Les Seagraves EarthLink, Inc. Beyond Your Privacy Policy: Developing…

Les Seagraves
EarthLink, Inc.
Beyond Your Privacy Policy:
Developing a
Comprehensive Privacy Plan


Les Seagraves, CIPP
VP, Chief Privacy Officer & Asst.
  General Counsel
EarthLink, Inc.
 Your Policy Should Cover:


Everything you do with personal
  information and what choices
  customers have

Helps to have External and Internal
 policies the same

Plan for the future
 Policy is great, now what ?


Everything else you do or say can
  become "policy"

Everywhere you deal with personal
  information needs to be part of a
  plan

Follow the data
 Following the Data


Advertising
Communicating to Non-Customers
Sign Up/Purchase
Using the Product or Service
Communicating to Customers
Customer Interaction
Ending the Relationship
Everything about Privacy
should be:


Easy
Obvious
Consistent
 Website


Collect information?
  What do you say about it at the time of
   collection? (Obvious)
  Choices? (Easy)
  What actually happens?
  Consistent with privacy policy?
3rd Party Links? (Obvious)
 Marketing


Are there claims about information
  use? Should there be?

Clear what information is required?

Contests?
 Email to customers


Big issue because of different internal
  groups and uses

Effective Opt-out? (Easy)

Surveys

Categorize information = easy and
 obvious
 Registration


Account for every piece of information
  coming in

Storage

Paper records = destruction
 Customer Service


Real time interaction with a customer
Need good rules for what and how
  information is collected and used
Ask for MMN? password? (Consistent)
Warnings to customers?
Phishing?
 Public Relations


PR and Managers need to understand
  the intricacies of your policy

CEO speeches ­ be careful

Blogs
 Plan for a mess


What happens during a crises?
Are privacy rules still followed?
Are they "bent" in the name of
  urgency?
Practice scenarios over and over
  (Consistent)
 Questions?


Les Seagraves

les.seagraves@corp.earthlink.net