|
|
Potomac Crossings
--By George Mason
|
Federal Privacy Rules for the Net
The March 20th issue of BusinessWeek has a cover story that makes the case for federal regulations on Internet
privacy. Since the passage of such rules would affect timeshare marketing strategies and target list sources, it's
worthwhile to look at the BusinessWeek argument.
The promise of the Net is that it can remain free and universal. The reason it can remain free is that valuable
profile data gathered from users can help to target advertising, reduce marketing costs, test and prove more efficient
sales strategies and thus create higher profit margins. Two profit centers have developed from this advanced technology.
An e-company can use the data to make target marketing more efficient. It can also sell or trade data with other
sites.
Even greater technological steps are on the horizon. Software will soon be available to track a subject's movements
regardless of the source such as palm pilots, Web phones or playing online video games. One firm has the ability
to correlate a subject's Web site visits at work during the day with the ads he or she will see that evening on
TV.
Meantime, the public is getting annoyed about privacy issues. A Harris poll in cooperation with BusinessWeek included
questions about Internet tracking. The percent of respondents who finds the practice "not very comfortable"
and "not at all comfortable" are combined.
- Tracking movements on the browser but not attaching to a real identity - 63%
Merge browsing habits into a profile linked to a real identity - 89%
Create a specifically identified original profile including personal data - 95%
The combined score may be seen as a measure of the potential for corrosion of public trust. Also, such data
looks like a fertile field to politicians. In addition to commercial profiles, the very existence of such records
invites thoughts of subpoenas for civil law suits and anonymous investigations of anyone by any branch or level
of government.
At the moment, 20 states have passed some form of privacy legislation. According to BusinessWeek, this piecemeal
and scattered approach creates a consumer muddle. Self-regulation is not transparent. Posted policies are vague
and confusing. Worse, they only bind the one company. For example, a company shares its names, ages and e-mail
addresses with three associates. Each has a different privacy policy. Which one governs the consumer's data? No
data seller/trader can control how its partner uses the purchase.
The Four Part Federal Plan
The magazine proposes that Congress draft legislation with four major features. Some form of this legislation may
well be approved in this presidential year.
Display Your Practices. The first provision is that company privacy policies should
be mandatory, easy to find, and written in plain English. Data collected for one purpose shouldn't be used for
another without consent. The purpose of collecting the data should be stated and no more data than is needed for
that purpose should be obtained.
OPT-IN or OPT-OUT. For concerned consumers, there are three choices. They can buy software or join on-line
services that mask true identity. The profilers are at work but on a false personality. On the other hand, by reading
the site's policy statement consumers can determine if their data is automatically shared unless they object (OPT-OUT)
or is kept private unless permission has been granted (OPT-IN). They can then choose accordingly.
Personally Identifiable Information. There should be one common definition of what is and is not personally
identifiable information. All tracking techniques and the customer's options with each should be spelled out. Companies
should bind partners with whom they share data to the originating company's privacy policy.
Consumer Choice. There are no laws to stop sites from gathering personal information
and selling it to another. There is already action in the Senate to give consumers more say over what is collected
and how it can be used. One bill advocates a prominently display OPT-OUT check box. Another mandates an OPT-IN
box that must be checked before data can be retained. The latter choice is regarded by the industry as a sure-fire
way to reduce e-business by 40% if not kill it altogether. It would also raise the cost of incentives to attract
participants. It is likely that if a bill is produced it will favor OPT-OUT for most applications but OPT-IN for
sensitive information such as medical or financial records.
Consumers Control their own Data. Sensitive date relating to health and wealth, for example, should not
be available for any purpose without permission. Legislation at the moment is stalled because the Clinton administrations
draft bill allows access to the data for government researchers. The negative option strategy is good enough for
lesser purposes. Consumers should have the ability and the right to look at and correct sensitive information.
Web sites and their marketing allies should share the burden of double-checking a profile that is shared with another
company or combines data from more than one source. The data a Web site assembles is often a collection of bits
and pieces found in multiple databases. Consumers have the right to see and correct sensitive data relating to
health and wealth.
Play or Pay. There is precious little a lone customer can do to find out if the company's privacy statement
has been breached. It is even less likely that the customer can prove economic harm and thus create the basis for
a lawsuit. BusinessWeek concludes that rules don't enforce themselves and therefore the Federal Trade Commission
(FTC) should enforce and interpret a broad federal law with stiff financial penalties.
In the private sector, new software is being developed to allow consumers to set privacy preferences on their own
and receive an automatic notice if they wander onto a Web site with different policies.
In summation, the magazine says privacy breaches are so corrosive to consumer trust that broad national standards
should be welcome. The search for "the right level of government involvement" means a debate on how many
and how sharp will be the FTC's teeth. Stay tuned.
AIM E-mail Resolutions
A fair reading of the industry and its reaction to the privacy issue can be seen in the recently passed set of
resolutions from the Association for Interactive Media's Council for Responsible E-mail. AIM is a subsidiary of
the Direct Marketing Association.
Postponing the thorny issue of opt-out for third party e-mail lists, the AIM approved guidelines that call for
firms to voluntarily inform consumers about how their e-mail addresses will be used at the time of collection and
offering an opt-out choice. The guidelines state that marketers must not falsify the senders domain name, nor falsify
the subject line so as to mislead the consumer about the real contents of the e-mail message. The guidelines state
that the respondent must be informed when his or her e-mail address is collected, for what purpose the e-mail address
will be used and it prohibits the harvesting of e-mail addresses for the purpose of sending unsolicited commercial
e-mail without consumer's knowledge or consent.
When an industry fails to police itself, narrow state regulations clash with multi-state operators who want the
consistency of one Federal standard. And so, look for more regulations from Washington. Thank DoubleClick and 24/7
Media while you are at it.
####
| George Mason, 1725-92, was known as the Sage of Gunston Hall.
His Virginia declaration of rights, written in 1776, was the model for the first section of the Declaration of
Independence. A friend of Patrick Henry and Thomas Jefferson, Mason was an original drafter of the Constitution
and the first ten amendments to the Bill of Rights. He refused, however, to sign the final version of the Constitution
because he thought it did too little for individuals and, without the Bill of Rights, gave too much power to the
government.This column honors his memory. |
Back
to Inside Washington Archive || Current Inside Washington || Home
|
