Thursday, December 09, 2010

FTC’s Proposed Privacy Framework

FTC’s proposed a framework to protect the privacy of consumers. Part of this framework is a “Do Not Track” option that has raised a lot of questions among the web analytics and advertising community. Well since this is just a proposal at this stage nobody knows how it will finally pan out. At this point FTC has published the report to seek public comments. The report that FTC has put together is 122 pages long. I have extracted some important point from that report in case you don’t have the time to read the full report.

The basic building blocks of this framework are:

  • Scope: The framework applies to all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer, or other device.

    Note: This is not limited only those who collect PII data, if you collect any information about a consumer then this applies to you. However commission is seeking input on how to determine
    “reasonably linked to a specific consumer…”
  • Privacy by Design: Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services.
    • Companies should incorporate substantive privacy protections into their
      practices, such as data security, reasonable collection limits, sound
      retention practices, and data accuracy.
    • Companies should maintain comprehensive data management procedures
      throughout the life cycle of their products and services.

      Note: You might need to assign a person to oversee that privacy of data is built into your products/services/process etc. Think, “Chief Privacy officer”.
      • Ensure physical data protection
      • Do not collect what is not required
      • Do not retain data for longer than it is required
      • Ensure accuracy of the data so that you do not harm someone because of the inaccurate data
  • Simplified Choice: Consumers face considerable burdens in understanding lengthy privacy policies and effectively exercising any available choices based on those policies. Under proposed framework, companies should simplify consumer choice.

    • Companies do not need to provide choice before collecting and using consumers’ data for commonly accepted practices, such as product fulfillment.
      This also includes tracking for improving the sites (Web Analytics), fraud protections, legal compliance and first party marketing.
    • For practices requiring choice, companies should offer the choice at a time and in a context in which the consumer is making a decision about his or her data.
  • Greater Transparency: Companies should increase the transparency of their data practices.
    • Privacy notices should be clearer, shorter, and more standardized, to enable better comprehension and comparison of privacy practices.
    • Companies should provide consumers with reasonable access to data about themselves; the extent of access should depend on the sensitivity of the data and the nature of its use.
    • Companies must provide prominent disclosures and obtain affirmative express consent before using consumer data in a materially different manner than claimed when the data was collected.
    • All stakeholders should work to educate consumers about commercial data privacy practices.
Feel free to leave a comment if I missed anything. You can read the full report at http://ftc.gov/os/2010/12/101201privacyreport.pdf.

Read my other articles on Privacy

----------------------------------------------------------------------------------------------------
Open Web Analytics and Online Marketing Jobs

No comments:

Post a Comment

I would like to hear your comments and questions.