Look Out for Privacy Traps


Media companies are benefiting from all sorts
of new tools, like enhanced websites, social networking
and mobile applications. New functionality can drive
users to online offerings and raise the profile of associated
TV and radio stations, for example.

It can also strengthen the historical partnership
between local media and local
businesses, as the recent online
coupon craze demonstrates.
Also, online advertising provides
an important new revenue stream,
and as targeted advertising grows
more sophisticated, media outlets
can demand higher premiums for
advertising space.

Yet with these opportunities,
care must be taken to keep privacyrelated
risks in check. A good operating
assumption is that newmedia
tools will collect some
information about individuals.
Such information does not necessarily
need to identify an individual
by name in order to carry concerning
privacy implications. Wrong
steps could lead to reputational injuries at least, and data
breaches, enforcement actions or civil penalties at worst.

Each use of new media raises different privacy risks.
But privacy hot spots tend to appear consistently in the
following areas:

Does your content attract children? Online offerings
might foreseeably be attractive to kids 12 years
old and younger, or you could be aware that your website
actually has collected children’s personal information.
Consider that a website reflecting a station’s
“top-40” format might officially target an older teen/
young adult demographic, but offer considerable
“tween” appeal. Such situations are rife with legal risk
under the Children’s Online Privacy Protection Act,
which is actively — and publicly — enforced by the Federal
Trade Commission, sometimes with seven-fi gure
settlement penalties.

Is your privacy policy up to date? Privacy policies
can quickly become stale as companies add new online offerings
or change the way they handle personal information
in response to new opportunities. An outdated policy poses
legal risks, as falling short of its promises could amount to
“unfair or deceptive trade practices.” Both the FTC and state
attorneys general have pursued failures to uphold privacy
policies, which is a binding public representation about how
a company will deal with personal information.

Have you covered the information-security basics?
If your website or mobile app engages in any type
of e-commerce, do you encrypt the transaction — and
especially any credit card numbers? In the “back office” supporting your online offerings, are default user
names or passwords avoided? Are wireless connections
secured? Where basic security precautions were not taken,
the FTC has publicly shamed companies that suffered
security breaches. Notably, a company need not necessarily
make a public representation concerning information
security in order to be caught in the FTC’s net.

Do you know which marketing laws apply to
your campaigns?
Do you plan to market your offerings
or those of your partners by text
message? E-mail? Phone call? Fax?
If so, federal or state law could limit
whom you can contact or require
certain opt-out choices. Violations
of such law could lead to enforcement
actions, and in some cases,
private rights of action.

Do your mobile applications use
location information? Media companies
using mobile applications
could be using location information
to enhance the service. Yet, location
information is sensitive, and
certain legal limitations apply.

Do you know what your partners
and vendors are doing?

New media is truly an “ecosystem,”
where a single service can
involve a web of retailers, communications providers,
vendors, advertisers, transaction processors and so on,
connected through different types of legal relationships.
All of these parties could be using personal information
while conducting business important to your newmedia
strategy. Thus, you should understand how your
associates are using and securing personal information,
the risks that could rebound upon your company and
where appropriate, make sure that the broadcaster’s privacy
policy is being upheld.

Do you use online advertising best practices?
Congress, the FTC, state authorities and privacy advocates
are ready to regulate targeted online advertising,
unless industry self-regulation is found to work. Media
companies have an interest in maintaining a self-regulatory
regime, where innovative technology and business
arrangements can be quickly put to use. Further,
unintended consequences of regulation could choke off
the important revenue streams that ultimately fund free
online services.

Accordingly, you should consider adhering to voluntary
guidelines concerning online ads that industry
groups have developed. Your company may also wish to
participate in ongoing policy debates. You should understand
the types of technology that your ad networks use,
and avoid especially intrusive or aggressive mechanisms.

Every company should periodically review its privacy
and security practices to make sure that it is avoiding
common pitfalls.

Amy E. Worlton is a partner and Ari Meltzer is an associate
in Wiley Rein’s Washington, D.C.-based privacy