Download presentation
Presentation is loading. Please wait.
Published byEdward Carson Modified over 9 years ago
1
LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young Partner Bingham McCutchen LLP
2
2 A. Some “Starting” Questions 1.We know well which specific privacy and data protections laws apply to our particular industry sectors. But many companies select privacy policies and data protection standards that go beyond the minimum applicable legal requirements. For some companies, such decisions are made to simplify global compliance - they choose to "comply up" with laws affecting subsidiaries in other countries with more stringent privacy laws than in the U.S. But for some other companies, such decisions are made for corporate strategy reasons. Can we discuss the process of how companies select best practices to be incorporated into their privacy policies? Conversely, other companies decide to adopt privacy policies and other disclosures which only reflect the applicable legal minimums, yet may internally adopt tougher standards. Can we discuss the thinking that goes into such strategies?
3
3 A. Some “Starting” Questions (cont.) 2.Once a Privacy Policy is established, what measures do companies need to take to ensure that the company's actual practices conform with its Privacy Policy standards? How should privacy and data protection compliance be monitored and audited? What are some of the most successful compliance techniques?
4
4 A. Some “Starting” Questions (cont.) 3.Privacy folks and Marketing folks can frequently be at odds. What are some best practices for ensuring that the two worlds work well with each other? What if an adopted privacy standard is not working for a company? What are some of the best practices for revising and updating privacy and data protection standards?
5
5 B. Discussion of Some Particular Areas for Best Practices 4.By now, all of us have gone through dozens of security breach drills. What are some of the best practices for responding to security breach situations? Discuss some particular things that companies are doing to strengthen their information security programs.
6
6 B. Discussion of Some Particular Areas for Best Practices (cont.) 5.A huge area for improving information security at a company is tied to its process for handling, retaining and disposing of data. What are some of the best practices for ensuring that a company is collecting the appropriate type of data, retaining that data only for as long as necessary, developing sound policies regarding which data must be retained for longer periods, and disposing of data?
7
7 B. Discussion of Some Particular Areas for Best Practices (cont.) 6. In any compliance program, the training of employees is a key pillar. Different categories of employees require different levels of training. How does a company develop a layered training program for its employees? What are some of the most successful formats for training? How does a company instill the often-touted "culture of compliance"?
8
8 B. Discussion of Some Particular Areas for Best Practices (cont.) 7.Successful vendor management remains a challenging area for privacy and data protection compliance programs. Sharing nonpublic personal information with business partners and service providers is often a necessary evil. What are the key elements of a due diligence program for selecting a third party business partner or service provider? In structuring a business relationship with such third parties, what are some of the issues considered? What are some of the best contractual standards to obtain? What about best practices for ongoing monitoring of business partners and service providers?
9
9 C. Some Special Areas of Concern 8.There was a time when many companies briefly disclosed in their privacy policies that they track a customer's online activities for the purpose of directing information to them regarding “promotions, materials, products and services” that may be of interest. These days, the scope of tracking the online behavior of users has become a hot issue with consumer groups and legislators. What factors should a company consider in developing its practices for online tracking? What are some best practices for selecting technologies and controlling use of the data collected? What is the appropriate extent of disclosures that should be made regarding a company’s “harvesting” of data about a consumer’s online behavior?
10
10 C. Some Special Areas of Concern (cont.) 9.We have been following the burning debates over the growth of social networking sites, including issues related to COPPA compliance, predatory stalking of minors, etc. In the Internet world, a lot of lip-service is paid to protecting evolving "communities." But in the corporate world, blogs, user reviews, chat rooms and other functions on the company website are offered to further product sales and marketing strategies. What are some best practices for structuring and monitoring corporate blogs? How different are the issues surrounding corporate blogs from the issues surrounding social networks?
11
11 C. Some Special Areas of Concern (cont.) 10. We know that one of CAN-SPAM's goals was to facilitate a consumer's ability to clearly identify emails that are commercial in nature. The FTC's Request for Comments in implementing the CAN- SPAM regulations suggested that the FTC may consider formalizing an exception for "Refer a Friend" programs within limited circumstances. However, many companies today are using "Refer a Friend" programs to promote extensive marketing campaigns. What are the best practices that a company should follow in offering and promoting the "Refer a Friend" function?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.