Is Information Online Legally Fair Game to Use for Marketing?

Tuesday, February 21, 2012

Rebecca Herold

65be44ae7088566069cc3bef454174a7

Social media sites are booming.  The amount of personal information folks are choosing to post to them, such as photos, videos, original stories, thoughts, gossip, and so on, is exploding. 

Marketers are drooling at the prospect of using all that “free” information.  Well, it’s really not free, folks.

This is a topic of growing concern.  More than I had realized until I received two separate questions in the past two weeks from two different sources (one from a group of students and another from a marketing professional at a large corporation) about the legal requirements related to using information from social media sites for marketing.

I wrote about the topic of using information from social media sites in 2010 in my blog post, “3 Privacy Mistakes For Social Media And Marketing”.  Those thoughts still apply.  Now let’s consider some of the legal issues related to activities that harvest information from social media sites to use for marketing purposes. 

Here are just a few of the legal issues that marketers, and the organizations that they work for, need to know about:

Section 5 of the Federal Trade Commission Act (FTC Act).  Your posted privacy policy is a legally binding document.  Have your marketers read it?  Do they understand it?  Are they following it?  If they are using information in ways that violate your posted privacy policy, then they are putting your entire organization at risk of civil action, sanctions under the FTC Act, or any of a wide number of other legal problems.  Not to mention bad publicity.

CAN-SPAM Act.  Many marketers are gleaning email addresses from social marketing sites.  I’ve even heard marketers brag about the large number of email addresses they’ve pulled from Facebook alone. 

Using such information to send unsolicited marketing messages could be violating the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act).  Organizations and individuals have received multi-million dollar fines for CAN-SPAM Act violations.

COPPA.  Many marketers are interacting with everyone they can get the attention of on social networking sites, and then snagging things such as their names, home addresses, email addresses , and phone numbers if they happen to find them on their sites. 

They could be violating the Children’s Online Privacy Protection Act (COPPA) of 1998 which established the requirements by which organizations can obtain and use such personal information from children under 13 years old. 

The FTC has applied numerous multi-million fines for such activities.  Are your marketers aware of this regulation, or are they exposing your business to some hefty penalties by grabbing and using personal information of minors?

Video Privacy Protection Act (VPPA).  Even though this is a comparatively older regulation enacted in 1988 largely as a result of the release of Supreme Court Judge Robert Bork’s video rental records during his controversial Supreme Court nomination process, it is still applicable today to the ways in which videos, and similar media, are streamed over the Internet. 

Marketing folks love to know the viewing habits of the public, and many have viewed social networks as goldmine of potential information related to consumer viewer habits, and potential follow-up to those who fit their target customer profile.  If your marketers are using social media information of individuals for these types of activities without the consent of the applicable individuals, they and/or your organization could be hit with significant sanctions under the VPPA.

Consider all the other international, federal, state and local laws and industry regulations that could be added to this list, and the need to consider such legal issues when doing marketing using “found” social network information; the potential for legal nightmares should become clear and compelling.

As a final thought consider this: if you found a billfold full of credit cards and a social security card on the street, would you be able to just pick it up and start using the cards for your own personal gain, or more directly comparable, for any number of your business purposes? 

Crooks and those without a moral or ethical compass probably would, but others should know that such found information was not free for the taking and using.  The same concept should be used for information “found” online as well.

The students who wrote to me asked whether or not marketing invades privacy.   The answer is, of course it can!  That is why you need to be aware of what personal information is, and know that privacy goes beyond just knowing the specific legal restrictions for using personal information (although you certainly need to know this as well).

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

Cross-posted from Privacy Professor

Possibly Related Articles:
12519
Privacy
General Legal
Legal SPAM Privacy Social Media Marketing internet FTC Online COPPA Rebecca Herold VPPA
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.