic information and other information to the extent that you elect to make it publicly available on Facebook.”
US-EU Safe-Harbor http://www.export.gov/safeharbor/.BBB EU SAFE HARBOR web site:www.bbb.org/us/safe-harbor-complaints
US-EU Safe-Harbor http://www.export.gov/safeharbor/.BBB EU SAFE HARBOR web site:www.bbb.org/us/safe-harbor-complaints