Group items tagged

As if you needed another sign that times are tough, here's a fairly reliable measure: The number of cases handled by the advertising industry's best-kept secret -- self-regulation -- are on the rise. Last year the National Advertising Division of the Council of Better Business Bureaus handled 214 cases, up 22% from 2007. And in 2008 ad challenges, in which one advertiser challenges a competitor's claim, rose 31% to 81 cases. Why the increased activity? It's a deadly fight for share of market out there, and in down times advertisers tend to revert to hard-hitting comparative advertising. NAD's purpose is to substantiate these kinds of attack ads, and it can do it faster and cheaper than litigation can. The Federal Trade Commission seems to like the idea of letting advertisers settle their own disputes. When the National Advertising Review Council, the body that sets the policies and procedures for the NAD to enforce, started 38 years ago, then-FTC Chairman Bob Pitofsky wasn't an early convert. "If the truth be known," he said 10 years ago, "there was some skepticism about how the whole thing would work. The FTC had been burned time and time again by unkept promises of self-regulation by other industries. But this group has proved the skeptics wrong. Today, advertising has the best self-regulatory system of any industry in the country." The outgoing chairman of the FTC, William Kovacic, is also a fan. But the current crop of FTC commissioners don't seem as convinced, although they seem somewhat willing to give self-regulation a chance. In issuing guidelines for online behavioral advertising, FTC Commissioner Jon Leibowitz said the industry needs to do a better job of "meaningful, rigorous self-regulation, or it will certainly invite legislation by Congress and a more regulatory approach by our commission."A joint industry task force quickly seized on that statement as an endorsement for self-regulation, and said it supported FTC's goal of a "comprehensive and eff

Federal Trade Commission staff today issued a report describing its ongoing examination of online behavioral advertising and setting forth revisions to proposed principles to govern self-regulatory efforts in this area. The key issue concerns how online advertisers can best protect consumers' privacy while collecting information about their online activities. Over the last decade, the FTC has periodically examined the consumer privacy issues raised by online behavioral advertising - which is the practice of tracking an individual's online activities in order to deliver advertising tailored to his or her interests. The FTC examined this practice most recently at its November 2007 "Behavioral Advertising" Town Hall. The following month, in response to public discussion about the need to address privacy concerns in this area, FTC staff issued a set of proposed principles to encourage and guide industry self-regulation for public comment. Today's report, titled "Self-Regulatory Principles for Online Behavioral Advertising," summarizes and responds to the main issues raised by more than 60 comments received. It also sets forth revised principles. The report discusses the potential benefits of behavioral advertising to consumers, including the free online content that advertising generally supports and personalization that many consumers appear to value. It also discusses the privacy concerns that the practice raises, including the invisibility of the data collection to consumers and the risk that the information collected - including sensitive information regarding health, finances, or children - could fall into the wrong hands or be used for unanticipated purposes. Consistent with the FTC's overall approach to consumer privacy, the report seeks to balance the potential benefits of behavioral advertising against the privacy concerns it raises, and to encourage privacy protections while maintaining a competitive marketplace. The report points ou

A top lawyer for P&G called upon industry execs to work harder than ever to defend self-regulation of the ad business at a gathering of top advertisers today. Speaking about the tough economic environment and increased government involvement in business affairs, Deborah Platt Majoras, VP-general counsel at P&G, said the ad business has to tout that it has been responsible and doesn't need additional oversight. The current business environment -- one in which market failures have prompted government bailouts and heightened government oversight -- is leading to a more skeptical outlook from policymakers about self-regulation. ' "The road ahead is not going to be easy, but we are not helpless," said Ms. Majoras, who, prior to joining P&G served as chairman of the Federal Trade Commission from 2004 to 2008. "The industry has been far more responsible than we get credit for. It's time that we backed up rhetoric with facts," she said.

To address important consumer privacy concerns associated with online behavioral advertising, the staff of the Federal Trade Commission today released a set of proposed principles to guide the development of self-regulation in this evolving area. Behavioral advertising is the tracking of a consumer's activities online - including the searches the consumer has conducted, the Web pages visited, and the content viewed - in order to deliver advertising targeted to the individual consumer"s interests. For more than a decade, the FTC has engaged in investigation, law enforcement, studies, and other privacy developments to protect consumers' privacy online. Concepts used to develop the principles emerged from the agency's longstanding privacy program and, more recently, from two conferences hosted by the FTC. In the fall of 2006, a three-day public hearing, "Protecting Consumers in the Next Tech-ade," examined technology developments that could raise consumer protection policy issues, including privacy, over the next decade. This past November, building on the Tech-ade hearings, the FTC hosted a Town Hall entitled "Ehavioral Advertising: Tracking, Targeting, and Technology," to focus in on privacy issues raised by behavioral advertising. "The purpose of this proposal is to encourage more meaningful and enforceable self-regulation to address the privacy concerns raised with respect to behavioral advertising. In developing the principles, FTC staff was mindful of the need to maintain vigorous competition in online advertising as well as the importance of accommodating the wide variety of business models that exist in this area," according to its proposal "Behavioral Advertising: Moving the Discussion Forward to Possible Self-Regulatory Principles." The proposal states that behavioral advertising provides benefits to consumers in the form of free content and personalized advertising but notes that this practice is largely invisible and unknown to consumers. To address the

Last month, the digital advertising industry's use of behaviorally targeted advertising gained a reprieve of sorts when the Federal Trade Commission issued a final report confirming its earlier support of self-regulation. But some commission members remained concerned about ads that are shown to Web users based on their previous online activities, and in particular the possibility of violations of online privacy. Some form of legal restrictions may be imposed on the industry, the FTC indicated, if the online ad industry isn't up to the task of regulating itself. "Privacy is definitely the biggest concern today," said Joe Apprendi, CEO of Collective Media, an online advertising network based in New York. "There has been the concern that through such approaches as deep-packet technology, companies can leverage information through subscriber-based providers to marry anonymous behavioral segment data and identify real people. "The fact is, online advertising is subject to a higher standard that offline direct marketing tactics," Apprendi said. The FTC report, "Self-Regulatory Principles for Online Behavioral Advertising," continues to advocate voluntary industry self-regulation, in keeping with its principles governing online behavioral advertising issued at the end of 2007, despite the urgings of consumer advocacy groups that it impose rules regulating online advertising. The commission's new guidelines are based on four principles: * Transparency and consumer control. The commission advises that Web sites that collect data for behavioral advertising provide "a clear, concise, consumer-friendly and prominent statement" that the data are being collected to provide ads tailored to the user's interests and that the user has an easy and obvious way to choose whether to allow this. * Security for data retention. Companies that collect data for behavioral advertising should provide "reasonable" protection of that information and reta

Google, Microsoft, Yahoo support self-regulation in the UK AOL, Google, Microsoft, NebuAd, Phorm, and Yahoo promise to behave. All of these companies - along with a few others - have volunteered to honor the Internet Advertising Bureau's just-announced set of Good Practice Principles. So on to the guts of the agreement. First, companies are supposed to tell users whenever they're collecting data for the sake of behavioral advertising. They're also expected to make sure users understand what the procedure entails. Then comes the key part: users should get the chance to opt out of the collection process. Ad companies are probably hoping that users will either be too lazy to take action or will actually prefer better-targeted ads. If so, the companies will continue to make money and improve their public image. But since privacy advocates may still complain that data collection isn't an opt-in matter, the issue isn't likely to go away. Mark Howe, the country sales director of Google UK, sidestepped the mess, simply stating, "Google believes in two core principles of transparency and choice when it comes to user privacy. That is why we are supportive of these new, self-regulatory principles for online advertising which will enable consumers to increase their understanding of their web surfing options." IAB described the Principles as "the UK's first self-regulatory guidelines to set good practice for companies that collect and use data for online behavioural advertising purposes." The Principles have been approved by the Information Commissioner's Office, which reports directly to Parliament.

Washington insiders say that the Obama administration will be more aggressive with actions to protect consumers online. Two consumer advocacy groups, the Center for Digital Democracy and the U.S. Public Interest Research Group, have asked the Federal Trade Commission to investigate behavioral targeting practices aimed at mobile phone users. The day the FTC received the request and one week before the Obama administration took office, four marketing and advertising associations announced their intent to create an enhanced set of self-regulatory principles for online behavioral advertising. The American Association of Advertising Agencies, Association of National Advertisers, Direct Marketing Association and Interactive Advertising Bureau are said to be reviewing the areas for self-regulation set forth in the FTC's proposed self-regulatory principles issued in December 2007. As marketers, our boundaries for targeting campaigns continue to widen as technology improves. We collect more information than ever before. This, along with the fear of federal regulation, may create a trend for more marketers to take on a dual role as a privacy professional. The International Association for Privacy Professionals (IAPP, https://www.privacyassociation.org/) provides privacy education and certification for privacy professionals.

"A key, centrist digital rights group is set to put out a report calling for strong federal privacy laws and guidelines to regulate the growing tracking and targeting of Americans online. It argues that the self-regulation approach that industry fights for just hasn't worked. The online ad industry has "historically failed to fully implement its self-regulatory principles," according to the 34-page draft report by the Center for Democracy and Technology. CDT is a centrist D.C. group that works with and is substantially funded by the tech industry, including companies like Facebook, Google and AOL that are deeply invested in targeted ads. "Recently revised self-regulatory principles still fall short (.pdf) even as written," charges the draft, obtained by Wired.com. These tough words spearhead a new tactic for a group more used to convening inside-the-Beltway tech policy forums than launching ACLU-style send-outraged-e-mail campaigns. The CDT, which splintered off from the rabble-rousing Electronic Frontier Foundation 15 years ago, is also planning to launch a "Take Back Your Privacy" campaign on Thursday, designed to garner support for its call for comprehensive federal privacy legislation. Dozens of tech firms, known and obscure, record users' behaviors as they interact with search engines, blogs, e-commerce sites and even government websites. The tracking goes on in the background with little knowledge by consumers and even less oversight from government authorities. The tech industry - like others subject to potentially blunt-forced government regulation - has argued that policing itself was enough to prevent egregious privacy intrusions that could proliferate without any real chance individuals would even be aware of them."

A group of computer scientists at the University of Washington has developed a way to make electronic messages "self destruct" after a certain period of time, like messages in sand lost to the surf. The researchers said they think the new software, called Vanish, which requires encrypting messages, will be needed more and more as personal and business information is stored not on personal computers, but on centralized machines, or servers. In the term of the moment this is called cloud computing, and the cloud consists of the data - including e-mail and Web-based documents and calendars - stored on numerous servers.

"We all know that Internet and communications technology is changing rapidly, creating huge opportunities for business innovation and individual self-expression. Most people are probably not aware, however, that privacy law is not evolving nearly as quickly. It is time to update legal protections to reflect the impact the digital revolution is having on modern life. Cloud computing -- a bit of tech-jargon meaning the use of remote servers to store and process data -- is a great example. The movement of personal and proprietary data off desktop computers and into "the cloud", which is made up of server farms and broadband connections, is a major disruptive trend in computing. Unless our laws change to account for cloud computing and other equally momentous technology developments, the Constitution's protection against unreasonable search and seizure will become a relic of the past. The federal law setting standards for government access to personal communications -- the Electronic Communications Privacy Act (ECPA) -- was written more than two decades ago, before the Internet took off. "

"It could be quite a manic Monday for digital advertisers. Privacy advocates are calling Dec. 7 "Pearl Harbor Day" for the Internet advertising industry as the Federal Trade Commission launches its public roundtables on consumer privacy issues. Certainly many members of the public as well as legislators are up in arms over practices such as behavioral tracking and targeting, but a great deal of this anxiety comes down to a lack of knowledge regarding practices. The Interactive Advertising Bureau has been applying preventative measures, including releasing "Self-Regulatory Principles for Online Behavioral Advertising". Its latest effort is the consumer education campaign "Privacy Matters," which will be featured on a broad array of media sites. It's a conciliatory recognition that the industry has released paranoia in the general populace by not clearly explaining the nuts and bolts of targeting and other advances."

"On October 6, 2009, the Federal Trade Commission ("FTC") announced proposed settlement agreements with six companies over charges that they falsely claimed membership in the U.S. Department of Commerce Safe Harbor program. In six separate complaints, the FTC alleged that ExpatEdge Partners LLC, Onyx Graphics, Inc., Directors Desk LLC, Collectify LLC, and Progressive Gaitways LLC deceived consumers by representing that they maintained current certifications to the Safe Harbor program when such certifications had previously lapsed. The terms of the proposed settlement agreements prohibit the companies from misrepresenting their membership in any privacy, security or other compliance program. The six enforcement actions are significant as they mark a considerable uptick in the FTC's enforcement related to the Safe Harbor program. The FTC recently brought its first enforcement action relevant to the program, which is detailed in our post titled FTC's First Safe Harbor Enforcement Action. The European Union Data Protection Directive requires EU Member States to implement legislation that prohibits the transfer of personal data outside the EU unless the EU has made a determination that the laws of the recipient jurisdiction are substantially equivalent to those of the EU, and thus provide "adequate" protection for personal data. Because the EU has determined that laws of the United States do not meet its adequacy standard, the U.S. Department of Commerce and the EU developed the Safe Harbor Framework, which went into effect in November 2000. The Safe Harbor Program allows participating U.S. companies under the jurisdiction of the FTC or the U.S. Department of Transportation to transfer personal data lawfully from the EU. To join the Safe Harbor, a company must self-certify to the U.S. Department of Commerce that it complies with seven principles that have been deemed to meet the EU's adequacy standard. To maintain its certification to the Safe Harbor

Companies that track consumer behavior on the Web for targeted advertising without proper consent are near their "last chance" to self-regulate, the head of the U.S. Federal Trade Commission said on Monday. Privacy advocates say regulations on big phone and Internet companies, such as AT&T Inc and Google Inc, are too lax, giving the firms excessive control over consumers' personal information. "From my perspective, the industry is pretty close to its last clear chance to demonstrate" that it can police itself, FTC Chairman Jon Leibowitz told the Reuters Global Financial Regulation Summit in Washington. Earlier this year, the FTC issued new guidance urging websites to tell consumers that data is being collected during their searches and to allow them to opt out. If companies fail to do a better job of making their privacy policies understandable to the average person, momentum will keep building for greater regulation, Leibowitz said. "It's really up to industry."

As the impact of digital advertising on consumer privacy comes under scrutiny, AT&T is taking a stance in support of stricter standards. Rep. Rick Boucher (D., Va.), chairman of the subcommittee, said in an interview Wednesday that a statute is needed to regulate how companies collect, share and use data on consumers' behavior in targeting online advertising. While ad targeting on the Web has been at the forefront of privacy advocates' concerns, worries are growing about other media, ranging from mobile phones to emerging TV technologies. To sell marketers targeted ads, technology and media companies collect data about customers, ranging from the Web sites they visit to the neighborhoods they live in to the TV shows they watch. Marketers often will pay a premium for this form of advertising because it allows them to show their ads to consumers who are likelier to buy their products or services. "Pitfalls arise because behavioral advertising in its current forms is largely invisible to consumers," says Dorothy Attwood, AT&T's senior vice president of public policy and chief privacy officer, in prepared testimony she is expected to deliver at the hearing of the House Subcommittee on Communications, Technology and the Internet. Her statement says consumers don't fully understand that their online activity is used to create detailed profiles of them. Internet and other media companies say the data they use to target ads are anonymous and can't be traced to individual consumers. AT&T plans to argue that consumers should have "full and complete" notice of what information is collected about them and how it is used and protected, and should have tools that let them determine whether their Web activities are being tracked. The company says it won't use consumer information for online behavioral advertising unless it first obtains consent from the consumers involved. AT&T's stance contrasts with the position taken by most big Internet companies and industry trade grou

As health care providers determine how they will take advantage of the $19 billion allocated in the stimulus package to help jumpstart advances in health information technology (HIT), consumer appetite for electronic health records (EHRs), online tools and services is also growing, according to the results of the 2009 Deloitte Survey of Health Care Consumers (www.deloitte.com/us/2009consumersurvey). While only 9 percent of consumers surveyed have an electronic personal health record (PHR), 42 percent are interested in establishing PHRs connected online to their physicians. Fifty-five percent want the ability to communicate with their doctor via email to exchange health information and get answers to questions. Fifty-seven percent reported they'd be interested in scheduling appointments, buying prescriptions and completing other transactions online if their information is protected. Technologies that can facilitate consumer transactions with providers and health plans, like integrated billing systems that make bill payment faster and more convenient, are also appealing to nearly half (47 percent) of consumers surveyed. The survey of more than 4,000 U.S. consumers 18 and over was released today at the Healthcare Information and Management Systems Society (HIMSS) Annual Conference held in Chicago. It is the second annual study examining health care consumers' attitudes, behaviors and unmet needs conducted by the Deloitte Center for Health Solutions offering health care industry leaders and policymakers a timely look at how health care consumerism is evolving. "Consumers are increasingly embracing innovations that enhance self-care, convenience, personalization and control of personal health information," said Paul H. Keckley, Ph.D., executive director, Deloitte Center for Health Solutions. "Consumers want a bigger say in their health care decisions. Consumer demand for HIT and its potential impact on reforming the system has never been stronger." Despite strong con

It's never been easier to get information on the run. Smart devices such as the G1 and Apple iPhone let you put the Internet in your pocket and go - down the block or across the country. But this convenience could cost plenty in lost privacy, consumer advocates and tech analysts say. Once data have been collected and warehoused, you lose control of it forever. "The Big Brother aspect of it is troubling," says Rep. Edward Markey, D-Mass., former chairman of the powerful House Subcommittee on Telecommunications and the Internet. Mobile consumers are especially vulnerable, Markey says. Unlike PCs, cellphones tend to be used by one person exclusively. The information they telegraph - on Web browsing, lifestyle and more - tends to be "highly personalized." That's the main reason mobile data are so prized: The information is incredibly accurate. It's also why Markey and other privacy advocates say the debate about online privacy will become even more intense as advertising migrates to the mobile Web. Mobile advertising is still relatively new - G1 users, for now, get ads only through search results, for instance - but it's clearly a hot spot. The market is expected to reach $2.2 billion by 2012, from about $800 million now, according to JupiterResearch. Ultimately, it could surpass the traditional Web, now a $20 billion ad market. Yahoo, Microsoft and other ad-supported search engines collect information as Google does. But the sheer size and scope of Google's data-mining operation - the Web giant performs more than 80% of all desktop searches worldwide - makes it a uniquely pervasive presence, says Chester. Google and Yahoo, the two biggest players in search advertising, say their self-imposed privacy policies are sufficient to protect consumers, noting that they do not collect or store information in a way that can be directly tracked to an individual. Peter Fleischer, global privacy counsel for Google, says Google tries to make privacy language as

BBC Click's tweet states that they took legal advice following comments on the potential violation of U.K's Computer Misuse Act. There's a slight chance that you may have unknowingly participated in a recent experiment conducted by the BBC. In a bit of an awkward and highly unnecessary move, a team at the BBC's technology program Click has purchased a botnet consisting of 22,000 malware infected PCs, self-spammed themselves on a Gmail account, and later on DDoS-ed a a backup site owned by security company Prevx (with prior agreement), all for the sake of proving that botnets in general do what they're supposed to - facilitate cybercrime. A video of the experiment is already available. Here are more details : Upon finishing the experiment, they claim to have shut down the botnet, and interestingly notified the affected users. Exposing cybercrime or exposing the obvious, the experiment raises a lot of ethical issues. For instance, how did they manage to contact the owners of the infected hosts given that according to the team they didn't access any personal information on them? It appears that they modified the desktop wallpapers of all the infected hosts to include a link notifying them that they've been part of the experiment. Thanks, but no thanks.

The Internet Advertising Bureau U.K. has today launched a good practice principles guide for firms that collect and use data for online advertising. The goal is to promote self-regulation of the practice and quell privacy concerns surrounding it. Companies that support the principles include Google, Microsoft Advertising, Platform-A, Yahoo, Specific Media, Audience Science, NebuAd, and Phorm, all of which have been involved in the formation of the principles as members of the IAB's behavioral advertising task force. To complement the guide, the IAB has also launched a consumer-facing site, youronlinechoices.co.uk, designed to educate consumers on how and why their data is being used, and to provide information on how they can opt out of the process if they wish.

Affixing a dollar cost to a problem has immense benefit, and The Ponemon Institute goes to great lengths to arrive at the figures for its Annual Cost of a Data Breach Study. We painstakingly analyzed the financial impact a data breach has on a company by examining 43 different companies from a cross section of industries, all of which experienced a significant data breach affecting a range of data records representative of the norm. And knowing that a data breach may cost your company $6.65 million dollars may be all the information that is needed for a company to assign an appropriate budget to those tasked with information security. In 2008 the average total cost of a data breach was $6.65 million, up from $6.35 million last year and $4.54 in 2005. In 2008, the per-victim cost of a data breach was $202, up from $197 in 2007, and from $138 when the study was launched in 2005. Breaches involving a third party to which data had been outsourced bore a per-victim cost of $231, whereas self contained breaches bore a per-victim cost of $179. Breaches that were the result of a malicious act bore a per-victim cost of $225, whereas breaches that were the result of negligence bore a per-victim cost of $199. Breaches that were the result of a lost of stolen laptop computer bore a per-victim cost of $249, whereas breaches that did not involve a lost or stolen laptop computer bore a per-victim cost of $177. If the data breach was a first-time event for the company the per victim cost was $243, but if the company had experienced a breach previously the per victim cost was $192. The simple conclusion to these numbers is clear: the financial impact for a company that experiences a data breach is significant and rising. That finding alone may be alarming, but it seems to merely quantify what most people already knew to be true. The "wow" factor comes when you realize that we haven't simply identified the cost of an inevitable outcome, as if to tell the world, "buckle up and brac

In court papers filed Wednesday, former federal prosecutor Richard Convertino called reporter David Ashenfelter's invocation of the Fifth Amendment, in an attempt to keep from having to reveal his confidential sources, both "speculative" and "unreasonable." Convertino urged the federal district court in Michigan to sanction Ashenfelter and to require him to present further evidence as to why he should not be held in contempt for his refusal at a December deposition to reveal the confidential sources. For the past two years, Convertino has been seeking Ashenfelter's testimony in hopes of boosting his Privacy Act lawsuit against the Department of Justice. Convertino claims DOJ violated the law by leaking to the press details of an investigation into Convertino's conduct during a terrorism trial. At a deposition in December, after Judge Robert Cleland in the Eastern District of Michigan ruled twice that Ashenfelter is not protected by a First Amendment reporter's privilege, the reporter invoked the Fifth Amendment right against self-incrimination.