2 O n l i n e a t - PDF

Please download to get full document.

View again

of 44
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report



Views: 4 | Pages: 44

Extension: PDF | Download: 0

Related documents
2 O n l i n e a t Online at w w w. a c l u n c. o r g / t e c h New technology has revolutionized how individuals work and live. It has provided unprecedented access to information,
2 O n l i n e a t Online at w w w. a c l u n c. o r g / t e c h New technology has revolutionized how individuals work and live. It has provided unprecedented access to information, linked people around the world, and given voice to those who might not otherwise be heard. However, technology also can pose risks to your customers rights, especially their privacy and freedom of expression. This Guide will help you make smart, proactive decisions about privacy and free speech so you can protect your customers rights while bolstering the bottom line. Failing to take privacy and free speech into proper account can easily lead to negative press, government investigations and fines, costly lawsuits, and loss of customers and business partners. By making privacy and free speech a priority when developing a new product or business plan, your company can save time and money while enhancing its reputation and building customer loyalty and trust. Read this Guide now and use it as you develop your next product or business venture. The practical tips and real-life business case studies in this Guide will help you to avoid having millions read about your privacy and free speech mistakes later. For more information about how your company can build proper privacy and free speech safeguards into your products and business plans, please contact the Technology and Civil Liberties Program at the ACLU of Northern California and visit our Web site and blog at Contents I: Overview Privacy and Free Speech Safeguards Are a Good Investment Privacy and Free Speech Mistakes Hurt Business Following the Law Is Not Enough for Users or the Bottom Line Promoting Privacy and Free Speech Is Good Business II: Getting an Edge: Making Your Privacy Practices Stand Out Keep Users Informed Protect Users While Gathering Data Protect User Data from Disclosure III: Getting an Edge: Standing Up for Free Speech Promote Free Speech Avoid Policies and Practices that Chill Free Speech IV: Conclusion Appendix A: Useful Links Appendix B: Privacy and Free Speech: The Legal Landscape Endnotes Author: Nicole A. Ozer, Technology and Civil Liberties Policy Director, ACLU of Northern California Contributing Writers: Chris Conley, Christopher Soghoian, Travis Brandon, Aaron Brauer-Rieke EDITING: Nancy Adess DESIGN: Gigi Pandian PRINTING: Inkworks Press Special thanks to the staff of ACLU National Technology and Liberty Project for editing assistance. For more information about how your company can build proper privacy and free speech safeguards into your products and business plans, please contact the Technology and Civil Liberties Program at the ACLU of Northern California and visit our Web site and blog at The ACLU of Northern California wishes to thank the following funders for their support of this publication: Block v. ebay cy pres fund California Consumer Protection Foundation Consumer Privacy Cases cy pres fund Rose Foundation for Communities and the Environment The David B. Gold Foundation Published by the ACLU of Northern California, February 2009 I: Overview This Guide has been developed to help companies address user privacy and protection of free speech in a manner that both benefits the company and protects user interests. This section provides an overview of the reasons that companies should be concerned about privacy and free speech issues. The following sections contain specific business tips to aid you in building privacy and free speech into new products and businesses, as well as real-life case studies of companies that have succeeded or failed when they encountered a challenge related to privacy or freedom of speech. Privacy and Free Speech Safeguards Are a Good Investment Safeguarding your customers privacy and freedom of speech is not only prudent from a legal standpoint, it is also wise business policy. Protecting user rights can generate immediate results as well as build customer loyalty and trust. Safeguards can increase use and consumer spending With safeguards in place, consumers are likely to spend more online. One study in 2000 found that consumers would spend a total of $6 billion more annually on the Internet if they did not feel that their privacy was on the line every time they made a transaction. 1 In 2008, a study found that 68% of individuals were not at all comfortable with companies that create profiles linking browsing and shopping habits to identity. 2 Other research in 2007 found that customers are willing to pay to protect their privacy and calculated the value at approximately 60 cents more per fifteen-dollar item. 3 Safeguards can generate positive press and create customer loyalty Safeguards can also enhance your image and bring customers closer. For example, when Qwest refused to join its fellow telephone companies in disclosing customer information to the National Security Agency, the New York Times noted the positive public reaction, stating, Companies can t buy that kind of buzz. 4 When Google refused to disclose search records to the United States government 5 and Yahoo! refused to cave to pressure from the French government to ban specific materials from its online auctions, 6 they were feted by the press and the public as privacy and free speech heroes. 1 Privacy & Free Speech: It s Good for Business Privacy and Free Speech Mistakes Hurt Business When it comes to protecting your users privacy and free speech, mistakes can cost you not only money but also your good name. Mistakes can result in government investigations and fines Government oversight and penalties can hurt. For example, data broker ChoicePoint s insecure data practices cost it $25 million in government fines, legal fees, and costs to notify consumers about a security breach, 7 as well as a rapid 9% dive in stock price. 8 Comcast was taken to task by the Federal Communications Commission 9 and forced to defend against class-action lawsuits 10 for interfering with free speech by slowing access for customers using peer-to-peer technologies. Mistakes can result in expensive lawsuits Several large companies have felt the sting of lawsuits related to their privacy and free speech practices. AT&T and Verizon have both been sued for hundreds of billions of dollars in multiple class-action lawsuits and have spent massive amounts on attorney and lobbyist fees after reportedly collaborating with the National Security Agencys massive warrantless wiretapping and data-mining program. 11 Apple was slapped with $740,000 in attorney s fees when it tried to expose the identity of individuals who leaked information to bloggers about new products. 12 Mistakes can result in loss of revenue and reputation Free speech and privacy violations can directly affect a company s revenue as well. Facebook lost major advertising partners and was the target of online protests from 80,000 of its users for failing to provide proper notice and consent for its Beacon advertising service tying a user s other Internet activities to her Facebook profile. 13 NebuAd s plan to meticulously track all online activity, down to every Web click, and then use this information for targeted advertising went awry when consumers sounded the alarm for online privacy and free speech; in its wake, major partnership agreements crumbled, a Congressional committee investigation was initiated, and the company s founder and chief executive resigned Online at Following the Law Is Not Enough for Users or the Bottom Line It is imperative to understand and strictly adhere to all federal and state privacy and free speech laws and regulations. 15 But businesses should be aware that the current laws are often unclear; moreover, these laws may not always provide consumers with the level of privacy and free speech protections that they expect and demand. Companies may find themselves caught between demands for information and users expectations of privacy Outdated privacy laws can leave companies in an impossible situation, forced to choose between maintaining the trust of users and responding to subpoenas and other demands for information from the government or third parties. Although many users believe that the letters, diaries, spreadsheets, photographs, videos, and other personal documents and materials that businesses encourage them to store online are as private as those stored in a file cabinet or on their computer s hard drive at home, the legal requirements for the government and third parties to demand access to these documents are uncertain. The business record doctrine, which was established in pre-internet Supreme Court cases 16 and has not been reconsidered in light of the new reality of online communication and commerce, holds that there is no reasonable expectation of privacy, and thus no Fourth Amendment privacy protection, when a user turns over information to a third-party business. Law enforcement officials thus claim that they can demand information about online activities of Internet users without a search warrant, at least without violating the Constitution. However, other laws, such as the California state constitution and federal and state statutes protecting health records, financial records, electronic communications, video rentals records, and other specific information, provide additional sources of privacy protection for personal information. 17 This patchwork of laws, along with the grey areas in Fourth Amendment doctrine, may leave companies exposed to demands for information whose legal validity is difficult or impossible to determine. Even where the law is relatively clear, there may be a significant disparity between what users expect and what the law requires. Only companies that develop robust privacy policies that anticipate potential conflict and lay out procedures to safeguard user privacy to the greatest extent possible will meet user expectations during these difficult situations; those that do not risk paying the price by alienating both existing and potential users. 3 Privacy & Free Speech: It s Good for Business Companies may face competing demands to enable and limit speech Consumers have come to rely on the Internet and other new technologies as crucial platforms for the distribution and discussion of news and current events, creative expression, and other socially valuable speech. When a user s political video is removed from a site, when an individual posts an anonymous message and his identity is revealed, or when a company censors information that should be delivered to users, there is often a free speech firestorm regardless of the nuances of what a company is legally required to do. Although its technology may be cutting-edge, a company must be careful to ensure that its business plan and policies do not interfere with long-established free speech expectations. Companies can act to protect their customers and their own interests Companies that meekly comply with every request for customer information, whether from the government or a third party, may find themselves subject to a barrage of such requests, which can consume resources while alienating customers. Companies that stand up for their customers rights to privacy and free speech will earn customer loyalty and may even reduce the administrative burden of dealing with such requests. Moreover, weak privacy and free speech laws hurt companies that want to build trustworthy services. Companies should push for new laws that will build consumer confidence and protect them from being caught between the privacy interests of customers and government and third-party demands for information. 4 Online at Promoting Privacy and Free Speech Is Good Business Establishing policies that protect privacy and free speech can be a good way to stand out from your competitors. Protecting your users rights though legal and other means can generate valuable trust and goodwill that will pay off in the long run. The following sections give you the chance to ask yourself important questions about how your company is currently doing business. Use the tips here to build a solid plan that will save your company money, time, and reputation by properly protecting privacy and free speech. Keep Users Informed Develop a comprehensive and easy-tounderstand privacy policy Post your privacy policy prominently on all Web pages Always follow your privacy policy Alert users and employees to privacy policy changes Provide notice and get user consent for software and service updates Protect Users While Gathering Data Collect and store only necessary user information Aggregate or anonymize user transactional data where appropriate Inform users about data collection Use opt-in processes to collect and share user data Have easy, fast, and effective user correction and deletion procedures for user data Protect User Data from Disclosure Ensure proper legal process for disclosures and resist overbroad requests Promptly notify users about disclosure requests whenever possible Disclose only required information Safeguard user data protect devices and develop data security practices Quickly respond, notify, and provide service for data breaches Protect users from surreptitious monitoring Promote Free Speech Develop and enforce content-neutral policies Protect anonymous speech Avoid Policies and Practices That Chill Free Speech Draft your terms of use and service narrowly to avoid stifling protected speech Safeguard product trust by not monitoring and tracking speech Respect free speech in takedowns Plan for fair use before deploying digital rights management (DRM) These tips will help you get an edge by building customer loyalty and trust while protecting your company from both litigation and excessive demands for information. In a competitive market, superior privacy and free speech policies might be the difference between success and failure. 5 Privacy & Free Speech: It s Good for Business II: Getting an Edge: Making Your Privacy Practices Stand Out The key to developing outstanding privacy practices is ensuring that users are a part of the process. Informing your users about your products and policies, ensuring that their interests are protected when a data breach occurs or a third party seeks their information, and enabling them to control their own data can give users an ownership stake in your product and build invaluable trust and loyalty. Keep Users Informed Do we have a real privacy policy? Every company that operates a commercial Web site in California must post a conspicuous privacy policy on its Web site that discloses the kinds of personally identifiable data that it collects and shares with third parties. 18 But the term privacy policy is often misleading. Although consumers expect that privacy policies actually protect consumer privacy, 19 such policies may instead state, in effect, that the company may do as it pleases with whatever information it chooses to collect. Having a real privacy policy designed to inform users is not just the law, it is also good business. A strong privacy policy can be a marketing tool, attracting users who prefer to do business with a trustworthy company that safeguards their private information. Explain what data you collect. Do you collect personal information, such as phone numbers, addresses, or Social Security numbers? Do you create a log of users online histories? Do you collect clickstream data? Explain how data is stored. How long is each category of data stored? What data is linked to an individual? What data is anonymized and after how long? What data is combined? 89% of consumers in 2006 felt more comfortable giving their personal information to companies that have clear privacy policies Online at explain how data will be used or shared. Do you create a user profile? Do you use it to deliver targeted advertising? Do you sell or share this data? If so, with whom? How do you ensure that this data is not being misused or resold? How can users stop their data from being shared? Explain your processes for responding to data requests by government and third parties. What data could be requested and disclosed? What standards must the government or third parties meet in order to obtain that data from your company? When and how will you provide notice to users about requests for information? Will you challenge questionable demands on behalf of your users? Explain how users can view and control their own data. What options do users have to view data? What categories of data can be deleted and how? How quickly is data purged, both online and in archives? What procedures are in place to fix errors? Notify users in advance if your privacy policy is about to change. Give users the opportunity to terminate use of the system and have existing data deleted or keep using your service but opt out of having their existing data processed under the new policy. Always follow your privacy policy. Your policy is a contract that you make with your users; failure to follow it can result in the loss of user trust as well as lawsuits by users and action by the Federal Trade Commission and other state and federal agencies. 59% of consumers said they would recommend a business to their family and friends if they believe that it follows its privacy policies. 21 Do we provide users with notice and get their consent before installing or updating software or features? Making it as easy as possible for users to install or upgrade their software or use new features can be beneficial, but keeping users in the loop about changes is just as important. Users want to have notice and an opportunity to consent before any significant changes take effect. Both Sony and Google learned the hard way that users do not like their software to contain silent, hidden surprises. 7 Privacy & Free Speech: It s Good for Business Notify users and gain their consent before installing or updating products. Most users will embrace new or improved functionality as long as they are aware of what they are getting. Giving users choices before making changes will allow them to voice possibly legitimate complaints as well as prevent controversies when new features have unforeseen consequences. Sony: Shipping CDs with an aggressive digital rights management (DRM) program that installed itself on users computers without their permission was a big mistake for Sony. The company was targeted by multiple class-action lawsuits and blasted in the media. 22 Sony was forced to recall the CDs and pay millions of dollars in compensation to its users. 23 Activate auto-update only with user consent. Most users will happily activate a feature that keeps their software up-to-date without requiring any effort on their part but some will be less than pleased if such updates happen automatically without their knowledge or permission. Avoid dissatisfaction by making auto-update an opt-in process. Google: The company was pilloried in the press for making millions of its Google toolbar users vulnerable to a malicious software attack because of its toolbar s silent, automatic update mechanism. 24 In 2006, a researcher found a flaw in the toolbar update mechanism of the Firefox browser. 25 But since the Google toolbar software, unlike that used by Yahoo! or Facebook, did not provide notice to and obtain consent from users prior to updating the toolbar, Google toolbar users who used the Firefox browser could not control when the toolbar was updated and faced increased risk. 26 Distribute updates and new products separately. Using an update to push out new, unrelated products can result in negative press and may cause users to lose faith in security update tools. Encourage users to install or use your great new product voluntarily don t trick them into it by attaching it to an update for a service they already use. Apple: When Apple released its Safari 3.1 for Windows Web browser, it wasn t content to simply promote its new product. Instead, it released the browser as an update to its popular itunes mus
View more...
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks