Do you do B2B?

Old Blue Eyes wasn’t in the tech biz, but before giving the ring-a-ding-ding to a B2B transaction that allows partners to share customer data through software one company licenses to the other, we’re guessing he would have agreed with some basic principles derived from the FTC’s proposed settlement with web analytics company Compete, Inc.

The FTC’s complaint focused on the operation of the company’s Toolbar and Consumer Input Panel.  In addition to collecting consumer information on its own, Compete licensed its software so that other businesses could use it in their own toolbars and reward programs.  Among other things, the FTC charged that Compete’s software collected much more than people were told.

Under the terms of the settlement, Compete will have to clearly and prominently disclose its practices and get express affirmative consent from consumers before collecting information.  The proposed order — the deadline for public comment is November 19, 2012 — establishes that simply slipping a line into a privacy policy, end user license agreement, or terms of use page won’t be sufficient.

But its obligations don’t end there.  When Compete collects information through other companies’ use of its technology, Compete will have to make the same disclosures and get the same consent  or put a provision in its contract that the company using its software take those steps.  What's more, Compete will have to monitor to make sure that’s done.

The proposed settlement applies just to Compete, but it’s clear that consumers are concerned about how their data is used and stored.  What can your business take from the Compete case?

Know your own strength.  Whether you’re using your own software or marketing it to others, make sure you’re clear on exactly what information it collects.  Tech-savvy execs will tell you that the starting point for data security decision-making is an accurate assessment of the information in your possession.

Someone to watch over me?  When it comes to consumer privacy, it's ill-advised to just do it "My Way" and assume The Other Guy has taken care to disclose the details to consumers.  Putting aside for a moment legal issues about software licensing, if a data glitch affects your customers, will they be satisfied with the explanation that you thought someone else was responsible?

Strangers in the night?  Once you're involved in a data sharing deal, you can't approach the other company as just another stranger in the night. In addition to being upfront about the data you or your partners collect, double-check to make sure new software doesn’t perform in ways contrary to the privacy promises you've made.  Unsure about exactly what data the software gathers?  The onus is on you to ask.

Be sure to secure.  According to the complaint, Compete engaged in practices that, when taken together, failed to provide reasonable and appropriate security for the data it collected and transmitted.  Just two “for instances” alleged by the FTC:  Compete sent sensitive data from secure web pages — like security codes and account numbers — in plain-as-day text over the Internet and didn’t use readily available, low-cost measures to address the risk that the software would collect sensitive data it wasn’t authorized to gather.  Are you confident your company has taken reasonable security steps, given the kind of data in your possession?

The best advice from Old Blue Eyes:  "Nice and easy does it every time."

 

0 Comments

| Comment Policy

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.