The new chairman of the US Federal Trade Commission took office with the Obama administration in January. However, Chairman Jon Leibowitz and many of his key deputies have been with the agency for years, so much of the work continues seamlessly. In a DMA/Email Experience Council webinar last week, Peder Magee, Esq., FTC Privacy and Theft attorney in the Bureau of Consumer Protection said, “The FTC is bipartisan and works on consensus. Typically things are done with unanimous vote. We’ve had a fair amount of consistency from where we’ve been.”
For now, that stance seems to suggest that the self regulation of the industry is working. Magee noted that some concepts “transcend the medium” when it comes to self regulation. “Transparency, prominent notice, use of personal data, and providing the ability to opt out easily” all are areas the FTC continues to watch.
Certification and feedback loop programs were noted by panelist Tom Bartel, CPO of Return Path, as an example of how the industry cooperates in order to make self regulation work. Especially for certification programs, “Email marketers put themselves forward voluntarily to be held to high standards,” Bartel says. “Including the things Peder listed about prominence. Once they are vouched for by the third party, the ISPs can make good decisions about what to do with email from those senders.
“Participation in these programs shows marketers are willing to go way past the law, and well past best practices,” Bartel says.
The FTC remains aggressive about prosecuting offenders under CAN-SPAM. Magee says, “CAN-SPAM and some of the filtering technologies have reduced the spam that consumers were getting a lot more of.” He notes that the agency also brings cases against phishing scams, often initiated through email. Webinar moderator and DMA VP of Government Affairs Jerry Cerasale noted, “The FTC is the most active regulatory body in this area. Opt-in laws in Europe have not resulted in as many cases as the FTC.”
Panelist Rick Buck, Director of Privacy/ISP Relations at eDialog said that the clarifications to CAN-SPAM released in the amended rules which took effect last July was of great benefit to the industry. “The new rules took all the confusion out of the sender definition and made marketers look at their practices,” he said. As a result of the ruling, marketers have updated their preference centers by adding choices, updated privacy policies and tested where to place the unsubscribe button in the message, he said. “The new rules have flexibility and clarity,” he added. “Definitely an improvement.”
The panelists discussed the clarification around “designated sender” in the rules, which governs who needs to use a suppression file for the mailing. “The sender must be an advertiser,” Cerasale said. “You can’t falsify the header, which still must apply to the initiator or list owner, but the opt-out must apply to the advertiser,” Bartel agreed.
1. Write it for consumers
2. Keep it short
3. Index it or give it headers so people can find what they want quickly
4. Audit the policy at least once a year (and have non-lawyers read it for clarity)
5. Link out to relevant sections of your policy to “contact us” features so readers with questions can get answers
6. Inform customers about policy changes, but be sure to do so before the changes go public and give people a chance to change preferences prior to launch
7. Highlight the policy throughout the site
Primarily, Dayman advises “Don’t think for the customer.” He urges marketers to never assume that subscribers or visitors will want new information or want you to share their information. “Give them control over their own information. When you do this, customers stay more loyal,” he says. Cerasale added, “There is an FTC report that says people don’t read privacy policies, but maybe that’s because we tend to hide them. Have them, update them and celebrate them!”
The FTC’s Magee commented on this issue of effective notice and consumer control, referencing the recent report (available on the FTC website) on behavioral advertising and targeting. “What we discussed in the report is that it’s increasingly seen that privacy policies are long and legal-speak, and the average consumer is not interested nor has the time or energy to shift through them.
Dayman agreed on this strategy of “firewalling” subscriber data in certain areas. “We’ve seen some clients actually start a new program, and re-opt folks into multiple files/policies,” he said.
Going forward, Magee and Cerasale discussed that while the FTC has no particular agenda item around email now, there may be some activity in Congress around both privacy, use of data and CAN SPAM protections. “There may be some bills proposed on the Hill in this Congress session,” Cerasale said. The DMA is working on guidelines for consumer data protection as well. The DMA will be vetting those with members and marketers over the next few months.
The DMA/eec has made the recording of the full webinar available for free for one week only. After May 14, it will be available for a fee. The download includes a list of privacy and regulatory websites, a list of anti-spam website that you can share with subscribers and a recommended action plan from the panelists. You can also share your questions and comments here, and we’ll try to get answers from the panelists to help you!