Your Ignorance Of Privacy-Protected Information Causes Massive FTC Fines
Your Ignorance Of Privacy-Protected Information Causes Massive FTC Fines
You Don't Know What Information Is Privacy-Protected & What To Do About It! (Hint – Social Media And Mobile Apps Are Huge Traps For the Unwary!!)
By Chip Cooper, Esq
Background
You’re an online entrepreneur, or maybe you even view yourself as an “IM”, and Internet marketer – a special breed of cat that’s a subset of online entrepreneurs.
In either case, it doesn’t matter if you’re a veteran or a beginner. It doesn’t even matter if you work in a home office, or in a real, brick and mortar office. You know one important, overriding thing.
And that’s the value of your email marketing list. The holy grail of online marketing.
With a responsive email list, you can grow your business. You can market additional products, services, or information you might create in the future.
Or, you may market complimentary stuff of others – your JV partners.
You’ve known from day 1 that the single greatest asset of your growing online business is your email marketing list. That’s why you expend so much time and effort growing it.
What you probably don’t know is this – it’s what I call the “great paradox”. The fact that your most valuable asset is also your single greatest source of legal liability. Massive liability that could shut your business down in a single day.
This critical fact has been known by Internet attorneys like me for some time. But among online entrepreneurs and IM’s, not very much at all.
And this is a huge problem if you continue to focus solely on building your list – at the expense of caring for it and protecting yourself as you grow and use it.
Tip – You absolutely, positively need to pay more attention to protecting your email list and yourself. And that begins with understanding what information is privacy-protected!
How Privacy Regulation Began in the United States
Certain information is privacy-protected. It’s protected so much by the FTC that it’s almost viewed as sacred. And this is the basis for all legal regulations that affect your list. The best way to get a perspective on privacy-protected information is to understand how privacy regulation began in the United States.
It all started back in 2004 in California, not in the U.S. Congress. The California Online Privacy Protection Act (OPPA) became effective on July 1, 2004. OPPA requires website operators who collect online “personally identifiable information” from California residents to post a Privacy Policy on their websites.
So, at the time of the beginning of formal privacy protection in the U.S. privacy-protected information was limited to “personally identifiable information” which included:
- first name, last name,
- street address,
- email address,
- phone number, and
- social security number
In addition, privacy-protected information included other information if linked to any of the above elements of “personally identifiable information” such as:
- height
- weight
- occupation
- birth date
After OPPA went into effect, websites selling the products into the United States began to post Privacy Policies that were OPPA-compliant. This was the result for two basic reasons:
- it would have been difficult to screen out California residents with confidence, and
- who among Internet marketers and online entrepreneurs would want to screen out California residents anyway, since California is such a large market.
So, in essence, OPPA became a de facto federal statute of general application, meaning that it applied the general market, and was not restricted in application to specific markets.
There are federal statutes that protect privacy of specific information (as distinguished from statutes of general application such as OPPA. A few of these are :
- Health Insurance Portability and Accountability Act of 1996 (HIPAA) for patient health records,
- Gramm-Leach-Bliley Act (GLBA) for financial information,
- Children’s Online Privacy Protection Act (COPPA) for personal information of children under age 13, and,
- Fair Credit Reporting Act (FCRA) for data collected by consumer reporting agencies.
Note – To this day, however, California’s OPPA statute is the only privacy statute of general application in the U.S. The FTC regulates privacy under the general principles of Section 5 of the FTC Act. For more information regarding the FTC’s authority, see the Chapter titled “What Does This Mean to You”.
Social Media-Related Additions To Privacy-Protected Information
One big headache for Internet marketers and online entrepreneurs is that privacy-protected information is a moving target, meaning that it changes from time to time, as new technology leads to new privacy concerns.
Warning! – Because privacy-protection information is in a constant state of evolution, marketers must remain vigilant for new additions, or risk huge fines for non-compliance with ever-expanding privacy regulations.
For example, perceived abuses regarding social media caused the FTC to expand the scope of privacy-protected information.
On March 20, 2011, the FTC announced its proposed settlement regarding Google's social media online service known as “BUZZ”.
In the proposed settlement, the FTC added new categories of privacy-protected information, which include:
- Physical location data,
- screen names, and
- lists of contacts.
Tip – Beginning with the Google settlement on March 20, 2011, marketers must treat physical location data, screen names, and lists of contacts as privacy-protected information.
Mobile App-Related Privacy Rules
Both the State of California and the FTC have moved to regulate the booming market for mobile phone applications known as “apps”.
Privacy concerns were heightened as a result of several incidents involving mobile phones, including:
- a blogger discovered that a social network app had uploaded his mobile phone contacts without permission,
- a photo sharing app also was found to upload user’s contact without permission, and
- Twitter acknowledged uploading users’ contacts from mobile phones without permission.
On February 22, 2012, the California Attorney General announced that the California Online Privacy Protection Act (OPPA) applies not only to protected information collected through websites, but also via apps on mobile devices.
The result: mobile apps that collect privacy-protected information, including physical location data, from California residents should have a Privacy Policy just as websites do.
Shortly thereafter in August, 2012, the FTC jumped on the mobile app privacy bandwagon by announcing in its report titled “Marketing Your Mobile App – Get it Right From The Start” that, among other requirements, mobile app publishers should:
- get express, affirmative consent before collecting sensitive data such as “geo-location”, medical, or financial data, and
- obtain verified parental consent before collecting personal information from children under 13 (U-13’s).
Tip – Social media and mobile apps are just the latest developments that trigger new privacy regulations. New regulations will be coming down the pike at an increasing rate. Keep up and comply with them, or suffer huge headaches and massive fines!
What to Do About Your Collection And Use of Protected Information
Once you know what information is privacy-protected, it’s critical that you know what to do about it in terms of disclosures in your Privacy Policy.
In general terms, your Privacy Policy, regardless of whether it is posted on your website or via your mobile app, should disclose the following:
- the dates that the Privacy Policy takes effect,
- the categories of privacy-protection information collected,
- how privacy-protected information is collected,
- how users may change privacy-protected information,
- the process for notification regarding changes to the Privacy Policy, and
- how privacy-protected information is shared or made accessible to others, particularly for marketing purposes.
Here’s How To Make Sure You, Your Business & Website Is FTC Compliant
By now it should be clear how important it is for you to be FTC compliant. But how can you do that without spending $7,500-$8,000 or more on Internet Attorneys?
Smart business owners around the world are doing it with the help of FTC Guardian.
FTC Guardian is a service that is 100% focused on helping to keep you get and stay FTC compliant and fully protected. And right now, we are offering a free training to give you the knowledge, information, and guidance that you need to stay out of trouble with the Federal Trade Commission.
Free Compliance Workshop: Join Chip Cooper, Esq., the #1 FTC Compliance trainer in the World, for a one-of-kind, completely free online compliance workshop. Workshops fill up quickly, so register now.
Here are some of the things you’ll discover on the training:
- Real-Life Examples of People Who Didn’t Think They Were At Risk, But Who Got Nailed By The FTC, And Why It Could Happen To You, Too
- The 3 Enormous Powers The FTC Has That Can Change Your Life – And Your Family’s Life – Forever!
- How to Avoid FTC Claims When Collecting Leads With Optin Forms
- 3 Privacy Policy Mistakes Every Digital Marketer Is Making, And Why You’re In The FTC Crosshairs.
- And Much More…
Remember: legal protection is a massively important part of your business, and it’s one you cannot afford to ignore any longer.
Go here to register for our next FREE training and make your business is FTC compliant today!
Disclaimer: This article is provided for informational purposes only. It’s not legal advice, and no attorney-client relationship is created. Neither the author nor FTC Guardian, Inc. is endorsed by the Federal Trade Commission.