By Kristen V. Brown

AncestryDNA, owned by the company behind family-tree website Ancestry.com, has taken at least one step toward making its policies more transparent. The company’s privacy policy and terms of use agreements have been updated so that they are actually easy to understand for anyone with a basic command of English.

In addition to simplified language, the company combined its policies for Ancestry and AncestryDNA so that users can find them in one place instead of two. The company’s launched a new Privacy center that make key parts of the policies easily visible.

Now, this doesn’t necessarily mean that you should never ever do a consumer DNA test. DNA tests can be fun and sometimes even informative. But you should be aware of what you’re giving away when you give up access to your genetic information. And Ancestry’s new, more transparent policy is a good step toward helping us all be more aware.

Read full article and learn more about Privacy Policy here.

Here’s How To Make Sure You, Your Business & Website Is FTC Compliant

By now it should be clear how important it is for you to be FTC compliant. But how can you do that without spending $7,500-$8,000 or more on Internet Attorneys?

Smart business owners around the world are doing it with the help of FTC Guardian.

FTC Guardian is a service that is 100% focused on helping to keep you get and stay FTC compliant and fully protected. And right now, we are offering a free training to give you the knowledge, information, and guidance that you need to stay out of trouble with the Federal Trade Commission.

Free Compliance Workshop: Join Chip Cooper, Esq., the #1 FTC Compliance trainer in the World, for a one-of-kind, completely free online compliance workshop. Workshops fill up quickly, so register now.

Here are some of the things you’ll discover on the training:

• Real-Life Examples of People Who Didn’t Think They Were At Risk, But Who Got Nailed By The FTC, And Why It Could Happen To You, Too

• The 3 Enormous Powers The FTC Has That Can Change Your Life – And Your Family’s Life – Forever!

• How to Avoid FTC Claims When Collecting Leads With Optin Forms

• 3 Privacy Policy Mistakes Every Digital Marketer Is Making, And Why You’re In The FTC Crosshairs.

• And Much More…

Remember: legal protection is a massively important part of your business, and it’s one you cannot afford to ignore any longer.

Go here to register for our next FREE training and make your business is FTC compliant today!

Disclaimer:  This article is provided for informational purposes only. It’s not legal advice, and no attorney-client relationship is created. Neither the author nor FTC Guardian, Inc. is endorsed by the Federal Trade Commission.

By Lauren B. Aronson 

Subscription services for everything from food delivery to beauty products to exercise gear have grown exponentially in the past five years. Such services require consumers to enroll in a program to purchase goods on a consistent basis. They typically automatically renew, often on a monthly basis, and require customers wishing to cancel to take affirmative steps to avoid being charged. Marketers know that consumers often fail to take steps to cancel timely, which only benefits the marketers’ bottom lines.

With the explosion of subscription business models, consumer complaints have skyrocketed as well, with consumers complaining that the terms of the negative option offer – an offer that interprets a consumer’s failure to take an affirmative action as an agreement to be charged – were not clearly explained. For example, consumers have complained that were not told they would be charged each month, were not adequately reminded of how to “skip” being charged each month, that prepaid credits expire without notice, and that it can be difficult to cancel. Thus, subscription businesses have faced increasing regulatory scrutiny and all advertisers that offer products or services that automatically renew should pay close attention.

Read full article and learn more about ROSCA here.

Here’s How To Make Sure You, Your Business & Website Is FTC Compliant

By now it should be clear how important it is for you to be FTC compliant. But how can you do that without spending $7,500-$8,000 or more on Internet Attorneys?

Smart business owners around the world are doing it with the help of FTC Guardian.

FTC Guardian is a service that is 100% focused on helping to keep you get and stay FTC compliant and fully protected. And right now, we are offering a free training to give you the knowledge, information, and guidance that you need to stay out of trouble with the Federal Trade Commission.

Free Compliance Workshop: Join Chip Cooper, Esq., the #1 FTC Compliance trainer in the World, for a one-of-kind, completely free online compliance workshop. Workshops fill up quickly, so register now.

Here are some of the things you’ll discover on the training:

• Real-Life Examples of People Who Didn’t Think They Were At Risk, But Who Got Nailed By The FTC, And Why It Could Happen To You, Too

• The 3 Enormous Powers The FTC Has That Can Change Your Life – And Your Family’s Life – Forever!

• How to Avoid FTC Claims When Collecting Leads With Optin Forms

• 3 Privacy Policy Mistakes Every Digital Marketer Is Making, And Why You’re In The FTC Crosshairs.

• And Much More…

Remember: legal protection is a massively important part of your business, and it’s one you cannot afford to ignore any longer.

Go here to register for our next FREE training and make your business is FTC compliant today!

Disclaimer:  This article is provided for informational purposes only. It’s not legal advice, and no attorney-client relationship is created. Neither the author nor FTC Guardian, Inc. is endorsed by the Federal Trade Commission.

By Chip Cooper, Esq

I thought I’d seen and heard it all in my Internet law practice, until a client referred me to an interesting article about a kitty cat named Simba that walked across a keyboard and clicked on an online, click-through agreement (also known as a “click-wrapped” agreement).  The article is entitled “The Agreeable Cat”, by Ann Loucks (Google the title, and you can read it for yourself).

My client wanted to know whether the agreement was enforceable.  My reply – against Simba the cat, or its owner who put Simba up to this?

After a chuckle, I thought the question really had merit, and this is my analysis.

The Specht Case

The most significant case regarding the enforceability of online agreements is Specht v. Netscape Comms. Corp., a 2003 case in which the 2nd Circuit Court of Appeals upheld a district court decision that Netscape’s online agreement was not enforceable.  By holding that the agreement was unenforceable, the reasoning of the case provided specific guidelines for enforceability.

In the Specht case, Netscape's website developer designed its download page for Netscape's SmartDownload software with little regard for contract enforceability.

Netscape's download page provided a download button that triggered the download of the SmartDownload software. The only reference to a license agreement required the user to scroll to the bottom of the same web page which provided a link to the license agreement. Clicking on this link directed the user to another page which stated that use of the software was governed by a license agreement that required still another click before the user could read the contract terms.

The 2nd Circuit ruled that Netscape's agreement was unenforceable because of 3 deficiencies:

• the user did not have to click on an I ACCEPT button to indicate assent;
• the text on the web page accompanying the download did not clearly state that agreement was a pre-condition to use;
• the failure to provide “reasonable notice” of the existence of contract terms.

The Register.com and Two Ticketmaster Cases

Three additional cases – the Register.com case and two Ticketmaster cases – when taken together with the Specht case, make it clear that courts are most likely to enforce online agreements where the user gives express assent.

Express assent is usually given by clicking on an I ACCEPT button.

Now we get back to the facts of the hypothetical case involving Simba the cat.  Is the online agreement “accepted” by Simba enforceable against its owner who created the elaborate system for Simba to “agree”?

We’ll leave enforceability against Simba out of our analysis, out of deference to the agreeable cat.

Simba’s owner believes she has agreed to nothing.  She states:  “The download begins and I have personally agreed to nothing”.  In essence, she argues that since there is no express assent (by her), there is no binding contract.

Not so fast, according to Register.com, and the two Ticketmaster cases.  These cases also stand for the proposition that absent express assent, assent may be inferred from proof that a defendant (i) had actual notice that use or access was conditioned on legal terms, and (ii) continued to use or access a site, service, or software after acquiring that notice.

Conclusion

In summary, the online agreement would be enforceable against Simba’s owner if she had actual notice of legal terms and her use continued after acquiring that notice.

More important than the specific facts and result of the hypothetical case involving Simba the agreeable cat, are the fundamental principles that support virtually universal recognition that online agreements, provided they are presented properly, are generally enforceable, even in the absence of express assent — a significant legal foundation upon which our Internet economy depends.

By Tribune Star

A couple of years ago, Ancestry went into a partnership with a biotech company called Calico, owned by Google. The premise of this partnership was that Ancestry would make its customers’ DNA results available to this other company to use for their research purposes. It’s a for-profit venture on both sides. Ancestry sells its customers’ DNA data to Calico and Calico makes money off the research it does. Customers pay Ancestry to conduct the DNA test, but Ancestry and its partners stand to make billions.

This May, an attorney named Joel Winston, specialist in consumer protection, former deputy attorney general for New Jersey, and formerly in the Department of Justice, posted a warning to Ancestry customers when they consent to use the DNA services.

“To use the AncestryDNA service, customers must consent to the Ancestry Privacy Policy and Terms of Service. These are binding legal contracts between the customer and Ancestry. The most egregious of these terms gives Ancestry a free license to exploit your DNA for the rest of time…There are three significant provisions…to consider on behalf of yourself and your genetic relatives: (1) the perpetual, royalty-free, world-wide license to use your DNA; (2) the warning that DNA information may be used against “you or a genetic relative”; (3) your waiver of legal rights,” writes attorney Winston.

Read full article and learn more about Privacy Policy here.

Here’s How To Make Sure You, Your Business & Website Is FTCCompliant

By now it should be clear how important it is for you to be FTC compliant. But how can you do that without spending $7,500-$8,000 or more on Internet Attorneys?

Smart business owners around the world are doing it with the help of FTC Guardian.

FTC Guardian is a service that is 100% focused on helping to keep you get and stay FTC compliant and fully protected. And right now, we are offering a free training to give you the knowledge, information, and guidance that you need to stay out of trouble with the Federal Trade Commission.

Free Compliance Workshop: Join Chip Cooper, Esq., the #1 FTC Compliance trainer in the World, for a one-of-kind, completely free online compliance workshop. Workshops fill up quickly, so register now.

Here are some of the things you’ll discover on the training:

• Real-Life Examples of People Who Didn’t Think They Were At Risk, But Who Got Nailed By The FTC, And Why It Could Happen To You, Too

• The 3 Enormous Powers The FTC Has That Can Change Your Life – And Your Family’s Life – Forever!

• How to Avoid FTC Claims When Collecting Leads With Optin Forms

• 3 Privacy Policy Mistakes Every Digital Marketer Is Making, And Why You’re In The FTC Crosshairs.

• And Much More…

Remember: legal protection is a massively important part of your business, and it’s one you cannot afford to ignore any longer.

Go here to register for our next FREE training and make your business is FTC compliant today!

Disclaimer:  This article is provided for informational purposes only. It’s not legal advice, and no attorney-client relationship is created. Neither the author nor FTC Guardian, Inc. is endorsed by the Federal Trade Commission.

Online Resellers

By Chip Cooper, ESQ

Recent case law confirms once again: if online agreements are presented properly to end-users, they're  legally enforceable.

This continuing trend is good news for websites that contract with registered users though SaaS Agreements, Membership Agreements, Subscription Agreements, Terms of Sale, Content License Agreements, and the like.

Why?  Among other things, this means that important legal disclaimers and limitations of liability are legally enforceable.

But what about liability exposure arising out of customer contracts entered into by your resellers?  Are you liable for actions of your resellers?

The Direct Revenue Case

In the case of People v. Direct Revenue, the New York Attorney General in 2008 attempted to nail Direct Revenue for its distribution of software that served pop-up advertising software on consumers' computers.

Direct Revenue is in the advertising business. Its software client serves pop-up advertisements to consumer's computer screens through the Internet. Direct Revenue does not charge fees to consumers. Instead, it charges fees to the companies whose products it advertises.

It's interesting to note that one line of attack by the New York Attorney General focused on Direct Revenue's “click-wrapped” (where the user clicks on “I ACCEPT”) end user license agreement (EULA) and Direct Revenue's alleged deceptive and illegal practices. The court granted Direct Revenue's motion to dismiss the claims noting that sufficient disclosure was given in the EULA, and the required elements for an enforceable agreement were followed.

Having failed with its first line of attack, New York's additional line of attack focused on the customer agreements of Direct Revenue's resellers in an attempt to hold Direct Revenue liable. The result was the same as with the EULA — Direct Revenue was held not liable.

New York conceded that Direct Revenue's resellers were independent contractors rather than agents. Generally, a principal is not liable for acts of an independent contractor due to the lack of control over how the contractor's work is performed. In addition, the court noted that Direct Revenue's software distribution agreement required its distributors to obtain consent of consumers consistent with the EULA and prohibited distributors from holding themselves out as agents of Direct Revenue.

New York argued that Direct Revenue should be liable because   its servers  interacted  with the  consumers' computers in the software installation process. The court pointed out that participation in installation was not enough for liability in the absence of participation in deceptive conduct that induced the installation.

Finally, New York argued that Direct Revenue should be held liable for the actions of its resellers on the ground that Direct Revenue ratified the conduct of its resellers. The court ruled that mere knowledge of consumer complaints was insufficient to impose liability on Direct Revenue, especially in light of the fact that when Direct Revenue had actual knowledge of a reseller misconduct, it took steps to remedy the problem.

Conclusion – 3 Tips To Avoid Liability For Actions of Resellers

Potential liability for acts of online resellers is a major concern of ecommerce businesses which use reseller networks.

The Direct Revenue case teaches us that ecommerce sites may not be held liable for actions of their resellers if these 3 tips are followed:

• if you transfer anything to a user's computer, require your resellers to obtain consent of end-users consistent with your EULA – this means consent in clear and easy-to-understand (not deceptive) terms,
• prohibit your resellers from holding themselves out as your agents, and
• if a reseller does engage in misconduct, take affirmative steps to deal with the situation, including termination, if warranted (particularly if the reseller's actions tend to indicate an agency relationship).

These 3 tips won't guarantee that you have no exposure, but they'll go a long way to protecting you from liability for actions of your resellers.

Here’s How To Make Sure You, Your Business & Website Is FTC

Compliant

By now it should be clear how important it is for you to be FTC compliant. But how can you do that without spending $7,500-$8,000 or more on Internet Attorneys?

Smart business owners around the world are doing it with the help of FTC Guardian.

FTC Guardian is a service that is 100% focused on helping to keep you get and stay FTC compliant and fully protected. And right now, we are offering a free training to give you the knowledge, information, and guidance that you need to stay out of trouble with the Federal Trade Commission.

Free Compliance Workshop: Join Chip Cooper, Esq., the #1 FTC Compliance trainer in the World, for a one-of-kind, completely free online compliance workshop. Workshops fill up quickly, so register now.

Here are some of the things you’ll discover on the training:

• Real-Life Examples of People Who Didn’t Think They Were At Risk, But Who Got Nailed By The FTC, And Why It Could Happen To You, Too

• The 3 Enormous Powers The FTC Has That Can Change Your Life – And Your Family’s Life – Forever!

• How to Avoid FTC Claims When Collecting Leads With Optin Forms

• 3 Privacy Policy Mistakes Every Digital Marketer Is Making, And Why You’re In The FTC Crosshairs.

• And Much More…

Remember: legal protection is a massively important part of your business, and it’s one you cannot afford to ignore any longer.

Go here to register for our next FREE training and make your business is FTC compliant today!

Disclaimer:  This article is provided for informational purposes only. It’s not legal advice, and no attorney-client relationship is created. Neither the author nor FTC Guardian, Inc. is endorsed by the Federal Trade Commission.

By Chip Cooper Esq.

Clients frequently ask me, “click-wrapped”, “browse-wrapped” — what do these terms mean? Are they the typical legal mumbo jumbo?

Your Customer Agreement (often called a Subscription Agreement, Membership Agreement, or SaaS Agreement) is a so-called “click-wrapped” agreement because your customer indicates agreement by clicking on an I AGREE button. For this reason, click-wrapped agreements are usually legally enforceable provided they are presented correctly.

Your website's Terms of Use govern all visitors to your site — both casual visitors and registered customers. Terms of Use are typically referred to as “browse-wrapped” agreements because there is no requirement to click an I AGREE button.  So, the question I’m often asked is… since the Terms of Use do not require a click, are they legally enforceable? And if not, why have them on the site?

A recent case involving a bot's repeated access to Southwest Airline's site provides some insight into the answer to the first question — are browse-wrapped agreements enforceable?

The Airline “Bot” Case

In the case of Southwest Airlines v. BoardFirst, LLC the Defendant BoardFirst utilized a software “bot” to assist passengers of Southwest Airlines to book the popular “A” group boarding passes.

The BoardFirst.com site utilized the “bot” software to book Southwest's customers for a fee, despite Southwest's Terms posted on its site that “use of the Southwest websites constitutes acceptance of our Terms and Conditions”. Clicking on the Terms And Conditions link sends the user to Terms which authorized use of Southwest's site “only for personal, non-commercial purposes”. Southwest's Terms did not require a click on an “ACCEPT” or “I AGREE” button — hence, the Terms were of the browse- wrapped variety.

Southwest sent two cease and desist letters to BoardFirst, citing its Terms and demanding that BoardFirst stop its activities in breach of the Terms. BoardFirst continued its actions, and Southwest sued.                                                             

Were Southwest's Browse-Wrapped Terms Enforceable?

The Court noted that the validity of a browse-wrapped license turns on whether a website user has actual or constructive notice of the site's terms and conditions prior to using the site. There was no dispute that BoardFirst had actual knowledge after receipt of Southwest's two cease and desist letters. The Court ruled that Southwest's Terms were enforceable against BoardFirst.

Conclusion

Note that the Court's ruling stands for the proposition that browse-wrapped agreements are enforceable only if there is actual or constructive notice of the terms. This ruling is consistent with prior cases involving similar facts. Because few if any ecommerce websites provide actual or constructive notice prior to use, it follows from this reasoning that most are not enforceable as contracts.

I'm often asked — if Terms of Use are not legally enforceable in the absence of specific evidence of actual or constructive notice, what is their value?

One compelling reason for Terms of Use in ecommerce websites is that they usually provide various legal notices that are required by law for which agreement is not required. For example, if your site uses a blog, in order to qualify for the “safe harbor” from copyright liability, a specific notice is required, and a good place for it is in the Terms of Use.

Other notices that you must have on your site are certain legal disclaimers for which no agreement is necessary. Again, your Terms of Use is a good place for these disclaimers.

So, even though Terms of Use as typically used are not enforceable as a binding contract, they do provide a place for essential legal notices. And for this reason, Terms of Use serve an indispensable function on your ecommerce website.

Here’s How To Make Sure You, Your Business & Website Is FTC Compliant

By now it should be clear how important it is for you to be FTC compliant. But how can you do that without spending $7,500-$8,000 or more on Internet Attorneys?

Smart business owners around the world are doing it with the help ofFTC Guardian.

FTC Guardian is a service that is 100% focused on helping to keep you get and stay FTC compliant and fully protected. And right now, we are offering a free training to give you the knowledge, information, and guidance that you need to stay out of trouble with the Federal Trade Commission.

Free Compliance Workshop: Join Chip Cooper, Esq., the #1 FTC Compliance trainer in the World, for a one-of-kind, completely free online compliance workshop. Workshops fill up quickly, so register now.

Here are some of the things you’ll discover on the training:

• Real-Life Examples of People Who Didn’t Think They Were At Risk, But Who Got Nailed By The FTC, And Why It Could Happen To You, Too

• The 3 Enormous Powers The FTC Has That Can Change Your Life – And Your Family’s Life – Forever!

• How to Avoid FTC Claims When Collecting Leads With Optin Forms

• 3 Privacy Policy Mistakes Every Digital Marketer Is Making, And Why You’re In The FTC Crosshairs.

• And Much More…

Remember: legal protection is a massively important part of your business, and it’s one you cannot afford to ignore any longer.

Go here to register for our next FREE training and make your business is FTC compliant today!

Disclaimer:  This article is provided for informational purposes only. It’s not legal advice, and no attorney-client relationship is created. Neither the author nor FTC Guardian, Inc. is endorsed by the Federal Trade Commission.

By Chip Cooper, Esq.

Your membership site can land you in the FTC’s cross-hairs. Even if the FTC doesn’t breathe down your neck, continuity programs can run afoul of various state laws. And the penalties for non-compliance are steep. Warning: If you have automatically renewed offers or continuous subscriptions, your business is now highly regulated. This includes website memberships, online content with fees for access and newsletters. This is especially true if anyone on the membership list lives in California. 

Continuity or Negative Option Plans 

Continuity plans are those that have continuous subscriptions or automatically renewed payment for services. Continuity plans are also called negative option plans. The term negative option plan is used because you remain on the plan and billed for the products and services until you specifically opt out. This can be a problem if you don’t inform them that you don’t want their Elvis special or continue to get billed while waiting for them to process the cancellation. 
Continuity plans started to receive heavy FTC oversight when people began complaining about ten CDs for a dollar deals that turned into a $20 a month plan that they could not cancel. This is in addition to the ongoing complaints that people were forced to pay for something they did not want or only received refunds after they mailed back the item. 

The key feature of continuity plans is that the charges are either automatically renewed indefinitely or continue for a specified, predetermined time. 

You might think you aren’t subject to these rules because you aren’t selling CDs for a penny now to overcharge someone for CDs for the next three years. However, continuity programs take many forms, including several models used by internet marketers and online entrepreneurs. 

Common types of continuity plans used by online businesses include: 

• Membership sites

Membership sites may charge for membership or be free. Many manufacturers have free membership sites while marketing to members and increasing their sales by promoting special offers to members. Membership sites may charge an annual fee to remain a member or charge for a premium level of membership or services. For example, the basic access to LinkedIn is free, but the premium version popular with jobseekers requires payment. Many gaming sites are membership sites. A few games may be free, but paid membership is required to access most of the games. One definition of a membership website is that the website is the destination and product. Mistakes those setting up memberships make include lacking content, charging too much for the limited content and not having a plan to make money off their marketing to members. 

• Subscription sites

Subscription sites may offer content only to those who sign up. However, subscription sites tend to offer more than the online content. They may be able to download PDFs not available on the website or receive print newsletters in addition to online content. Subscription based sites are commerce based, specifically designed to increase product sales and provide a service to subscribers. 

• Software as a service

Software as a service is any software for which the consumer must make regular payments to continue using the software. Adobe triggered an uproar when it switched to the Software as a Service or SaaS model. No longer could someone buy an Adobe CD and install the software, owning it forever. Now they had to pay an annual or bi-annual fee to Adobe to use software they’d always used. IT firms like SaaS because it generates a continual income stream. They also say it makes new software rollouts simple because only the software app on the cloud has to be updated. 

Continuity Plans and ROSCA 

ROSCA or the Restore Online Shopper’s Confidence Act of 2010 was passed in response to consumer complaints of internet scams in the form of continuity plans. ROSCA contains three main rules for continuity plans: 

1. Continuity plans must clearly and conspicuously disclose the terms of the program before they can bill for it.
2. They must obtain express informed consent before they charge the consumer.
3. Cancelling the plan must be simple.

The FTC enforces the provisions of ROSCA, and violations of the act are treated like unfair or deceptive marketing practices. 

Nominal Fee to Pay Offers

The FTC has been busy enforcing ROSCA. In one case, the FTC settled for $359 million dollars, while the other was litigated with a penalty of $18 million. Both of these ROSCA cases involved nominal fee to pay offers. Consumers in both cases signed up in response to an offer with a low cost item, usually only the cost of shipping and handling for the first item. However, paying for shipping and handling gave the company the customer’s credit card information. 

After the free trial or free with shipping item sent, the initial offer was followed by an upsell. And when the free trial was over, the consumer’s credit card was regularly charged until the customer cancelled the offer. 

Lesson: If you are going to set up a nominal fee to pay offer, then your nominal fee offer as well as the upsell must have the required ROSCA disclosures. 

The Federal Trade Commission has clearly stated that even if the consumer is informed later or if the consumer accepts the nominal fee offer, it is considered a deceptive marketing practice if ROSCA disclosures are not provided with the call to action. 

California SB 340 – California False Advertising Act 

SB 340 amends the California False Advertising Act, addition new requirements to that state’s laws on continuity plans. 

• A clear and conspicuous display of written terms must be shown near the request for consent. A check box next to a link to the terms isn’t good enough.

• An acknowledgement of renewal terms, the cancellation policy and instructions how to cancel must be shown.

• A clear and conspicuous notice of material changes to the plan and how to cancel if the consumer doesn’t like the changes must be given.

California’s SB 340 is similar to ROSCA, but there are a few differences. The challenge for online entrepreneurs and internet marketers is how to comply with both laws. 

Note: If you offer a continuity plan and accept customers from California, you must meet both ROSCA and SB340. 

Recommendations to Avoid Being Creamed by Continuity Programs 

• Offer terms in written form, clearly separate by size, type and/or color of the surrounding text. Place it above the call to action.

• Place the terms in written form either above the place where consumers enter billing information or on a prior page. Make sure they have to read it before they sign up.

• Collect express, informed consent. This can be done with a required checkbox for “I agree to these terms” or an “I agree button” before someone can submit their billing information.

• Send an email acknowledgement after the consumer has given consent. Send an acknowledgement of the consent to the customer, as well as a copy of the offer’s terms, your cancellation policy and information on how to cancel it.

• Retain copies of these sent messages. It is legal protection in case someone says they were never given the terms of the agreement.

• Have a simple and easy to use cancellation mechanism.

• Process cancellations promptly. Never let them sit in an inbox while the customer gets billed for one more month.

• Send notice to all consumers when there is a modification to the terms. Send them clear and simple explanations of the terms and information on how to cancel if they don’t like the terms.

• If someone must spend at least a minimum amount before they can cancel the membership, state such up front.

What Happens if You Violate ROSCA or SB 340? 

What are the penalties if you violate ROSCA or California’s SB 340? 

• FTC penalties for ROSCA violations are up to $16,000 per violation. 
• California’s penalties can reach $2,500 per. 

Summary 

Membership websites are popular because they provide a continual source of income from members. Unfortunately, this revenue stream has been so badly abused by scammers that the Restore Online Shopper’s Confidence Act and California’s SB 340 were passed. Continuity plans are now a highly regulated industry, and the price for non-compliance is high. 

Here’s How To Make Sure You, Your Business & Website Is FTC Compliant

By now it should be clear how important it is for you to be FTC compliant. But how can you do that without spending $7,500-$8,000 or more on Internet Attorneys?

Smart business owners around the world are doing it with the help of FTC Guardian.

FTC Guardian is a service that is 100% focused on helping to keep you get and stay FTC compliant and fully protected. And right now, we are offering a free training to give you the knowledge, information, and guidance that you need to stay out of trouble with the Federal Trade Commission.

Free Compliance Workshop: Join Chip Cooper, Esq., the #1 FTC Compliance trainer in the World, for a one-of-kind, completely free online compliance workshop. Workshops fill up quickly, so register now.

Here are some of the things you’ll discover on the training:

• Real-Life Examples of People Who Didn’t Think They Were At Risk, But Who Got Nailed By The FTC, And Why It Could Happen To You, Too

• The 3 Enormous Powers The FTC Has That Can Change Your Life – And Your Family’s Life – Forever!

• How to Avoid FTC Claims When Collecting Leads With Optin Forms

• 3 Privacy Policy Mistakes Every Digital Marketer Is Making, And Why You’re In The FTC Crosshairs.

• And Much More…

Remember: legal protection is a massively important part of your business, and it’s one you cannot afford to ignore any longer.

Go here to register for our next FREE training and make your business is FTC compliant today!

Disclaimer:  This article is provided for informational purposes only. It’s not legal advice, and no attorney-client relationship is created. Neither the author nor FTC Guardian, Inc. is endorsed by the Federal Trade Commission.

By Chip Cooper, Esq.

In fact, it can be enforced against you by the Federal Trade Commission.

The Rules that Affect Your Privacy Policy – And Your Business

Maybe you’re an online entrepreneur or an internet market. It doesn’t matter whether you are a beginner or an experienced professional, whether you work from a home office or a brick and mortar office. What matters most is your email marketing list. It is the holy grail of online marketing. It is as important to your bottom line as a patent is for many engineering and manufacturing firms and secret recipes to restaurants.

When you have a responsive email list, you can market additional products and services to an eager audience. When you have an engaged customer base, you could make additional money by sending recommendations and referrals about business partners. 

As an internet marketer, you’ve known that growing your online business requires growing the email marketing list. This is why a landing page and capturing visitors’ contact information was one of your first and highest priorities. 

What many business owners do not know is that their greatest asset – their email list or contact database – is also their greatest source of legal liability. The liability is so great that it could shut down your business overnight. 

Warning: You must put as much care into protecting clients’ privacy as you do maintaining the mailing list. Today’s privacy regulations require it. 

How Privacy Regulations Came Into Being

The Federal Trade Commission considers some information so private that its protection is almost sacred. 

Modern privacy regulations were born in California in 2004 with the California Online Privacy Protection Act or COPPA. COPPA went into effect July 1, 2004.

What does COPPA Say? 

All websites that collect personally identifiable information or PII of California residents must post a privacy policy. Since few websites want to exclude on the largest states in the nation and many were hosted in California in the 2000s, virtually all websites had to comply. 

COPPA defines personally identifiable information as: 

• First name and last name of a customer
• Their street address
• Their email address
• Phone number
• Social Security Number

In some states, this list also includes a customer’s driver’s license number. 

Privacy protection is mandatory if the customer’s data is linked to other personal information such as: 

• the customer’s height
• their weight
• their occupation
• birth date

The privacy protections mandated by COPPA are only a start, with additional restrictions involved if the website is collecting information on minors under the age of 13, processes financial information like bank account numbers or hosts medical records. 

After COPPA went into effect, websites started posting privacy polices that were compliant with the regulation. Some of them did this because they didn’t want to lose out on California’s population. Others did so because they didn’t think they could screen out Californians with enough certainty that they could avoid violating the law. It was thus better to become compliant with California’s law than risk a lawsuit in California’s courts. 

The end result of COPPA is that it became the de facto national standard of privacy policies. 

What other national statutes and regulations on privacy should you know about? 

• The Health Insurance Portability and Accountability Act of 1996 or HIPAA relates to patient health records. This standard applies if you ask users to post health information or let them share personal medical information.

• The Gramm-Leach-Bliley Act or GLBA applies to financial information. It primarily affects banks, securities companies and insurance companies.

• COPPA or the Children’s Online Privacy Protection Act addresses the privacy of children under the age of 13. Websites can only avoid this regulation if they refuse to accept information reported by minors and clearly state that the site should not be used by those under 13.

• • The Fair Credit Reporting Act or FCRA covers the collection of information by consumer reporting agencies. This act applies to your business if customers take out loans with your business or if you may report an unpaid debt by a customer to the credit bureaus.
  • Section 5 of the Federal Trade Commission Act outlines how the FTC regulates privacy.

Social Media and Privacy Protected Information 

Privacy protection is far more than ensuring that you don’t carbon copy everyone else on the marketing list so that they all see each other’s email or accidentally publicly post the names and phone numbers of all your contacts. 

Privacy protection is an ongoing battle, in part because of the rise of professional hackers and the government’s endless alterations of privacy regulations. For example, location based services now allow marketers to determine where someone is and tailor advertisements to them. In 2011, the FTC added physical location data to the list of private information. You can still send ads to those in your vicinity based on their search results, but you cannot share the consumer’s location with other groups. The FTC also told Google that its BUZZ service couldn’t share screen names and consumer contact lists. 

Mobile Apps and Privacy 

Apps are an amazing way to stay connected with your customer base. Instead of waiting for them to check their email or look for mobile coupons, you can regularly reach out to them via your apps. 

Unfortunately, apps have been found to erode overall privacy. For example, one social networking app was discovered to have uploaded the user’s mobile phone contact list without his permission. Twitter admitted to doing the same. Due to these concerns, in February, 2012, California’s Attorney General announced that COPPA applied to information collected through apps as well as through websites. The FTC jumped on the bandwagon in August, 2012.

What does this mean for mobile marketers? It means that the data collected through apps must be protected the same way personal information collected through websites must be protected. It also means that you can’t use an app to harvest all of the contacts on a consumer’s smart phone, monitor their mobile web surfing or save their location history, no matter what the NSA may be doing. 

The FTC formalized its privacy protections required for mobile apps in the document “Marketing Your Mobile App: Get It Right from the Start”. In this document, it stipulates that: 

• mobile app publishers must get express and affirmative consent before they can collect location, medical or financial data
• parental consent must be obtained and verified before they can collect personal information of children under 13

Failure to comply with these privacy regulations can result in fines from the FTC and California’s state equivalent, as well as leave vendors open to lawsuits. 

What You Should Do about the Collection and Use of Protected Information 

Create a privacy policy for your website and any apps you’ve developed. Clearly state when the privacy policy goes into effect, the type of information collected, and how users can change their private information. 
Your privacy policy must state how consumers will be notified of changes to the privacy policy, even if the privacy policy says they should simply check the privacy policy page for changes. 

Your privacy policy is treated like an advertisement when it comes to the FTC. For example, the privacy policy cannot be “deceptive”. 

If your privacy policy says you will not share it with third parties, you run afoul of state and federal laws if you turn around and share your mailing lists with a third party. You cannot share private information with subsidiaries or vendors with related products and services unless your privacy policy clearly states that it may be shared with third parties.

If your privacy policy says that it won’t be shared and then it is changed, you must give your customers a chance to opt out or ask to be removed from the mailing list. 

The deceptive practices definition and privacy polices leads to a Cardinal Rule. If you say you won’t do something, don’t do it or the FTC can sue you for deceptive practices. If you say you will do something and don’t do it, you are as liable to an FTC claim as you would for lying about the performance of a product. 

Does the FTC actually punish those who violate the Cardinal Rule? Let’s look at some recent FTC cases. 

• The FTC says that Google violated its privacy policy because it says customers have to sign up for a particular service and that your information won’t be used for a different purpose than for which it was collected. Google moved Gmail users to BUZZ without their permission, and the FTC sued them.

• The FTC settled with Chitka when it passed cookies onto consumers. Chitka’s privacy policy said they could opt out of cookies passed on to their browsers, but the actual opt out only lasted ten days.

• Twitter had to reach a settlement with the FTC because of data security lapses that gave hackers access to user accounts, because Twitter’s privacy policy said they took significant efforts to protect user data. In reality, Twitter used weak passwords, causing the data breach and opening the door to an FTC suit.

If the FTC is willing to go after giants like Twitter and Google, you know they’ll go after your business if you violate your own privacy policy. 

Recommendations 

Maintaining antivirus and malicious software protection on your server so that the credit card numbers of your customers and affiliates is an under-appreciated but critical form of privacy protection. However, you need to be careful not to state that you adhere to the highest industry standards for data security. Unless you are a large defense firm with intrusion detection software, active monitoring of your network and good hackers working on your behalf, you cannot meet the highest industry standards for data security. Simply state that you will provide reasonable and adequate security of personal information. 

If your website says we will never sell or rent your personal information, you’ve painted yourself into a corner. Now you can never do this without opening yourself up to some sort of liability. If you change the privacy policy to state that you may share consumer information in the future, you must make sure all customers know this and have months if not years to opt out of your mailing lists. 

If you say someone must give their consent before you share their information, you must follow your own guideline. Given the seriousness and significant restrictions on collecting information on minors, include clear procedures in your privacy statement on how a parent can remove a minor’s contact information from your database as well as your right to delete the accounts of anyone who is suspected of being a minor. 
Clearly state that consumers should not post personally identifiable information on your website such as in user forums or testimonials. Include a statement on your privacy policy that you can shut down the accounts of those who share too much personal information or post the personal information of others. 

Be careful about using boilerplate privacy policies. They may make statements that don’t apply to you, while they may also neglect to address the sharing of information many internet marketers want to utilize. You should work with an attorney to craft a privacy policy that meets your specific needs and intended marketing practices. 

Conclusion 

Privacy policies are not a privacy matter; they are public record and subject to state and national regulations. Privacy regulations affect the value of your email marketing list and the survival of your business. Mishandle your privacy policy, and the FTC’s deceptive advertising claim against your firm could be the next thing the public reads about your firm.

The most important thing you can do after crafting a privacy policy is follow it. Don’t do what you said you wouldn’t, and do what you said you would.

Here’s How To Make Sure You, Your Business & Website Is FTC Compliant

By now it should be clear how important it is for you to be FTC compliant. But how can you do that without spending $7,500-$8,000 or more on Internet Attorneys?

Smart business owners around the world are doing it with the help of FTC Guardian.

FTC Guardian is a service that is 100% focused on helping to keep you get and stay FTC compliant and fully protected. And right now, we are offering a free training to give you the knowledge, information, and guidance that you need to stay out of trouble with the Federal Trade Commission.

Free Compliance Workshop: Join Chip Cooper, Esq., the #1 FTC Compliance trainer in the World, for a one-of-kind, completely free online compliance workshop. Workshops fill up quickly, so register now.

Here are some of the things you’ll discover on the training:

• Real-Life Examples of People Who Didn’t Think They Were At Risk, But Who Got Nailed By The FTC, And Why It Could Happen To You, Too

• The 3 Enormous Powers The FTC Has That Can Change Your Life – And Your Family’s Life – Forever!

• How to Avoid FTC Claims When Collecting Leads With Optin Forms

• 3 Privacy Policy Mistakes Every Digital Marketer Is Making, And Why You’re In The FTC Crosshairs.

• And Much More…

Remember: legal protection is a massively important part of your business, and it’s one you cannot afford to ignore any longer.

Go here to register for our next FREE training and make your business is FTC compliant today!

Disclaimer:  This article is provided for informational purposes only. It’s not legal advice, and no attorney-client relationship is created. Neither the author nor FTC Guardian, Inc. is endorsed by the Federal Trade Commission.