News & Insights  |  Articles

New Media Tools: Look Out for Privacy Traps

Mass Media Headlines
January 2011

Broadcasters are benefitting from all sorts of new media tools, like enhanced websites, social networking and mobile applications.  New functionality can drive users to online offerings, and raise the profile of associated TV and radio stations.  It can also strengthen the historical partnership between local broadcasters and local businesses, as the recent online coupon craze demonstrates.  Also, online advertising provides an important new revenue stream, and as targeted advertising grows more sophisticated, broadcasters can demand higher premiums for advertising space. 

Yet with these opportunities, care must be taken to keep privacy-related risks in check.  A good operating assumption is that new media tools will collect some information about individuals.  Such information does not necessarily need to identify an individual by name in order to carry concerning privacy implications.  Wrong steps could lead to reputational injuries at least, and data breaches, enforcement actions or civil penalties at worst.

Each broadcaster's use of new media raises different privacy risks.  But privacy hot spots tend to appear consistently in the following areas:

  • Does your content attract children?  Online offerings might foreseeably be attractive to kids 12 years old and younger.  Or, a broadcaster could be aware that it actually has collected children's personal information online.  Consider, a website reflecting a station's "Top-40" format might officially target an older teen/young adult demographic, but offer considerable "tween" appeal.  Such situations are rife with legal risk under the Children's Online Privacy Protection Act (COPPA), which is actively-and publicly-enforced by the Federal Trade Commission (FTC), sometimes with seven-figure settlement penalties.
  • Is your privacy policy up-to-date?  Privacy policies can quickly become stale as broadcasters add new online offerings or change the way they handle personal information in response to new opportunities.  An outdated policy poses legal risks, as falling short of its promises could amount to "unfair or deceptive trade practice."  Both the FTC and state Attorneys General have pursued failures to uphold privacy policies, which are binding public representations about how a company will deal with personal information.
  • Have you covered the information security basics?  If your website or mobile app engages in any type of e-commerce, do you encrypt the transaction, and especially any credit card numbers?  In the "back office" supporting your online offerings, are default usernames or passwords avoided?  Wireless connections secured?  Where basic security precautions were not taken, the FTC has publicly shamed companies that suffered security breaches.  Notably, a company need not necessarily make a public representation concerning information security in order to be caught in the FTC's net.
  • Do you know which marketing laws apply to your campaigns?  Do you plan to market your offerings or those of your partners by text message?  Email?  Phone call?  Fax?  If so, federal or state law could limit whom you can contact or require certain opt-out choices.  Violations of such law could lead to enforcement actions, and in some cases, private rights of action.
  • Do your mobile applications use location information?  Broadcasters using mobile applications could be using location information to enhance the service. Yet, location information is sensitive, and certain legal limitations apply. 
  • Do you know what your partners and vendors are doing?  New media is truly an "ecosystem," where a single service can involve a web of retailers, communications providers, vendors, advertisers, transaction processors, and so on, connected through different types of legal relationships.  All of these parties could be using personal information while conducting business important to a broadcaster's new media strategy.  Thus, broadcasters should understand how its associates are using and securing personal information, the risks that could rebound upon the broadcaster, and where appropriate, make sure that the broadcaster's privacy policy is being upheld.
  • Do you use online advertising best practices?  Congress, the FTC, state authorities and privacy advocates are ready to regulate online targeted advertising unless industry self-regulation is found to work.  Broadcasters have an interest in maintaining a self-regulatory regime, where innovative technology and business arrangements can be quickly put to use.  Furthermore, unintended consequences of regulation could choke off the important revenue streams that ultimately fund free online services.  Accordingly, broadcasters should consider adhering to voluntary guidelines concerning online ads that industry groups have developed.  They may also wish to participate in ongoing policy debates.  They should understand the types of technology that their ad networks use, and avoid especially intrusive or aggressive mechanisms.

Every company should periodically review its privacy and security practices to make sure that it is avoiding common pitfalls.  For more information on how Wiley Rein can help with an efficient, targeted audit of privacy and security practices, and for pricing options, please contact the attorney below.