American Marketer


Privacy compliance is critical

January 11, 2011

Richard B. Newman


By Richard B. Newman

As online and mobile marketing turn the page on 2010, one thing is clear: privacy and security are center-stage.

Up front and center is the potential regulation of Internet privacy. While the Federal Trade Commission may have believed that self-regulation of privacy on the Internet was a feasible approach more than a decade ago, it now appears to be moving in the direction of abandoning that approach in favor of specific regulation.

Such an approach would be premature and overkill.


Despite the FTC's recent stance, Congress has shown little capability in the past to regulate online privacy and no clear agreement or framework has emerged regarding the scope or feasibility of proposed legislation.

The year 2010 has also revealed that the United States seems to be mirroring digital marketing privacy standards that current exist in the European Union.

There is currently no general privacy law in the U.S. In contrast, the European Union has a single law addressing privacy for all personal information across all industry segments.

Now, it appears that the EU will be undertaking substantial revisions to its general EU Privacy Directive – revisions which focus on transparency and accountability.

For domestic businesses that operate internationally, directly or indirectly, significant legal considerations exist regarding how best to comply with country-specific requirements.

It is no coincidence that the privacy debate has intensified along with the continued emergence of social media and the countless other forms of communication, including mobile telecommunications.

The maturity of social media, mobile marketing and online marketing is spawning consumer privacy concerns at an alarming rate.

Risk management considerations should include a hard look at how best to create a culture of legal compliance, including assessing marketing strategies and fostering consumer confidence.

OTC over FTC

The FTC clearly intends to remain the most active federal agency with regard to privacy and data security. However, the FTC's future role is somewhat uncertain.

On one hand, some of the FTC's enforcement functions have been "passed-around." On the other, the FTC is clearly seeking to broaden its regulatory authority.

The passage of legislation that effectively preempts state and federal privacy laws appears, at least objectively, unlikely. Regardless, this area of law is becoming increasingly more complicated and difficult to interpret.

As media and technology-based marketing companies, as well as upscale marketers, move forward into 2011, an evaluation should be made pertaining to compliance with current marketing rules and regulations, including the nature of consumer information collected (including "sensitive data"), how it is handled, under what circumstances and to whom it is disclosed, and current mitigation processes in the event of a privacy or security breach.

Clearly, online and mobile marketers must be keenly aware of evolving legal compliance requirements.

The best way to ward off prescriptive legislation is to implement an aggressive and meaningful self-regulatory approach.

Richard B. Newman is managing partner at Hinch Newman LLP, San Diego. Reach him at