Is More Data Always Better? The Legal Risks of Data Collection, Storage and Use in Marketing


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Is More Data Always Better? The Legal Risks of Data Collection, Storage and Use in Marketing

  1. 1.
  2. 2. Is More Data Always Better? The Legal Risks of Data Collection, Storage and Use in Marketing<br />Jordan Abbott<br />Acxiom Compliance Counsel <br />
  3. 3. WHO, WHAT, WHY, and HOW?<br /><ul><li>Who is collecting the data?
  4. 4. What are they collecting?
  5. 5. Why are they collecting it?
  6. 6. What principles (if any), govern the collection of data?
  7. 7. Advocates’ attitudes
  8. 8. Court cases
  9. 9. What to do to minimize your risk.</li></li></ul><li>
  10. 10. “Over-Collection” of Data<br /><ul><li>The Good</li></ul>- The Bad<br /><ul><li>The Ugly</li></li></ul><li>Datais Gold<br />
  11. 11. Who Collects and uses data for “marketing”?<br />Everybody…<br />Start Ups<br />SOHO<br />Fortune 500<br />Mid Tier<br />Small Tier<br />Entertainment<br />Gaming<br />Financial Svc<br />Retail<br />Travel <br />Technology<br />Insurance<br />Television<br />Health Care<br />Law Firms<br />Consumer Goods<br />Universities<br />Telco<br />Manufacturing<br />Automotive<br />Politicians <br />Security<br />Collections<br />Government<br />MORE!<br />
  12. 12. Data Elements “in Play” <br />On and Offline<br /><ul><li>Name
  13. 13. Name variations
  14. 14. Addresses
  15. 15. Address Histories
  16. 16. Associates
  17. 17. Public Records
  18. 18. DMV
  19. 19. Criminal & RSO
  20. 20. Voter
  21. 21. Real Property
  22. 22. Licenses
  23. 23. Bankruptcy, Tax Lien, Judgment
  24. 24. Deceased</li></ul>MORE<br /><ul><li>Marketing data?
  25. 25. Purchase data?
  26. 26. IP Addresses?
  27. 27. Peer to Peer Transfers?
  28. 28. Social Network?
  29. 29. Geo-Location?
  30. 30. Click Stream?
  31. 31. Browsing Behavior?
  32. 32. MORE ?????</li></li></ul><li>Data Elements “in Play” <br />On and Offline – Anonymous and PII<br /><ul><li>Contact Data
  33. 33. Name
  34. 34. Address
  35. 35. Email address
  36. 36. Phone
  37. 37. Cell phone
  38. 38. Shopping behavior
  39. 39. Viewing Behavior (Digital TV)
  40. 40. Geo-Location (Mobile Device)
  41. 41. Place and Time
  42. 42. Browsing behavior
  43. 43. Click stream
  44. 44. Purchase behavior
  45. 45. Demographics
  46. 46. Sociographics
  47. 47. Life Stage
  48. 48. Analytics and Segmentation
  49. 49. Spotlights
  50. 50. Footlights
  51. 51. Cookies
  52. 52. Email behavior – click & open
  53. 53. Social Network Data
  54. 54. # of Networks
  55. 55. # of Friends
  56. 56. Fan Pages
  57. 57. Blog Data
  58. 58. Preference data
  59. 59. Response data
  60. 60. MORE</li></li></ul><li>WHY….? <br />….because businesses want to know their customer <br />and customers want to be delighted, amused and protected<br />
  61. 61. Marketing<br />Acquisition<br />Up-sell /Cross-sell<br />Retention<br />Risk<br />Fraud <br />Authentication<br />Verification<br />Identity<br />Solving Business issues – Creating Consumer Value <br />
  62. 62. Customers’ Lives Are Constantly Changing<br />Every hour of every day<br />5,769 people changed jobs<br />2,748 people moved<br />509 people were married<br />244 people got divorced<br />186 people declared bankruptcy<br />These people are your customers<br />
  63. 63. Channels Are Multiplying Rapidly<br />New Types of Data <br />Exploding Volume<br />Escalating Velocity<br />
  64. 64. Over-Arching Concern… Consumer Attitudes<br /><ul><li>Privacy is an emotionally charged issue
  65. 65. Being watched, monitored, taken advantage of
  66. 66. Consumers feel like they are losing “control”
  67. 67. Consumers don’t understand our information based economy
  68. 68. Information technology is part of our economic infrastructure
  69. 69. Benefits are not fully understood by consumers or law makers
  70. 70. Technology used often confuses consumer</li></li></ul><li>Policymakers’ Attitudes<br />“When personal data collected by one organization for a stated purpose is used and traded by another organization for a completely unrelated purpose, individual rights could be seriously threatened.”<br />102 Cong.Rec. 36893-4 (1974), quoted in Ash v. United States, 608 F.2d 178, 180(5th Cir. 1980).<br />
  71. 71. The News! <br />“…vast data gathering…used to discriminate in the services that companies offer customers or government agencies offer citizens.”<br />“Eleven of the nation's largest website operators defended their privacy practices to lawmakers, saying it is impossible for them to monitor all the tracking technologies their sites install on visitors' computers.”<br />“…growing concern on Capitol Hill about the expanding business of tracking consumer behavior online.”<br /> “’the wall has been breached’ between what users share under their real identity online and what information they provide under the cover of anonymity.” <br />“…the analytical skill of data handlers…is transforming the Internet into a place where people are becoming anonymous in name only.” <br />“Mr. Markey said he wasn't satisfied that "consumers are able to effectively shield their personal Internet habits and private information from the prying eyes of online data gatherers.”<br />
  72. 72. More News! <br />“As WiFi Data Collection Revealed, New Investigation Begins”<br />“…consumers who surf the Internet unintentionally surrender all kinds of personal information to marketing firms that use invisible tracking technology to monitor online activity”<br />“…Stalkers Exploit Cell phone GPS “<br />"Consumers still get the short end of the stick when industry shows that it is incapable, or unwilling, to better articulate what information they are collecting from consumers and why we should trust industry to protect consumers' personal information.”<br />"It is technically impossible for Yahoo! to be aware of all software or files that may be installed on a user's computer when they visit our site," Anne Toth, Yahoo's vice president of global policy and head of privacy, wrote to U.S. Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas).”<br />
  73. 73. Apps <br />Collecting even “private” data, little governance, little enforcement…lots of secondary commercialization<br />Device Fingerprint<br />Placefulness<br />Captures device data points, formulates “fingerprint,” spoofable, not “categorized” as pii…yet used that way <br />You are known and treated in place and time via the cloud<br />Surveillance Society... <br />The Internet of Things… <br />Multiply in order of magnitude<br />Precise GeoLocation<br />Multiplied by time; checking in <br />eHealth & HITECH<br />HTML5 <br />Relies on the Cloud, devices monitor, report back<br />Offers even more tracking & collection, utilizes the Cloud<br />Sniffers and Listeners<br />Meters<br />Rides the pipes, capturing and closing the loop on every data point including digital dust and digital exhaust of digital device<br />Sits on networks, watches traffic, sniffs out brand and…”listens”<br />
  74. 74. Google Street view<br />- Premise is awesome and beneficial<br />- Collected personal information from unsecure WiFi networks<br />- “Probably the single greatest breach in the history of privacy”<br />- Numerous court cases and enforcement actions around the world<br />
  75. 75. iPhone location tracking <br />- Hidden file that stores latitude, longitude, and timestamps<br />- Post-hoc explanation did not do much to quell controversy<br />- Lawsuits, Congressional inquiries<br />
  76. 76. comScore ALLEGATIONs<br /><ul><li>August 2011
  77. 77. Online tracking
  78. 78. Class action lawsuit
  79. 79. Alleged to have secretly collected SSNs, credit card #s, and passwords</li></li></ul><li>DMA’s Guidelines for ethical Business practices<br />Article #32 – Personal Data<br />“Marketers should be sensitive to the issue of consumer privacy and should only collect, combine, rent, sell, exchange, or use marketing data. Marketing data should only be used for marketing purposes.”<br />
  80. 80. Collection Limitation Principle<br />“There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject”<br />
  81. 81. Identifying Purposes<br />Identify the purpose for which the personal information is collected at, or before, the time of collection<br /><ul><li>Allows the organization to determine the information it needs to collect to fulfill those purposes</li></ul>When collecting information, there is a tendency to collect more than what is needed “just in case” you need it at a later date<br />Unless you have clearly indicated how that information will be used, you should not collect it<br />Scrutinize the need for each piece of information you collect.<br />If you don’t need it, don’t collect it. <br />
  82. 82. To do’s<br /><ul><li>Have an effective Data Governance Plan</li></ul> - Assess needs and purposes<br /> - The more you collect, the greater your fiduciary duty <br /> - Don’t keep what you don’t need<br /> -Regularly monitor compliance<br />-Have an effective Security Incident Response Plan<br /> -Question of “when,” not “if”<br /> - Assess your technical, physical and administrative vulnerabilities<br /> - Address them<br /> -Understand what your obligations are in the event of a breach<br /> - Have it in writing and keep it up to date <br />
  83. 83. Pending Legislation<br />HR 611 §303<br />S. 799 §301<br />
  84. 84. Contact Info<br />Jordan Abbott<br />(501) 342-0356<br /><br />