Did you know that unknowingly passing
personally identifiable information to a third-party source is considered identity theft? Marketing and ad executives got the lowdown on mitigating risk, protecting trade secrets, and protocols for
storing PII at the Southern California Venture Network ad event earlier this week.
Tiffany Kahnen, corporate attorney, put out a call to SCVN attendees to pay more attention to collected,
bought and stored data. Companies that buy data, for example, from "dirty sources" might have 500 names in a million that include credit card and social security information, but "passing that credit
card data to a third party is considered identity theft -- something that can get you in deep trouble with the FTC," she says. (See Kahnen's clarification in comments.)
To mitigate risk, Kahnen
offered some suggestions. For starters, take time to sort through the terabytes of data and strip away sensitive information that could unknowingly be sent to third-party companies.
The Federal
Trade Commission has begun to take action against those who misuse data, "lining up people left and right, and it's getting ugly out there," Kahnen says. Technology will require the advertising
industry to lock down data and find ways to mitigate risk, she adds.
The Massachusetts data privacy law now requires companies to write down what the company will do if there's a security
breech, how to handle it, and estimates on how far the breeches can extend, according to Kahnen. It also requires encryption and programs that enable companies to identify when breeches occur.
Aside from protecting customer data for behavioral targeting or retargeting platforms, lock up any trade secrets if suits get to court and judges need to make decisions based on company evidence.
Most ad executives have the ability to keep trade secrets a secret in some ways, but not in others. Kahnen defines "trade secret" as information, device, or compilation of ideas. The online
advertising industry, built on these trade secrets, relies on ingenuity and intellectual property -- things that cannot be patented, but offer the company a competitive edge.
Kahnen suggests
that small companies that don't have corporate formalities in place to protect themselves can discover that one lawsuit can easily penetrate through the business and into personal lives.
Putting
firewalls and password protection into place for Web sites, storage devices and mobile phones are the obvious tactics to protect intrusions, but what about protecting trade secrets? Sometimes data
sent out to third-party companies could contain confidential client information, similar to data lists bought from outside sources.
Always encrypt data sent out of the company. Unencrypted data
will destroy trade secret protection lawsuits because it says to the court the data wasn't worth protecting.
Kahnen also touched on electronic contracts. As more advertisers move to electronic
contracts, putting safeguards in place can save companies tons of money. Some hold weight in a court, but most times in litigation, they fall flat. For starters, clients must scroll through the
agreement to click the "I accept" or "I agree" button. Along with the "I Agree" button, add an "I do not accept" button that logs out the person from the Web site when clicked on.
Technologies
like ContractPal -- electronic signature software that's ESIGN-compliant -- can cost a mere $2.50 per contract, but can prevent headaches in the long run. Kahnen also suggests storing the IP address
when capturing the signature.
If there's a jurisdiction clause, have an initial box next to the provision before the person scrolls down to the "I agree" button. For companies that choose not to
use a digital signature, these features add validity to quick-wrap agreements built into the Web page that enable clients and consumers to scroll through and acknowledge an understanding of the terms
and conditions with a click.