{"id":1725,"date":"2018-04-18T20:06:22","date_gmt":"2018-04-19T01:06:22","guid":{"rendered":"http:\/\/blogs.luc.edu\/compliance\/?p=1725"},"modified":"2018-04-18T20:06:22","modified_gmt":"2018-04-19T01:06:22","slug":"dodging-the-pitfalls-on-the-path-to-success-data-management-risks-and-how-to-mitigate-them","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/compliance\/?p=1725","title":{"rendered":"Dodging Pitfalls on the Path to Success: Data Management Risks and How to Mitigate them"},"content":{"rendered":"

John Martin
\nAssociate Editor
\nLoyola University Chicago School of Law J.D. 2018<\/em><\/p>\n

Every day, thousands of gigabytes of data flow around the world.\u00a0 Transfers between consumers and producers make up a large portion of that data.\u00a0 There has been talk recently of the commercialization of said data, such as Facebook and Google selling their users\u2019 data to third parties.\u00a0 These third parties are more than willing to pay large sums for this information, as it provides actionable data on consumer trends, such as their likes and dislikes.\u00a0 This data can be used by companies to shift their marketing strategies to capture a greater market share.\u00a0 For the e-commerce retailer, whether large or small, this data can be valuable as a resource and a commodity.\u00a0 As such, knowing what you can and can not do with the data is important.\u00a0 Here, we will be discussing Data Management risks when it comes to the collection of consumer data.<\/p>\n

In the United States, no single law exists at the federal level regarding the collection and use of personal data. Rather, there is a patchwork of federal and state laws that sometimes overlap and contradict one another. There are guidelines developed by various agencies and industry groups that lack the force of law but are considered \u201cbest practices\u201d for a business to follow.<\/p>\n

Some of these laws include the Federal Trade Comission Act (FTC) (15 U.S.C. \u00a7\u00a741-58) prohibiting unfair or deceptive practices, the Children\u2019s Online Privacy Protection Act (COPPA) (15 U.S.C. \u00a7\u00a76501-6506) which concerns the collection of information from children, the CAN-SPAM Act (15 U.S.C. \u00a7\u00a77701-7713 and 18 U.S.C. \u00a71037) and the Telephone Consumer Protection Act (47 U.S.C. \u00a7227 et seq.) which regulate the collection and use of e-mail addresses and telephones, and the Electronic Communications Privacy Act (18 U.S.C. \u00a72510) which regulates the interception of electronic communications.\u00a0 If your sector of business involves medicine and the health industry, HIPPA, or the Health Insurance Portability and Accountability Act (42 U.S.C. 1301 et seq.), as well as other HIPPA related laws may come into play as well.<\/p>\n

In addition to these federal statutes, there are state laws and statutes on the books that restrict what information can be collected and what it can be used for. \u00a0For example, California has a number of privacy laws on the books, more so than any other state.\u00a0 California led the way in security breach notification laws, and many other states have taken their cues from California\u2019s work.\u00a0 Security breach notification laws compel the owners of any data that includes personal data to notify if there is a breach of the system.\u00a0 Massachusetts has an extensive listing of the security protocols, codified in Massachusetts Regulation 201 CMR 17.00.<\/p>\n

All of these laws impact the e-commerce retailer and must be taken into consideration when a retailer is deciding how best to set up their business.\u00a0 These laws stress the crucial importance of having a privacy policy.\u00a0 Different consumers have different tolerances for what data can be collected and used.\u00a0 It is better to err on the side of caution in these situations.\u00a0 Crafting a policy that limits the amount of data retained and available to the retailer might seem as handicapping the retailer\u2019s ability to improve revenue through the sale of such information, but it may be better to avoid the potential pitfall.<\/p>\n

A privacy policy should be clear cut, indicating what personal information you will collect from site visitors, who that information will be shared with, and how that information will be properly stored.\u00a0 This is something that may be applicable only to retailers that have standalone websites, and not those who sell through a third party, such as Amazon, Etsy, or Shopify. However, including a privacy policy on your site within that third party seller adds another layer of disclosure, even if it is a mirror of that site\u2019s policy.<\/p>\n

It is highly advised that your privacy policy be written or reviewed by a lawyer.\u00a0 The Small Business Administration<\/a> has a useful resource on best practices when it comes to writing a privacy policy.<\/p>\n

Ultimately, this aspect of setting up your e-commerce endeavor, or improving it if you\u2019ve already been in business for some time, may seem a costly one from the consumption of time and money.\u00a0 While your business may not deal with the volume of data or the sensitive nature of data, it is sobering to remember what recently happened with the Equifax breach in 2017, as well as the Target data breach in 2013.\u00a0 More recently, the Facebook Cambridge Analytica data breach as well as the UnderArmour breach remind us of the importance of strong protections.\u00a0 The breaches are happening more often, so everyone who deals with such data must keep these requirements in mind.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Every day, thousands of gigabytes of data flow around the world. Transfers between consumers and producers make up a large portion of that data. There has been talk recently of the commercialization of said data, such as Facebook and Google selling their users\u2019 data to third parties. These third parties are more than willing to pay large sums for this information, as it provides actionable data on consumer trends, such as their likes and dislikes. This data can be used by companies to shift their marketing strategies to capture a greater market share. For the e-commerce retailer, whether large or small, this data can be valuable as a resource and a commodity. As such, knowing what you can and can not do with the data is important. Here, we will be discussing Data Management risks when it comes to the collection of consumer data.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[567,575,677,1690],"class_list":["post-1725","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-data-breach","tag-data-security","tag-e-commerce","tag-regulation"],"_links":{"self":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/1725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1725"}],"version-history":[{"count":0,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/1725\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}