Privacy, Privacy, email marketing Options

[John_Glube]

This one is hot off the press.

Earlier today the FTC made a press announcement of a settlement it had reached with Gateway Learning.

Gateway Learning markets and sells products under the Hooked On Phonics brand in Santa Ana, California.

On its web site, it had the following statements:

“We do not sell, rent or loan any personally identifiable information regarding our consumers with any third party unless we receive customer’s explicit consent.”

Another statement said, “We do not provide any personally identifiable information about children under 13 years of age to any third party for any purpose whatsoever.”

The policy also said that if Gateway Learning changed its policy, it would give consumers the chance to “opt-out” of having their information shared.

"According to the FTC, in April 2003, despite these promises, Gateway Learning started renting personal information provided by consumers – including their names, addresses, phone numbers, and age ranges and gender of their children – to target marketers to send mailings and make telemarketing calls."

This apparently is the FTC's first case "to challenge deceptive and unfair practices in connection with a company’s material change to its privacy policy."

Under the terms of the proposed settlement:

Gateway Learning is barred from "making deceptive claims about how it will use consumers’ information and from applying material changes in its privacy policy retroactively, without consumers’ consent. It also requires that the company give up $4,600 it earned from renting the data."

You can read a copy of the press release here: ftc.gov/opa/2004/07/gateway.htm

Here is the question.

Do we as marketers think simply requiring the company to disgorge its earnings, along with the attendant publicity is sufficent, or should the FTC go further and impose a penal fine of some sort?

I ask this question because the FTC is seeking public comment on the settlement over the next 30 days.

What do you think? Do the settlement terms provide sufficient deterrence, or should the FTC also be asking for a "penalty fine" as an additional deterrence.

And if you feel so inclined, you can send a note along to the FTC.

Kind regards,

John Glube
Toronto, Canada

[BobetteKyle]

I couldn't get to the FTC release without the "www" for some reason. This one worked for me, though: http://www.ftc.gov/opa/2004/07/gateway.htm

I really like that the FTC has been gathering opinions about their rulings. It seems to be a sign they are truly interested in understanding all angles.

What do you think? Do the settlement terms provide sufficient deterrence, or should the FTC also be asking for a "penalty fine" as an additional deterrence.

IMO, a fine should also be imposed. True, the bad publicity is an indirect fine in that companies that "get caught" are likely to see a business slowdown, but that may not be enough to deter them from taking the risk. I think an additional fine could act as much more of a deterrent.

[Randy]

Slap a penalty on the bast... ermmmm, Gateway Learning.

IMHO someone really needs to come down hard on those who break their own Privacy Policies without prior notification. If not, what's to stopy someone with an e-comm site from collecting every scrap of information, including credit card info, and using it themselves or selling it to somebody who can and will use it unscrupulously?

That's the next rung of that very slippery ladder. Trust me, I can capture anything I wanted to and "recreate" it if I wanted to. If I can do it you can best your bottom dollar the script kiddies and hackers can.

There has to be a large financial consequence for being amazingly stupid.

[BrianR]

Thanks for posting that, John.

I'm with the others - a hefty fine is required - the size of which is preferably linked to their $ turnover. Hit 'em where it hurts!

BrianR

[John_Glube]

I appreciate people taking the time to respond.

Does your opinion change with the following clarification:

According to the draft complaint, Gateway began renting the personal information it had collected in April 2003 to third parties for direct mail and telemarketing purposes.

On June 20, 2003 posted a revised privacy policy, but did not completely follow the change.

Under the revised policy, if people did not want their personal information shared, the individual had to opt-out. However, Gateway endeavoured to retroactively apply this revised policy, which it could not do without first obtaining consent.

Also, it continued to reveal age information of children, which it had promised not to do.

Ten days later, around July 1, 2003, Gateway stopped the improper rental of its lists and personal information.

On July 17, 2003 Gateway posted another revised privacy policy. It has been strictly following this new policy since that time.

During the investigation, Gateway fully cooperated with authorities.

The matter was resolved without the FTC having to first file a complaint.

Based on these additional facts, do people feel the proposed settlement is appropriate or should the FTC also seek a fine?

In otherwords does your view change if the FTC cannot show the privacy breach was deliberate?

John Glube
Toronto, Canada

[BrianR]

IMO, they should still be fined. But, in view of the 'extenuating circumstances', perhaps the level of the fine could be tempered. There has to be a financial deterrent.

Was it deliberate? It could be argued that Gateway knew exactly what they were doing in April 2003, but then in June 2003, started to get cold feet.

Besides, if I get stopped for speeding, I can't see my plea of 'Sorry officer - it wasn't deliberate' getting me very far!

BrianR

[John_Glube]

Brian,

Your point about deliberate versus accidental is valid.

Perhaps the question in my last post is better phrased:

Does your view change when the facts are the company responded to a violation of its own privacy policy by adjusting its procedures on their own initiative?

Or do people still feel in addition to disgorging the profits, the Company should also pay a penal fine.

John Glube
Toronto, Canada

[BobetteKyle]

I think the company still should be fined.

I tend to be wishy-washy about the amount - one part of me thinks the fine should be minimal because of extenuating circumstances. LOL, I'd make a terrible lawyer..."But your honor, it was an innocent mistake. Come on, let them off...they've got kids to teach!" (IMG:http://www.highrankings.com/forum/style_emoticons/default/cry_smile.gif)

On the other hand, a hefty fine would send a clear message from the FTC (IMG:http://www.highrankings.com/forum/style_emoticons/default/nono.gif) , which may make other companies stop and think about the consequences before illegally sharing private information.

In summary, I don't know what I think. (IMG:http://www.highrankings.com/forum/style_emoticons/default/unsure.gif)

[John_Glube]

Hmm ... Bobette ... read your post and smiled.

I have a feeling the FTC in sorting this one out was kind of in the same boat.

On the one hand, the penalty has to be strong enough so that others understand, you don't do this.

At the same time, given the Company fixed the problem on its own initiative, so that at least everything is now okay on a go forward basis, all right we will give them a break.

Which is why I suspect the Commission in giving the public 30 days to comment decided to (IMG:http://www.highrankings.com/forum/style_emoticons/default/crossfingers.gif) and say in essence, if there is a hue and cry ... (especially from the public at large) we will come down harder. If not ... we will let the settlement stand.

John