Home  › Email › Email Marketing

FTC Regulations and Email Marketing

  |  April 11, 2012   |  Comments

What can email marketers learn from the FTC's final privacy report?

Last week, the United States Federal Trade Commission (FTC), the nation's chief privacy policy and enforcement agency for 40 years, issued its final and long-awaited industry privacy report. The report also notes that the FTC received over 450 comments on the staff's preliminary recommendations. Based on technological advances and industry developments since the December 2010 staff report and in response to the comments, the report refines the guidance for when companies should provide consumers with choice about how their data is used. While Congress considers privacy legislation, the Commission also urges individual companies and self-regulatory bodies to accelerate the adoption of the principles contained in the privacy framework. What was exciting was the report's clear acknowledgement of how the industry self-regulatory models are working and its wishes to continue that. "We are confident that we as an industry can continue the self-regulatory efforts without legislation and the FTC agrees in their report."

It also said that:

  • The FTC would be vigilant in enforcing self-regulatory codes of conduct among companies in the area of data privacy.
  • A company's failure to live up to a voluntary code of conduct would act as a scarlet letter in an FTC enforcement action, which we've already seen heavily in the last year.
  • The FTC is interested in developing sector-specific codes of conduct, meaning tackling specific issues with specific regulations vs. umbrella regulations.

Also, over the course of the next year, the Commission staff will work to encourage consumer privacy protections by focusing on five main action items:

  • Do-Not-Track. The Commission did commend the progress made in this area: browser vendors have developed tools to allow consumers to limit data collection about them, the Digital Advertising Alliance has developed its own icon-based system and also committed to honor the browser tools, and the World Wide Web Consortium standards-setting body is developing standards.
  • Mobile. The FTC urges companies offering mobile services to work toward improved privacy protections, including "short" and meaningful disclosures. To that end, it will host a workshop on May 30, 2012 to address how mobile privacy disclosures can be short, effective, and accessible to consumers on small screens. If you haven't seen TRUSTe's mobile-optimized privacy notice, I suggest you check it out here.
  • Data brokers. The Commission calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data. In addition, the website should detail the choices that data brokers provide consumers about their own information.
  • Large platform providers. The report cited heightened privacy concerns about the extent to which platforms, such as Internet service providers (ISPs), operating systems, browsers, and social media companies seek to comprehensively track consumers' online activities. The FTC will host a public workshop in the second half of 2012 to explore issues related to comprehensive tracking.
  • Promoting enforceable self-regulatory codes. And again, the FTC will work with the Department of Commerce and stakeholders to develop industry-specific codes of conduct. To the extent that strong privacy codes are developed, when companies adhere to these codes, the FTC will take that into account in its law enforcement efforts. If companies do not honor the codes they sign up for, they could be subject to FTC enforcement actions.

The final report also calls on companies handling consumer data to implement recommendations for protecting privacy, including:

  • Companies should build in consumers' privacy protections and data management procedures at every stage in developing their products using Privacy by Design, which is a wonderful concept, invented and championed by Ontario Privacy Commissioner Ann Cavoukian. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy.
  • Simplifying consumer choice, which simply could mean being more upfront about their choices for communications and also preference centers.
  • Companies should provide reasonable access to the consumer data they maintain; the extent of access should be proportionate to the sensitivity of the data and the nature of its use.
  • Incorporating substantive privacy protections into their practices, such as data security, reasonable collection limits, sound retention and disposal practices, and data accuracy.
  • Companies do not need to provide choice before collecting and using consumer data for practices that are consistent with the context of the transaction or the company's relationship with the consumer, or are required or specifically authorized by law.
  • Increasing the transparency of their data practices.
  • Privacy notices should be clearer, shorter, and more standardized to enable better comprehension and comparison of privacy practices.
  • All stakeholders should expand their efforts to educate consumers about commercial data privacy practices.

Hopefully you can see that this is not a regulation or enforceable framework, but does apply to all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer, or device, unless the entity collects only non-sensitive data from fewer than 5,000 consumers per year and does not share the data with third parties. For many of you this will apply and you should already being doing a lot of this because of best common practices you've learned over the years when it comes to digital marketing through channels like email.


Dennis Dayman

Dennis Dayman has more than 17 years of experience combating spam, security issues, and improving e-mail delivery through industry policy, ISP relations, and technical solutions. As Eloqua's chief privacy and security officer, Dayman leverages his experience and industry connections to help Eloqua's customers maximize their delivery rates and compliance. Previously, Dayman worked for StrongMail Systems as director of deliverability, privacy, and standards, served in the Internet Security and Legal compliance division for Verizon Online, as a senior consultant at Mail Abuse Prevention Systems (MAPS), and started his career as director of policy and legal external affairs for Southwestern Bell Global, now AT&T. As a longstanding member of several boards within the messaging industry, including serving on the Board of Directors and the Sender SIG for the Messaging Anti-Abuse Working Group (MAAWG), Secretary/Treasurer for Coalition Against Unsolicited Commercial Email (CAUCE), Certified Information Privacy Professional (CIPP) Advisory Board, Dayman is actively involved in creating current Internet and telephony regulations, privacy policies, and anti-spam legislation laws for state and federal governments.

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Email newsletters delivered right to your inbox. Subscribe today!



Featured White Papers

2015 Holiday Email Guide

2015 Holiday Email Guide
The holidays are just around the corner. Download this whitepaper to find out how to create successful holiday email campaigns that drive engagement and revenue.

Three Ways to Make Your Big Data More Valuable

Three Ways to Make Your Big Data More Valuable
Big data holds a lot of promise for marketers, but are marketers ready to make the most of it to drive better business decisions and improve ROI? This study looks at the hidden challenges modern marketers face when trying to put big data to use.