The Commonwealth of Massachusetts is about to begin enforcing some rather comprehensive data protection regulations on March 1, 2010. If you have customers in Massachusetts, then there are some things you will need to do.
The full document is available at http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf. I am most definitely not licensed to provide specific legal counsel to you, but I will strongly recommend that you grab a copy of that document and review it with your legal adviser to ensure that your online business is doing what needs to be done (if you have customers in, or do business in, Massachusetts).
I also strongly recommend that you do the same if you have affiliates in Massachusetts. I’ll explain why in a bit.
I found a rather nice summary of the new regulations on the Bingham McCutchen blog (at http://www.bingham.com/Media.aspx?MediaId=9565 (thanks for that great, understandable summary!). According to that article, the regulations…
apply to ANY business that “owns or licenses personal information” about a resident of Massachusetts. (i.e., first name or initial and last name, in conjunction with (1) social security number, (2) drivers license or state-issued identification number, or (3) financial account or credit/debit card number).
Now let’s talk about all of those “quick scripts” that enable you to start your own affiliate program (like Mike Filsaime’s “Butterfly Marketing” script, but this is NOT the only one that does this; it’s just the one that I’m most familiar with. This is not a “bash Mike” post!). Part of the Butterfly Marketing concept is to make it very easy for your customers to become affiliates and promote your products. With this in mind, the script (along with the hundreds of “copycat” scripts released after people figured out that his concept was a valid one for then-existing conditions) has a section where an affiliate can sign up.
Including a field for a Social Security number.
That is sent from the affiliate’s computer to the web server unencrypted, along with the rest of their personal information.
And most likely stored in an unencrypted database on the web server.
And in most cases, it’s probably a shared web server that’s controlled by a third party service — and there’s nothing in the Terms of Service that addresses issues like this.
Who else can access that data? How secure is it? Did somebody “sniff” it on the way to the web server and steal it? Does this system meet the requirements for protecting the data of your Massachusetts affiliates?
Internet Marketers, in my opinion, you have a serious problem if you have affiliates in Massachusetts and allow them to sign up like this.
For once, I don’t have a good solution (other than “don’t use the scripts and sell your products through a service like ClickBank — and let THEM worry about those details). I know that many want to run their own affiliate system for many good reasons, but given this new situation, the playing field has changed again. And I suspect that many other states will soon adopt similar regulations due to the “ripple effect”.
While I’m not usually one to make “predictions”, I think it’s a “no-brainer” to predict that these new regulations, combined with the ripple effect, will have a huge impact on the Internet marketing industry. I, for one, am happy to see these regulations and hope that proper transmission and storage standards are adopted and enforced world wide. I’ve been trying to raise this issue for a couple of years now without success. While I’m not a big fan of more government, I do believe that government must take steps to properly protect people — and when businesses don’t want to do the “right thing” to protect personal data, then I’m in favor of laws like this.
Business owner, people trust you with their personal information. Don’t transmit it unencrypted, and don’t store it unencrypted on a web server that you don’t really control. It hurts your customers and affiliates, and pretty soon it could mean big legal issues for you. Yes, you can safely ignore me, but you won’t be able to ignore “them”…
If you found this post to be helpful, you can say "thanks" and support this website by clicking here.
Comments on this entry are closed.