<< Return

A LIttle Privacy, Please - 9/24/2013 -

Here’s how to ensure that your association is transparent in communicating how it gathers, protects, and stores data from online users.

By Apryl Motley, CAE

If you thought copyright was the most complicated kid on the block, look out. Here comes privacy. As organizations become increasingly reliant on electronic collection of data through their websites, more concerns about privacy are being raised.

Like many association media and publishing professionals, Cindy Stevens, senior director, publications at the Consumer Electronics Association, is concerned about the potential for "subscriber information being overused.”

Stevens served as a content leader for a session at the Association Media & Publishing annual meeting ("Privacy and Data Protection: Are You at Risk?) that addressed this concern and other privacy issues.

Marc M. Groman, executive director and general counsel for the Network Advertising Initiative, also served as a content leader. NAI is a coalition of online advertising companies working to build consumer awareness and reinforce responsible business and data management practices and standards.

Peter Black, senior vice president, business development, BPA Worldwide, moderated the session. From Black’s perspective, "the biggest concern is the possibility of data breach of audited publications.”

Given that, according to Groman, there are more than 40 different state laws dealing with data breach, it’s critical that associations develop privacy policies that carefully address the different nuances surrounding the collection and third-party use of member and/or subscriber data.

At CEA, Stevens said, "The legal and information technology [departments] work together to develop and maintain our privacy policy” with the legal department bearing the responsibility of monitoring and enforcing compliance with the policy.”

But is having a policy enough? Do staff members at your association understand your privacy policy? How well do you communicate to the policy to members and other users of your website? For instance, Stevens noted that the privacy policy in place at CEA is followed "within the communications department, but not necessarily by the association as a whole.”

Here’s a summary of the suggestions Groman, who previously served as the Federal Trade Commission’s first chief privacy officer, offered for ensuring that your association is being comprehensive and transparent in communicating about how it gathers, protects, and stores data from online users, both members and non-members.

  • Conduct a comprehensive inventory of your association’s methods of collecting data on its website and how accurately you have explained them to consumers. Understand how information on your site will be shared. For example, a job site can violate its own policy by sending data to a third-party service provider.
  • Make sure the link to your privacy policy is easily identifiable and conspicuous. Ideally, it needs to be featured on every page of the website, particularly those where the actual data is collected (e.g. meeting registration or order forms).
  • Be very explicit in vendor contracts about how data can be used. In most cases, third parties shouldn’t have the right to re-use data for other uses outside those required for providing the specific service or product.
  • Make sure to educate all of your vendors and employees about your own privacy policy. That way you can avoid staff using data improperly.
  • Encourage coordination across different departments. IT and Legal both need to be involved in selecting services and reviewing terms of service that the association enters into.
  • Develop a specific policy for dealing with data breaches. Tailor it to the size of your organization, and designate a data response team.

For more information about privacy policies and other issues related to privacy, visit these websites:

International Association of Privacy Professionals

Federal Trade Commission

Network Advertising Initiative

Ponemon Institute

Apryl Motley, CAE is a communications consultant, former Association Media & Publishing board member, and a frequent contributor to AM&P publications. We sincerely thank Apryl for covering this event for our members who were unable to attend.


 

© Copyright 2017, Association Media and Publishing. All rights reserved.