Here’s how to ensure that your association is transparent in
communicating how it gathers, protects, and stores data from online users.
By Apryl Motley, CAE
If you thought copyright was the most complicated kid on the
block, look out. Here comes privacy. As
organizations become increasingly reliant on electronic collection of data
through their websites, more concerns about privacy are being raised.
Like many association media and publishing professionals,
Cindy Stevens, senior director, publications at the Consumer Electronics Association,
is concerned about the potential for "subscriber information being overused.”
Stevens served as a content leader for a session at the
Association Media & Publishing annual meeting ("Privacy and Data
Protection: Are You at Risk?) that addressed this concern and other privacy
Marc M. Groman, executive director and general counsel for
the Network Advertising Initiative, also served as a content leader. NAI is a
coalition of online advertising companies working to build consumer awareness
and reinforce responsible business and data management practices and standards.
Peter Black, senior vice president, business development,
BPA Worldwide, moderated the session. From Black’s perspective, "the biggest
concern is the possibility of data breach of audited publications.”
Given that, according to Groman, there are more than 40 different
state laws dealing with data breach, it’s critical that associations develop
privacy policies that carefully address the different nuances surrounding the
collection and third-party use of member and/or subscriber data.
At CEA, Stevens said, "The legal and information technology
the legal department bearing the responsibility of monitoring and enforcing
compliance with the policy.”
But is having a policy enough? Do staff members at your
How well do you communicate to the policy to members and other users of
CEA is followed "within the communications department, but not necessarily by
the association as a whole.”
Here’s a summary of the suggestions Groman, who previously
served as the Federal Trade Commission’s first chief privacy officer, offered
for ensuring that your association is being comprehensive and transparent in
communicating about how it gathers, protects, and stores data from online
users, both members and non-members.
- Conduct a comprehensive inventory of your association’s methods
of collecting data on its website and how accurately you have explained them to
consumers. Understand how information on your site will be shared. For example,
a job site can violate its own policy by sending data to a third-party service
identifiable and conspicuous. Ideally, it needs to be featured on every page of
the website, particularly those where the actual data is collected (e.g. meeting registration or order forms).
- Be very explicit in vendor contracts about how data can be
used. In most cases, third parties shouldn’t have the right to re-use data for
other uses outside those required for providing the specific service or
- Make sure to educate all of your vendors and employees
- Encourage coordination across different departments. IT and
Legal both need to be involved in selecting services and reviewing terms of
service that the association enters into.
- Develop a specific policy for dealing with data breaches. Tailor
it to the size of your organization, and designate a data response team.
For more information about privacy policies and other issues
related to privacy, visit these websites:
International Association of Privacy Professionals
Federal Trade Commission
Network Advertising Initiative
Apryl Motley, CAE is a communications consultant, former Association Media & Publishing board member, and a frequent contributor to AM&P publications. We sincerely thank Apryl for covering this event for our members who were unable to attend.