Presentation is loading. Please wait.

Presentation is loading. Please wait.

Supporting your journey to online compliance. Stage One – Implied Consent 8 th May 2012.

Similar presentations


Presentation on theme: "Supporting your journey to online compliance. Stage One – Implied Consent 8 th May 2012."— Presentation transcript:

1 Supporting your journey to online compliance. Stage One – Implied Consent 8 th May 2012

2 Agenda Introductions Digital Governance, Starting with Cookies Background, Starting the journey Steps to stage one Ongoing Management – BAU Questions

3 Peter Gooch Director, Enterprise Risk Services Digital Governance: a holistic view to cookie compliance Compliance with the e-Privacy directive and cookie requirements is attracting significant attention due to the impending May deadlines for compliance. However, this is just one aspect of the digital landscape that organisations should be looking at. Identifying and creating inventories of digital assets, building a robust compliance process to support compliance with regulatory and good practice requirements, and being able to assessing the security of the websites are all key considerations. A high level overview of the work Deloitte are doing in the space and some of the benefits our clients achieved.

4

5 Lawrence Shaw CEO, Sitemorse Introducing the Sitemorse - Digital Governance Platform As the ‘first’ client of Sitemorse’s Digital Governance Platform, Cookie Reports offers a range of profiling, cookies assessment, auditing and reporting – supported by proven process to help organisations on their journey to privacy management and cookies compliance. A quick look at the new Governisation Platform.

6

7

8 Implied Consent – practical steps

9 Quick Introduction to Cookie Reports

10 About us Quick introduction to the business – where we are etc. Cookie Reports Ltd. UK owned and operated company Presence in FI, DK, DE, AT Our own unique IP and methodology No VC, bank or external funding UK member body partners include;

11 EU Vice-President Talking about the solution offered by Cookie Reports. Cookie Reports Ltd. "While it is not for me to endorse any particular tool or service, I applaud this overall development, which is bringing some genuine innovation " Neelie Kroes Vice-President of the European Commission

12 Our Clients Some of the great names it's been a pleasure to work with, from a single report to an Enterprise wide project. Cookie Reports Ltd. Most recently….

13 Journey…

14 COOKIES - your starting point on the journey to privacy compliance What's out there? 1 Assess the sites and the cookies contained within. 12 FIRST Response…. 2 Audit, review (clean up) publishing and consent. 3 Plan…. 3 What are you going to do to ensure privacy is at the heart of online operations? Privacy compliance

15 ICO – recent update “Implied consent is perfectly valid, especially as the definition of 'implied' carries weight in the UK law 1.Audit your sites 2.Offer clear and accurate information about your cookie landscape 3.Provide clear navigation to the detail A website needs to give clear and accurate detail of the cookies in use. If a visitor continues to use that site after being presented with the detail, their action of continuing to use that site can be seen as consent.

16 ICO – recent update “Implied consent is perfectly valid, especially as the definition of 'implied' carries weight in the UK law 1.Audit your sites 2.Offer clear and accurate information about your cookie landscape 3.Provide clear navigation to the detail A website needs to give clear and accurate detail of the cookies in use. If a visitor continues to use that site after being presented with the detail, their action of continuing to use that site can be seen as consent.

17 What's out there? A Sites and cookies Independent audit of each site for cookies. AB Publish B Provide clear navigation to the actual detail to a policy / ‘statement of intent’ C Communicaition C From clear icon, tweeting, news and direct marketing – let people know… FIRST Response ‘implied consent’ starting points Privacy compliance

18 What’s really online Probably the first through review of what sites / domains ever undertaken – commonly compliance led. Audit and assessment 1.What domains do we have? 2.What's on these domains? 1.Sites 2.Sub domains 3.Content 3.What suppliers do we have? 4.Of live sites, audit for cookies.

19 Domain Screen Review and reporting of up to 10,000 registered domains. NO CHARGE MAY 2012 as a thanks for your time today…..

20 Spring clean time? An ideal opportunity to take a look at what sites are doing what – and which cookies are actually in use. Policy publishing - Do we need all these sites anyway? 1.Turn off historic sites? 2.Engage legal, production of policy 1.‘Live’ sites - publish the detail 1.Clear navigation 2.Easy to understand 3.Cookies detail ‘your statement of intent’

21 Clear navigation – exactly that…

22 Policy Example – as clear as possible Too much confusion already Offer the visitor the detail they need to make an informed choice - transparency.

23 Policy Example – as clear as possible ABCD

24 Communicate – transparency, build trust Too much confusion already Embark on a communications plan – ensure your online visitors have complete transparency. 1.What about s? Please have a look at …. 2.Social Media things are changing, keep in touch 3.It’s not just about ensuring you don’t fall foul of the regulator…

25 Red lights or road blocks, what's going to hinder the journey? What's out there? Sites – typically we find 41% more than clients think they have. iii Supplier management After looking at what's out there, as important is who supplying, has access, when… iii Why it’s not really ‘inhouse’ Typically a manual audit will find only 22% of the cookies we will. And then there's the ongoing requirements… Privacy compliance What about the tick box – a bit of road block to user experience…???

26 Tick box - unnecessary exposure Only 3% of sites don’t have external services, utilize flash etc. No TICK – NO Cookies allowed, inappropriate for most sites today. Tick box – it’s probably a no for cookies 1.Device ‘v’ user – who has consented, 2.Disrupts journeys, 3.Limited reasons to tick anyway - highlights the detail very little is understood about, 4.Opens up a potential litigation risk on vast majority of sites, 5.Requires questionable and subjective classification of cookies (think marketing, brand and legal views!), 6.Ongoing management and maintenance support overheads, 7.Tracking of what and who gave consent, when

27 Summary 1.Audit and assessment 2.Policy / Statement of Intent 3.Communication Consider as the start of a journey to ensure transparency, and build trust across your brands. Importantly, clearly demonstrate efforts to comply and have accountable planning available to show on-going direction to compliance.

28 Ongoing management, making it Business as Usual

29 Business as Usual (BAU) After having put your cookie ‘house-in- order’ you will need a programme of essential ‘cookie housekeeping’. Regular monthly monitoring will alert you to any new cookies and report the changes.

30 Business as Usual (BAU)

31 Avaiable resources 1.Cookies Book 2.Sample policy 3.Implied consent paper 4.Complementary summaries 5.Common questions Follow-up later this week with links to all.

32 Questions…

33 My questions revolve around 3rd party banner advertising. I understand that we need the AdChoices kite mark on behaviourally targeted banner advertising. I also assume that we need to put the kite mark on any banner advertising that tracks the user to the brand's website - is this the case? What does that mean for tracking people to the site if they opt out of tracking? What does this mean for brands with pay per acquisition models? For instance if you're easy jet advertising on money supermarket.com how does this new tracking work?

34 1.With regards to implied consent, how much of this is guesswork, or bending the legislation to breaking point? 2.With regards to customers who are logged into an ‘account area’, how much of the underlying ‘account holder’ functionality is implied? For example, we might want to show personalised content based on previously viewed items, but this might be done at a database level instead of at a cookie level – if we let the customer know that by logging in a cookie will be used, would this be enough? 3.What is the latest with apps & consent (implied or otherwise)? 4.Regarding enforcement of the cookie law, in the first year of the law being in place what characteristics would a website in danger of prosecution have? 5.Question regarding non-implied consent; is there an industry-wide option that retailers can agree to use across the board? Everyone annoying the customers in the same way would be the best of a bad set of options!

35 1.How can you identify the source of cookies that are not clearly identified from software or found online? 1.What solutions are recommended for brands that span multiple sites? A separate cookie policy and solution for each site? Or are there common solution approaches that work across sites? 1.What on-going cookie management strategies are recommended?

36 Our Client - Barclays Enterprise wide project, ongoing. Across all six of the divisions of the business. Cookie Reports Ltd. “I engaged Cookie Reports to provide cookie and website audits for Barclays. The overall service provided was excellent, with turnaround times for reports that beat all expectations. I would not hesitate in recommending the products and services that Cookie Reports provide.” Top qualities: Great Results, Expert, On Time

37 CLOSE


Download ppt "Supporting your journey to online compliance. Stage One – Implied Consent 8 th May 2012."

Similar presentations


Ads by Google