1 / 37

Supporting your journey to online compliance. Stage One – Implied Consent 8 th May 2012

Supporting your journey to online compliance. Stage One – Implied Consent 8 th May 2012. Agenda Introductions Digital Governance, Starting with Cookies Background, Starting the journey Steps to stage one Ongoing Management – BAU Questions. Peter Gooch

vea
Download Presentation

Supporting your journey to online compliance. Stage One – Implied Consent 8 th May 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Supporting your journey to online compliance. Stage One – Implied Consent 8th May 2012

  2. Agenda Introductions Digital Governance, Starting with Cookies Background, Starting the journey Steps to stage one Ongoing Management – BAU Questions

  3. Peter Gooch • Director, Enterprise Risk Services • Digital Governance: a holistic view to cookie compliance • Compliance with the e-Privacy directive and cookie requirements is attracting significant attention due to the impending May deadlines for compliance. However, this is just one aspect of the digital landscape that organisations should be looking at. Identifying and creating inventories of digital assets, building a robust compliance process to support compliance with regulatory and good practice requirements, and being able to assessing the security of the websites are all key considerations.  A high level overview of the work Deloitte are doing in the space and some of the benefits our clients achieved.

  4. Lawrence Shaw • CEO, Sitemorse • Introducing the Sitemorse - Digital Governance Platform • As the ‘first’ client of Sitemorse’s Digital Governance Platform, Cookie Reports offers a range of profiling, cookies assessment, auditing and reporting – supported by proven process to help organisations on their journey to privacy management and cookies compliance. A quick look at the new Governisation Platform.

  5. Implied Consent – practical steps

  6. Quick Introduction to Cookie Reports

  7. Cookie Reports Ltd. • UK owned and operated company • Presence in FI, DK, DE, AT • Our own unique IP and methodology • No VC, bank or external funding • UK member body partners include; Quick introduction to the business – where we are etc. About us

  8. Cookie Reports Ltd. "While it is not for me to endorse any particular tool or service, I applaud this overall development, which is bringing some genuine innovation " Talking about the solution offered by Cookie Reports. NeelieKroes Vice-President of the European Commission EU Vice-President

  9. Cookie Reports Ltd. Some of the great names it's been a pleasure to work with, from a single report to an Enterprise wide project. Most recently…. Our Clients

  10. Journey…

  11. COOKIES - your starting point on the journey to privacy compliance  Privacy compliance 1 2 3 1 2 3 What's out there? FIRST Response…. Plan…. What are you going to do to ensure privacy is at the heart of online operations? Assess the sites and the cookies contained within. Audit, review (clean up) publishing and consent.

  12. Audit your sites Offer clear and accurate information about your cookie landscape Provide clear navigation to the detail A website needs to give clear and accurate detail of the cookies in use. If a visitor continues to use that site after being presented with the detail, their action of continuing to use that site can be seen as consent. “Implied consent is perfectly valid, especially as the definition of 'implied' carries weight in the UK law ICO – recent update

  13. Audit your sites Offer clear and accurate information about your cookie landscape Provide clear navigation to the detail A website needs to give clear and accurate detail of the cookies in use. If a visitor continues to use that site after being presented with the detail, their action of continuing to use that site can be seen as consent. “Implied consent is perfectly valid, especially as the definition of 'implied' carries weight in the UK law ICO – recent update

  14. FIRST Response ‘implied consent’ starting points Privacy compliance A B C A B C What's out there? Publish Communicaition Provide clear navigation to the actual detail to a policy / ‘statement of intent’ Sites and cookies Independent audit of each site for cookies. From clear icon, tweeting, news and direct marketing – let people know…

  15. Audit and assessment • What domains do we have? • What's on these domains? • Sites • Sub domains • Content • What suppliers do we have? • Of live sites, audit for cookies. Probably the first through review of what sites / domains ever undertaken – commonly compliance led. What’s really online

  16. NO CHARGE MAY 2012 as a thanks for your time today….. Domain Screen Review and reporting of up to 10,000 registered domains.

  17. Policy publishing - Do we need all these sites anyway? • Turn off historic sites? • Engage legal, production of policy • ‘Live’ sites - publish the detail • Clear navigation • Easy to understand • Cookies detail An ideal opportunity to take a look at what sites are doing what – and which cookies are actually in use. ‘your statement of intent’ Spring clean time?

  18. Clear navigation – exactly that…

  19. Policy Example – as clear as possible Offer the visitor the detail they need to make an informed choice - transparency. Too much confusion already

  20. Policy Example – as clear as possible A B C D

  21. Communicate – transparency, build trust • What about emails? • Please have a look at …. • Social Media • things are changing, keep in touch • It’s not just about ensuring you don’t fall foul of the regulator… Embark on a communications plan – ensure your online visitors have complete transparency. Too much confusion already

  22. Red lights or road blocks, what's going to hinder the journey? Privacy compliance i ii iii What's out there? Supplier management Why it’s not really ‘inhouse’ Typically a manual audit will find only 22% of the cookies we will. And then there's the ongoing requirements… Sites – typically we find 41% more than clients think they have. After looking at what's out there, as important is who supplying, has access, when… What about the tick box – a bit of road block to user experience…???

  23. Tick box – it’s probably a no for cookies Device ‘v’ user – whohas consented, Disrupts journeys, Limited reasons to tick anyway - highlights the detail very little is understood about, Opens up a potentiallitigation risk on vast majority of sites, Requires questionable and subjective classification of cookies (think marketing, brand and legal views!), Ongoing management and maintenance support overheads, Tracking of what and who gave consent, when Only 3% of sites don’t have external services, utilize flash etc. No TICK – NO Cookies allowed, inappropriate for most sites today. Tick box - unnecessary exposure

  24. Summary • Audit and assessment • Policy / Statement of Intent • Communication • Consider as the start of a journey to ensure transparency, and build trust across your brands. • Importantly, clearly demonstrate efforts to comply and have accountable planning available to show on-going direction to compliance.

  25. Ongoing management, making it Business as Usual

  26. Business as Usual (BAU) • After having put your cookie ‘house-in-order’ you will need a programme of essential ‘cookie housekeeping’. • Regular monthly monitoring will alert you to any new cookies and report the changes.

  27. Business as Usual (BAU)

  28. Avaiable resources Cookies Book Sample policy Implied consent paper Complementary summaries Common questions Follow-up email later this week with links to all.

  29. Questions…

  30. My questions revolve around 3rd party banner advertising. I understand that we need the AdChoices kite mark on behaviourally targeted banner advertising. I also assume that we need to put the kite mark on any banner advertising that tracks the user to the brand's website - is this the case? What does that mean for tracking people to the site if they opt out of tracking? What does this mean for brands with pay per acquisition models? For instance if you're easy jet advertising on money supermarket.com how does this new tracking work?

  31. With regards to implied consent, how much of this is guesswork, or bending the legislation to breaking point? • With regards to customers who are logged into an ‘account area’, how much of the underlying ‘account holder’ functionality is implied? For example, we might want to show personalised content based on previously viewed items, but this might be done at a database level instead of at a cookie level – if we let the customer know that by logging in a cookie will be used, would this be enough? • What is the latest with apps & consent (implied or otherwise)? • Regarding enforcement of the cookie law, in the first year of the law being in place what characteristics would a website in danger of prosecution have? • Question regarding non-implied consent; is there an industry-wide option that retailers can agree to use across the board? Everyone annoying the customers in the same way would be the best of a bad set of options!

  32. How can you identify the source of cookies that are not clearly identified from software or found online? • What solutions are recommended for brands that span multiple sites? A separate cookie policy and solution for each site? Or are there common solution approaches that work across sites? • What on-going cookie management strategies are recommended?

  33. Cookie Reports Ltd. “I engaged Cookie Reports to provide cookie and website audits for Barclays. The overall service provided was excellent, with turnaround times for reports that beat all expectations. I would not hesitate in recommending the products and services that Cookie Reports provide.” Top qualities: Great Results, Expert, On Time Enterprise wide project, ongoing. Across all six of the divisions of the business. Our Client - Barclays

  34. CLOSE

More Related