A not uncommon Web-based marketing tool is to invite users to suggest the website to their friends and family. The user inputs e-mail addresses or allows the website or mobile app to harvest the user’s address book information to generate a list of potential contacts. Organizations planning to implement this type of marketing program should seek legal advice to ensure that they remain on side privacy and anti-spam regulations. This is the first in a series of posts in which I will comment on a few notable issues relating to these types of promotional activities.
Employ the “privacy by design” principle.
The starting point when designing these types of promotions is to assess privacy implications of each aspect of the promotion and build privacy protections into the administrative and technological design of the promotion.
By assessing the privacy implications of the marketing program at the outset, the process of ensuring that the marketing tool will be privacy compliant will be simplified. Employees in the marketing group will know what questions to ask of vendors and IT professionals will be better positioned to implement systems to ensure privacy compliance.
To take a simple example, organizations should consider whether they have a legal obligation to provide the recipient of a promotional e-mail invitation a way of opting-out from further e-mail communications. The non-user may expect to be given the opportunity to permanently opt-out of further communications from not only the friend who sent the invitation that any other friends who may use the organization’s services. The technological ability to provide that permanent opt-out mechanism would need to be built into the design of the system.
Moreover, as will be discussed in subsequent posts, the organization will not have consent to send the recipient further promotional material other than perhaps a reminder e-mail, until the recipient takes a positive step to accept the invitation. This means that the organization must have the technological capability to prevent the non–user’s e-mail address from being mixed into the database for general promotional communications.