The terms of the FTC’s enforcement actions apply only to the companies involved, and the settlement with social network Myspace over alleged privacy-related issues is no exception. But how should other companies respond?
Some people will scan the headlines to make sure their company isn’t named and then do that covering their ears thing. But savvy executives know that understanding what might be going wrong at another company is a great way to put their own company on the right track. What advice can your business gain from the FTC’s settlement with Myspace and other recent privacy cases?
Guarantee Policy. You may be tired of hearing this, but it bears repeating: review your privacy policy, and double-check that your promises (express or implied) align with your day-to-day practices. As with any other claim, what you say about how you process information must be true and supported by solid evidence. The FTC’s lawsuit alleges that Myspace’s policies did not live up to the guarantees it made. Sure, have your legal experts review it, but include your operations staff in the conversation. They are more likely to know what is really going on behind the scenes. In short, only promise what you know the facts are delivering.
Default line. Myspace’s default setting allows public access to a user’s full name. Of course, every website is different, but think carefully about your presets. Don’t make these decisions by default. If people can choose which messages are shared, make it easy for them to understand how and where to exercise their choices.
Everything but kitchen sync? According to the FTC complaint, Myspace enabled ad networks to match or synchronize a user’s friend IDs with other data, giving them access to a user’s personal information, including in many cases his or her full name. The FTC said this violated Myspace’s commitments in its privacy policy. Smart companies will consider how easily others can synchronize information, making their privacy promises misleading. (FTC technology expert Ed Felten discusses this more on his Tech@FTC blog.)
Can I order something for you? Once a company is ordered by the FTC, compliance becomes legally binding. But many of the provisions in the recent order make good business sense and cost next to nothing to implement. For example, the Myspace directive requires companies to designate someone responsible for implementing and enforcing mandatory privacy programs. Of course, data security and privacy are the responsibility of every employee. But now that you’ve built them into your day-to-day operations, does it make sense for businesses of all sizes to appoint an in-house leader to coordinate these efforts?
from Tech Empire Solutions https://techempiresolutions.com/why-the-ftcs-myspace-case-matters-for-your-business-part-3/
via https://techempiresolutions.com/
No comments:
Post a Comment