FTC Settlement Puts an End to “History Sniffing” by Online Advertising Network Charged With Deceptively Gathering Data on Consumers
You know the old adage, the Internet is forever. Well, so is your browsing history, apparently. On December 5, 2012, the FTC announced that an online advertising company agreed to settle Federal Trade Commission charges that it used “history sniffing” to secretly and illegally gather data from millions of consumers about their interest in sensitive medical and financial issues ranging from fertility and incontinence to debt relief and personal bankruptcy.
“Consumers searching the Internet shouldn’t have to worry about whether someone is going to go sniffing through the sensitive, personal details of their browsing history without their knowledge,” said FTC Chairman Jon Leibowitz. “This type of unscrupulous behavior undermines consumers’ confidence, and we won’t tolerate it.”
The defendant, Epic Marketplace shared information with a large advertising network that has a presence on 45,000 websites. Consumers who visited any of the network’s sites received a cookie, which stored information about their online practices including sites they visited and the ads they viewed. The cookies allowed Epic to serve consumers ads targeted to their interests, a practice known as online behavioral advertising.
Kids’ Data Still Collected, Shared without Parents’ Knowledge, Consent
The Federal Trade Commission issued a new staff report, “Mobile Apps for Kids: Disclosures Still Not Making the Grade,” [PDF here ] examining the privacy disclosures and practices of apps offered for children in the Google Play and Apple App stores. The report details the results of the FTC’s second survey of kids’ mobile apps.
The FTC first surveyed kids’ mobile apps in 2011. Since then there has been little progress toward giving parents the information they need to determine what data is being collected from their children, how it is being shared, or who will have access to it. Many any of the apps examined included interactive features, such as connecting to social media, and sent information from the mobile device to ad networks, analytics companies, or other third parties, without disclosing these practices to parents.
Disturbingly, the shared information included login information across multiple sites, GPs location information and device ID information.
By now most small business owners are aware that Cybersecurity is an issue. But, how much time and capital should be spent on cybersecurity protection? This article discusses three key factors that should play into that decision.
Factor #1 Awareness.
According to some experts, the biggest problem that small business owners face is simply awareness of the risk. This includes awareness by employees as well.
Most data leaks and other security incidents are caused by employees who are either unaware of security protocols or indifferent to them. Regardless of the level of security in your data center or the strength of encrypted communications, the weakest link will almost always be the human beings interacting with the network.
To address this risk, small business owners need to focus on training and awareness for employees. However, company management is usually focused on sales and customer service. Further, owners often lack the time and expertise needed to properly assess security risks. Companies in any industry should look to partner with a third-party security firm to asses risks and develop appropriate training.
Factor #2 Employee Training.
Training is the first line of defense against cyber threats. This training needs to include the entire company, and should cover three key areas: (a) proper password management on all company services and devices, including clear procedures for new and departing employees, as well as day-to-day usage; (b) clear guidelines for the sharing of information with remote employees, partners and third parties; and (c) a plan for monitoring usage and privileges to the company’s digital assets.
Employee training needs to account for how the public will access your company’s products or services. For example, what if a hacker got into a system by pretending to be another user? By rolling out new features slowly, its easier to identify and fix security loopholes.
All stakeholders need awareness of: (a) the type of information you’re transmitting (e.g. payment information), (b) the visibility of information you’re transmitting (e.g. highly-publicized public launch vs. a quiet rollout of some new software), and (c) the level of security inherent in the transmission (e.g. encrypted emails and documents shared via a secure server or data shared publicly through public networks and via social media sites.
Factor #3 Vigilance (Monitoring).
For some companies everything is available and accessed online. Since online relationships are built upon trust, it is critical that the company actively monitor the security and transparency of this relationship. Many tools are available to measure and respond to risk factors and gauge likelihood of an impact to help determine the level of investment required. Resources can be assigned to anything with high likelihood and high impact.
For example, monitoring potentially fraudulent user accounts has an immediate commercial benefit as well as reducing risk.
Unfortunately, a common misconception is that putting up basic defenses like firewalls will protect security vulnerabilities. However, after reinforcing your Cybersecurity defense, the focus should shift to monitoring and alerting. In many cases, this may require up-front investments to enable tracking and alerting to irregularities in network and data activity. Fortunately, in the event of a breach or a loss of data, this monitoring information will be the key factor in addressing the problem and pinpointing the issue. Managers, employees and business partners need to understand that Cybersecurity is an ongoing process. Awareness, training and monitoring will go a long way toward enhancing a small business’ Cybersecurity preparedness.
About the Author:
David M. Adler, Esq. is a partner in the Chicago office of Leavens, Strand, Glover & Adler, LLC, a boutique intellectual property and entertainment law firm in Chicago, Illinois whose mission is providing businesses with a competitive advantage by enabling them to leverage their intangible assets and creative content in order to drive innovation and increase overall business value. The practice is organized around five major substantive areas of law: Intellectual Property Law, Commercial & Finance Law, Entertainment & Media Law, Corporate Law and Contract Law.
Contact us for a free consultation today. Dadler @ lsglegal (dot) com or (866) 734 2568
By TIM SMITH — The Greenville News. A month after state officials learned of a massive data breach at the Department of Revenue, officials are still discussing what security measures to take to protect all of the state’s computer systems.
Now that the President’s electoral and popular vote victories are in the books, their various ramifications are still being felt. One key element of the addition of four more years to the President’s legacy is the issue of cybersecurity.
The Cyber Security panel taking place in Tel-Aviv this week at the HLS 2012 event is attracting considerable interest on the backdrop of the recent revelations of massive Iranian cyber attacks crippling the networks of Aramco Oil Company in Saudi Arabia.
Cyber security facility launched
Alpena News
YPSILANTI, Mich. (AP) — Michigan Gov. Rick Snyder has announced the opening of a facility designed to help electronic security professionals detect and prevent cyber threats and attacks.
Evolving Cyber Crooks Waiting For That Click
The Borneo Post
On the final day of the three-day Cyber Security Awareness campaign, Mohd Izuddin bin Hj Md Hussin, Learning Solution Specialist from Tech One Global, who delivered a public talk on ‘Protect your Computer, Your Family and Yourself’ at Times Square.
On September 25, 2012, the Federal Trade Commission announced a settlement with seven rent-to-own companies that secretly installed software on rented computers, clandestinely collected information, took pictures of consumers in their homes (WTF?!) and tracked these consumers’ locations.
If you haven’t vomited on your computer from the sickening outrage, you can read the FTC press release here.
Software design firm DesignerWare, LLC licensed software to rent-to-own stores ostensibly to help them track and recover rented computers. The software collected the data that enabled rent-to-own stores, including franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase, to track the location of rented computers without consumers’ knowledge
According to the FTC, the software enabled remote computer disabling if it was stolen, or if the renter failed to make payments. It included an add-on purportedly to help stores locate rented computers and collect late payments. Alarmingly, the software also collected data that allowed the rent-to-own operators to secretly track the location of rented computers, and thus the computers’ users.
When activated, the nefarious feature logged key strokes, captured screen shots and took photographs using a computer’s webcam, according to the FTC. It also presented a fake software program registration screen that tricked consumers into providing their personal contact information.
“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said Jon Leibowitz, Chairman of the FTC. “The FTC orders today will put an end to their cyber spying.”
“There is no justification for spying on customers. These tactics are offensive invasions of personal privacy,” said Illinois Attorney General Lisa Madigan.
I’m surprised at how often I receive commercial bulk email messages that are not compliant with the Federal CAN SPAM act.The two biggest mistakes I see are 1) no physical address and 2) no opt-out/unsubscribe mechanism.
Image via CrunchBase
Another common mistake is a “blind” bulk email address list like “Undisclosed-Recipients@email.com.” Not only do I NOT know which address this received the offensive message, there usually isn’t even a proper return address for me to send an “Unsubscribe” message.
With the popularity of social media, you’ve probably received a Twitter promotion for iPhones, special deals, free downloads, etc. While it’s easy to dismiss poorly-written tweets from obvious spammers, when someone replies to you on Twitter, says “must read, check it out” and the topic is clearly the kind of thing you read and share it’s more difficult to tell. Often, these are from legitimate accounts where a human has taken the time to compose and send the message.
In light of the growing use of electronic mail (“email”) messages for advertising, marketing, corporate communications and customer service, is essential to have some familiarity with the Federal “Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003” also known as the CAN SPAM Act (the “Act”) The Act provides the parameters of its application, explicit prohibitions, requirements for transmission of legally compliant email messages including the “Opt-Out” mechanism and vicarious liability. Generally speaking, the Act was written to prohibit the fraudulent, deceptive, predatoryand abusive practices that threaten to undermine the success and effectiveness of commercial email and email marketing.
Congress drafted the Act to impose limitations and penalties on the transmission of unsolicited commercial email messages. Unlike some state initiatives, the Act is an “opt-out” law. Put another way, for most purposes permission of the e-mail recipient is not required. However, once an email recipient has indicated a desire to opt-out or no longer receive such messages, failure to comply with the recipient’s request may subject both the sender and the person or entity on whose behalf the message was sent to severe penalties.
Frequently asked question about the Act include:
1) To Whom Does The Act Apply? The Act applies to any person or entity that sends email.
2) What Activities Are Prohibited By The Act? The Act is primarily concerned with explicitly prohibiting certain predatory and abusive commercial email practices.
3) What Are The Requirements For Sending Email Messages? Section 5(a) of the Act sets requires the inclusion non-misleading information regarding: (a) transmission, (b) subject, (c) email address, (d) Opt-out and physical address, and (e) clear and conspicuous language identifying sexually-oriented messages.
4) Who Can Be Liable for Violations? The Act applies to both the party actually sending the commercial email messages and those who procure their services.
Discussion
The primary substantive provisions of the Act can be divided into three parts found in Section 4, Section 5 and Section 6. Section 4 of the Act addresses “predatory and abusive” practices prohibited by the Act. Section 5 details the requirements for transmission of messages that comply with the Act. Section 6 details the requirements for transmission and identification of sexually-oriented messages. Section 6 is not discussed in this article.
Section 4 of the Act lists specific “predatory and abusive” practices prohibited by the Act. In short, the Act specifically prohibits: (i) accessing a computer without authorization for the purpose of initiating transmission of multiple commercial email messages, (ii) transmission of multiple commercial email messages with the intent to deceive or mislead recipients, (iii) transmission of multiple commercial email messages with materially false header information, (iv) registration of email accounts or domain names using information that materially falsifies the identity of the actual registrant, and (v) false representations regarding the registration of Internet Protocol addresses used to initiate multiple commercial email messages.
The second relevant part, set forth in Section 5 of the Act, details the requirements for transmission of messages that comply with the Act. Subject to certain limitations discussed below, the Act requires that email messages contain: (i) transmission information that is not materially false or misleading, (ii) subject information that is not materially false or misleading, (iii) a return address or comparable mechanism for opt-out purposes, (iv) identifier, Opt-out and physical address, and (v) clear and conspicuous language identifying sexually-oriented messages as such. (Note, this last requirement is not discussed. See above.) Lastly, the Act implicates both commercial email transmission service providers as well as those who procure their services.
To Whom Does The Act Apply?
The Act applies to any person or entity that sends email. The Act specifically regulates “commercial electronic mail messages,” defined as any email message “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” However, the Act specifically excludes from this definition “transactional or relationship messages.” A “transactional or relationship message” falls within one of five categories of messages:
communications that facilitate, complete or confirm a commercial transaction previously agreed to by the recipient;
communications that provide warranty or other product information with respect to a product or service previously used or purchased by the recipient;
notifications with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship;
information directly related to an employment relationship or related benefit plan in which the recipient is currently involved; and
communications to deliver goods or services, including product updates or upgrades, under the terms of a transaction previously agreed to by the recipient.(Emphasis added.)
The purpose for the distinction between “commercial electronic mail messages” and “transactional or relationship messages” is to exempt certain types of communications from compliance with all the message transmission requirements of the Act. As should be clear from the list above, the Act distinguishes the types of communications based on the relationship between the sender and recipient rather than on the character of the message. Put another way, so long as the communication is related to some type of existing business relationship, it is not a “commercial electronic mail message.”
What Activities Are Prohibited By The Act?
Section 4 of the Act is primarily concerned with prohibiting certain predatory and abusive commercial email practices. Section 4(a) amends Chapter 47 of Title 18 of the United States Code by adding Section 1037 which specifies the offenses that constitute “fraud and related activity in connection with email.” An offense is committed by anyone who directly or indirectly, knowingly:
accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or
falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses.
Clearly, Section 4 is primarily concerned with preventing practices whereby the sender intentionally, either through outright fraud or other deception, conceals its true identity or the true commercial character of the message.
What Are The Requirements For Sending Email Messages?
Section 5(a) of the Act sets forth certain other protections for the users of commercial email.
Accurate Transmission Information. Among the affirmative requirements of Section 5(a), Section 5(a)(1) prohibits sending either a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. Unlike the general prohibition against sending messages with materially false header information under Section 4, in addition to having technically accurate transmission information, the sender is prohibited from having used false pretense or other deceptive means to acquire such information (e.g. email accounts, domain names and IP addresses). Furthermore, the “from” line must “accurately identify the person transmitting the message.” Lastly, the sender must accurately identify the computers used to originate, relay or retransmit the message.
Note, the following only apply to commercial electronic mail messages:
Accurate Subject Information. Messages must have accurate subject information. Subject information would not be accurate if a “person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that a subject heading of the message would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.”[8]
Inclusion of Opt-out Mechanism. Messages MUST contain a functioning return email address or other Internet-based mechanism (e.g. hyperlink), that is clearly and conspicuously displayed that enables a recipient to submit a request to opt-out of future email messages from the sender whose email address was contained in the message. The opt-out mechanism (whether email address or hyperlink, etc.) must remain functional for at least thirty (30) days after the transmission of the original message.
Removal After Objection. If a recipient makes a request using the opt-out mechanism, the sender shall not transmit any further messages to the recipient, more than ten (10) business days after the receipt of such request, if such message would fall within the scope of the request. A third-party acting on behalf of the sender shall not transmit or assist others to transmit, any further messages to the recipient, more than ten (10) business days after the receipt of such request, if such third party knows or should know of the recipient’s objection. Lastly, the sender and any third party who knows that the recipient has made such a request, shall not sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient for any purpose other than compliance with the Act or other provision of law.
Inclusion of Identifier, Opt-out & Physical Address. Every message must clearly and conspicuously: (i) identify the message as an advertisement or solicitation; (ii) provide notice of the opportunity to opt-out of future communications; and (iii) provide a valid physical postal address of the sender. However, the notice that a message is an advertisement or solicitation does not apply where the recipient has given prior affirmative consent to receive the message.
Related Activities Proscribed.
Other prohibitions in the Act concern unethical or unscrupulous practices that tend to coincide with deceptive or abusive email. Several common methods for generating email distribution lists have also been proscribed. The Act prohibits certain unethical practices such as:
hijacking another email server to send or relay messages;
“harvesting” email addresses that appear on others’ Web sites;
randomly generating email addresses;
knowingly linking an email ad to a fraudulently registered domain; and
participating in other offenses such as fraud, identity theft, etc.
Who Can Be Liable for Violations?
The Act applies to both the party actually sending the commercial email messages and those who procure their services.[9] One cannot “outsource” its “spam” and thereby avoid liability under the Act. One may be held accountable if the email service employed isn’t actually using a legally-compiled or permission-based list. Under some parts of the Act one may be held liable for employing a third party to distribute the messages “with actual knowledge, or by consciously avoiding knowing, whether such [third party] is engaging or will engage, in a pattern or practice that violates this Act.”
CONCLUSION
The Act was written to prohibit the fraudulent, deceptive, predatory and abusive practices that threaten to undermine the success and effectiveness of commercial email and email marketing. Since Bacon’s uses email to communicate with employees, vendors, existing and prospective customers, Bacon’s is clearly subject to the Act. The Act focuses on enumerating proscribed activities rather than affirmative obligations to make it easier for legitimate, honest businesses to comply with the Act. The Act distinguishes communications based on a previously existing relationship between the sender and the recipient from those communications that are prospective in nature. Generally, email messages not based on a pre-existing relationship are subject to greater affirmative requirements.
Compliance Guidelines.
Be Aware of the Requirements for Transmitting Messages.
Computerworld – Germany’s cybersecurity agency on Monday urged users to drop Internet Explorer (IE) and switch to a rival, like Chrome or Firefox, until Microsoft patches a new critical bug in its browser.
Senators call for ‘cybersecurity’ executive order. This summer’s partisan sparring that derailed a federal cybersecurity law has resumed, with Democrats proposing an executive order and Republicans saying it would levy “more mandates.”
“The nation is in dire need of people who are capable of handling the cybersecurity challenges we face,” professor of computing and information sciences Xinming “Simon” Ou said. “We are lagging behind in the number of experts we have versus the threats.
Amid escalating partisan rhetoric over the bipartisan goal of protecting U.S. computer systems from terrorist attacks, Texas Kay Bailey Hutchison criticized President Obama for a “heavy handed, regulatory regime” that would be created.
18, 2012 /PRNewswire-USNewswire/ — The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online and official coordinator of Data Privacy Day (DPD), today …
Over the past few years, the Obama administration and Congress have taken a variety of legislative runs at creating comprehensive cybersecurity law. See Also: How cybersecurity is like Star Trek’s transporter.
Cyber security is the biggest challenge for the government’s universal credit roll-out, welfare reform minister David Freud has told a select committee. Speaking to a select committee, pensions minister Ian Duncan Smith said government had consulted …
Neil Weicher wants to win the battle in cyber security. NetLib, a Stamford, Conn.-based provider of encryption software founded by Weicher, has partnered with the Center for Internet Security, a non-profit focused on cyber security readiness.
The Government Communications Headquarters (GCHQ) said those aged 16 or over and not already working in cyber security could apply to test their ability to guard a computer network but only 150 contestants at most would be eventually allowed.
The FBI’s former top attorney for cybersecurity, Steven Chabinsky, who stepped down this month, thinks the FBI is doing a great job battling the problem, but told the Washington Post that the “federal government” has taken a “failed approach”.
The Federal Trade Commission has published a guide to help mobile application developers observe truth-in-advertising and basic privacy principles when marketing new mobile apps. The FTC’s new publication, “Marketing Your Mobile App: Get It Right from the Start,” notes that there are general guidelines that all app developers should consider. They include:
Tell the Truth About What Your App Can Do. – “Whether it’s what you say on a website, in an app store, or within the app itself, you have to tell the truth,” the publication advises;
Disclose Key Information Clearly and Conspicuously. – “If you need to disclose information to make what you say accurate, your disclosures have to be clear and conspicuous.”
Build Privacy Considerations in From the Start. – Incorporate privacy protections into your practices, limit the information you collect, securely store what you hold on to, and safely dispose of what you no longer need. “For any collection or sharing of information that’s not apparent, get users’ express agreement. That way your customers aren’t unwittingly disclosing information they didn’t mean to share.”
Offer Choices that are Easy to Find and Easy to Use. – “Make it easy for people to find the tools you offer, design them so they’re simple to use, and follow through by honoring the choices users have made.”
Honor Your Privacy Promises. – “Chances are you make assurances to users about the security standards you apply or what you do with their personal information. App developers – like all other marketers – have to live up to those promises.”
Protect Kids’ Privacy. – “If your app is designed for children or if you know that you are collecting personal information from kids, you may have additional requirements under the Children’s Online Privacy Protection Act.”
Collect Sensitive Information Only with Consent. – Even when you’re not dealing with kids’ information, it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information.
Keep User Data Secure. – Statutes like the Graham-Leach-Bliley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security for sensitive information.
Into the data jungle – in association with Huron Legal
The Lawyer
Technological developments such as cloud computing, social networking and mobile apps mean EU law is no longer fit for purpose. The EU claims current laws often conflict and cost businesses a total of nearly £2bn a year.
Saudi Arabia considers law against insulting Islam
Bangladesh News 24 hours
JEDDAH, Saudi Arabia, July 16 (bdnews24.com/Reuters) – Saudi Arabia is studying new regulations to criminalise insulting Islam, including in social media, and the law could carry heavy penalties, a Saudi paper said on Sunday.
Mind the missteps in online job dance
Lawyers Weekly
With some background check firms specializing in social media searches (U.S.-based Social Intelligence Corp. for one), how do third-party recruiters use social media when screening or finding clients for law firms in Canada?
Saudi Arabia looking to criminalize Islam insults on social media
Bikya Masr
DUBAI: The Saudi Arabia government is looking to ensure users on social media networking sites do not insult Islam or the Prophet Mohamed, al-Watan newspaper reported on Sunday, citing officials who said a new law could bring “heavy” penalties.
10 Tactics for Integrating Photographs into Content Marketing
Business 2 Community
Acquire digital rights for images. Remember when using images, especially photographs, your legal team is your best friend. Ensure that you’ve got the right to use the photos by incorporating outtakes and additional shots for social media.
Syracuse Neighborhood Watch plans to increase social media outreach
CNYcentral.com
New program coordinator plans more email, social media contact. … CNY Biz Central – Legal. Helpful advice about finding the right attorney for your legal needs. CNY Biz Central. Get information from our team.
Reasonable Expectations of Privacy in the Digital Age
Mondaq News Alerts (registration)
In this digital age of smart phones, global positioning systems, cloud computing, and social networking, determining what constitutes private information and what lengths our legal system will go to protect it is increasingly challenging.
Sale Of Digg Reminder Of Potential Risks To Facebook And Other Social Media …
Seeking Alpha
In 2011, social media watchers may recall reading in Bloomberg that Myspace, which had been purchased by News Corporation (NWS) for $580 million in 2005 had reportedly been sold for just $35 million to private investors, including Justin Timberlake. In …
Homeowners Bill of Rights passes in California
Examiner.com
According to Assembly Speaker John Perez (D-Los Angeles), the key provisions of the Homeowners Bill of Rights legislation include: “a requirement that a person or team of persons employed by a lender to be a single point of contact for the homeowner.
Facebook Joins California Mobile App Privacy Program
InformationWeek
California launched its mobile app privacy program in February 2012, just one day before the White House announced its proposed Consumer Privacy Bill of Rights. From the outset, the state announced that the six companies with the biggest mobile app …
Descendants of the signers to read the Declaration of Independence on July 4
American Civil Liberties Union News and Information (blog)
“My professional career has been dedicated to advancing people’s rights and liberties as outlined in the Declaration and in the Constitution and its Bill of Rights,” said Murphy, the Director of the American Civil Liberties Union’s Washington …
Independence Day: Ghosts of SCOTUS on the fundamental right to privacy
Network World
While the Constitution may not specifically state the right to privacy, the Bill of Rights most assuredly protects aspects of privacy. In 1965, the Supreme Court ruled 7-2 on the landmark case, Griswold v. Connecticut, and the Justices referenced the …
Why Kansas City is getting Internet 100 times faster than everyone else
Alaska Dispatch
Yesterday, an impressive coalition of companies and Internet and human rights activists endorsed a Declaration of Internet Freedom that aims to start a discussion about the basic principles that should underlie online access. Among the 20000 groups or …
Celebrate your independence: You have rights as a taxpayer
Savannah Morning News
Years after the War the Bill of Rights was drafted and 10 amendments were added to our Constitution. … Privacy and confidentiality: The IRS may not discuss any of the facts and information given to them with anyone except in accordance with the law.
Do you have information or data privacy and security concerns? Contact David Adler at Leavens, Strand, Glover & Adler for a free consultation.
Financial Services is one of the most heavily regulated industries. As electronic communications devices and platforms proliferate, message retention and oversight is a top priority for many compliance officers. A recent survey of compliance professionals in the financial services industry identified the following key issues:
Firms are working smarter, not harder to manage the growing compliance burden.
As the types of messages that Financial services firms are required to monitor and store continue to increase, firms are re-evaluating and updating supervision and retention procedures. Key areas of compliance concerns are
New regulations
New communications channels (e.g. social media, text messaging)
New communications devices (e.g. smartphones and tablets)
Increased scrutiny/enforcement by regulators
Inefficiencies of the supervision process
Mobile devices and communications are emerging as a top concern.
Like many other industries, Financial Services firms are facing the “Bring Your Own Device” (BYOD) challenge: growing use of smartphones and tablets as well as adoption of mobile-specific communications like text messaging. This presents a challenge to conventional compliance practices which has not gone unnoticed by regulators. Last year, FINRA issued Regulatory Notice 11-39, stating that firms are required to retain, retrieve and supervise business communications regardless of whether they are conducted from a work-issued device or a personal device. This presents a challenge to companies that must separate business and personal communications in order to ensure regulatory compliance.
Social Media and other online communication channels present new concerns.
Use of Social Media is on the rise in the Financial Services industry. However, policies and procedures for supervision and retention lag behind the pace of adoption. In terms of the most requested message types during examination! Email was first, followed by Website pages (including
RSS feeds, blogs, wikis) with Bloomberg or Reuters messages and instant messages ( tied for third place.
Conclusion
While regulatory examiners are increasing their oversight and moving from a check-the-box approach to compliance to scrutiny of the messages themselves, financial services firms are getting more savvy about their approach to compliance. In addition, as the opportunities for new types and channels of electronic communications increase, so too are the archiving and supervision technologies allowing firms use of these emerging communication tools with a greater sense of security.
Ping® by AdlerLaw A Legal Blog 