• United States



Marketing Associations Launch Self-Regulatory Scheme for Online Data Collection

Oct 13, 20102 mins
Core Java

Early this month, leading marketing associations made available a self-regulatory scheme for only businesses who collect information about consumer interactions with Web sites for advertising purposes (  The scheme was made available to bring order to the chaos that currently exists in online data collection.  It is also an attempt to avoid further direct regulation by state and federal lawmakers. 

The program is designed to provide consumers with better and more easily identifiable notice of when data is being collected and a means to opt-out.  Whether the program will be widely adopted and achieve its goals will not be known for some time.  What is known is that if a business elects to implement the program and then fails to comply with its requirements, the business could be found in violation of Section 5 of the FTC Act, which prohibits “unfair and deceptive” trade practices.  This is the same exposure businesses have faced for many years now when they publish privacy policies and statements about their security only to run afoul of their own requirements.  The bottom line is look before you leap.  Businesses that elect to participate in the program must ensure they implement means to actually ensure they comply.  Failure to do so could expose them to state and federal liability.


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author