Defending The Digital Workplace

An ebusinesscounsel.com publication

Archive for the ‘FTC Regulation’ Category

Revisions to FTC’s Red Flags Rule Exempts Lawyers, Doctors, and Accountants

The Federal Trade Commission’s (FTC) Red Flag Rules have been revised to exclude certain professionals prior to the latest enforcement deadline of December 31, 2010. Specifically, President Obama signed into law on December 18, 2010, the Red Flag Program Clarification Act of 2010 (Clarification Act), which clarifies the scope of the FTC’s Red Flags Rule. Under the amendment, professionals such as doctors, lawyers, and accountants are excluded from the Red Flags Rule. For a full copy of the Act, click here

The Red Flags Rule was enacted to protect consumers from identity theft by requiring “creditors” covered under the Rule to establish written policies and procedures to identify risks of identity theft to their customers. Under the plain language of the Red Flags Rule, a business becomes a “creditor” when it provides products or services in advance and require payment from the customer at a later time. Further, under prior FTC interpretations “creditor” was broadly interpreted to cover lawyers, doctors, accountants, and others because they bill for services after the services have been performed.

Under the the Clarification Act, however, the meaning of the term “creditor” now includes only those who (1) regularly and in the ordinary course of business obtain or use consumer reports in connection with a credit transaction; (2) furnish information to consumer reporting agencies in connection with a credit transaction; or (3) advance funds to or on behalf of a person, based on an obligation of the person to repay the funds. The Clarification Act does not specifically exclude doctors, lawyers, and accountants. But Senator Christopher Dodd (D.-Conn.) and Senator Mark Begich, (D.-Alaska) make clear that the Clarification Act does not extend to these professionals and other small businesses as creditors covered under the Red Flags Rule simply because they provide services and bill clients, patients, and customers for payment at a later time, except to the extent that they furnish information to consumer reporting agencies in connection with a credit transaction. Finally, the Clarification Act allows the FTC to determine in the future whether the scope of the Rule should be expanded to include other types of creditors that offer or maintain accounts subject to a reasonably foreseeable risk of identify theft.

From a practical standpoint, even those professionals and businesses specifically exempted from the Red Flags Rule should establish an identity theft prevention program: It is a good business practice to eliminate or, at least, minimize the chance of a data breach and minimizing the subsequent fall out with your customers. Additionally, there may be other applicable regulations that may require certain protection programs. For example, doctors must have HIPAA security programs in place and there is a patchwork of state statutes that cover data security and reporting requirements for breaches.

For questions about Red Flags Rule Compliance, establishing an information security program, or improving your organization’s current policies and procedures for preventing losses,  contact E-Business Counsel, PLC.

Written by Jason Shinn

December 21, 2010 at 3:38 pm

Adding to your Business Toolbox: A Roundup of Resources for Business Organizations

Business ToolboxA number of resources are available at www.ebusinesscounsel.com that are relevant to starting or improving your business operations. In addition to those resources, the following links also provide information worth checking out:

  1. Entrepreneur: How to Protect Remote Employees’ PCs from Security Threats
  2. Federal Trade Commission: Revised Endorsement Guides for businesses & bloggers (regulations applicable to testimonials and endorsements)
  3. Entrepreneur: Google Apps for Your Business: The Good, the Bad and the Ugly
  4. Hennessey Capital, by Joe Romeo: Business Plan Basics
  5. Mashable – Business: 5 Small Biz Web Design Trends to Watch
  6. Entrepreneur: Big Marketing Stunts, Small-Business Style
  7. Business Model Alchemist a/k/a Alexander Osterwalder a/k/a genius (ok, this might be more personal commentary than fact. Although, based on Mr. Osterwalder’s work, genius status should not be ruled out) :Combining Business Model Prototyping, Customer Development, and Social Entrepreneurship
  8. Mashable – Business: 4 Lessons Small Businesses Can Learn from Apple’s Antennagate

Another Reason for Employers to be Wary of Social Media – Unfair and Deceptive Acts

The concerns employers face over the use of social media – e.g., blogs, Facebook, MySpace, etc. – has been widely discussed, including here and here. The Federal Trade Commission (FTC) has recently added to those concerns. Specifically, the FTC updated its guidelines about protecting consumers from misleading endorsements and advertising. Under these guidelines an employer may face liability over an an employee’s endorsements of the employer’s products or services on social media websites. Further, liability may exist even where the employer did not authorize or approve the employee’s remarks.

An Overview of the Guidelines

The FTC’s revised Guides Concerning the Use of Endorsements and Testimonials in Advertising (16 C.F.R. Part 255) (the “Guidelines”), address the application of Section 5 of the FTC Act (the “Act”) – which prohibits unfair or deceptive acts or practices and unfair competition in or affecting commerce — to the use of endorsements and testimonials in advertising. An endorsement or testimonial subject to these guidelines is one “that consumers are likely to believe reflects the opinions, beliefs, findings, or experiences of a party other than the sponsoring advertiser, even if the views expressed by that party are identical to those of the sponsoring advertiser.” Crystal clear for all, right? Further, the Guidelines require that employees endorsing their employer’s products or services to disclose their relationship to an employer when they give an endorsement or testimonial.

The duty of disclosure applies even when the employee’s endorsement appears on a site that is not maintained by the employer (e.g., Facebook, MySpace) or the employee (bulletin boards) and the statement itself is not misleading. See 16 C.F.R. Part 255.5 (entitled “Disclosure of material connections”). See  example No. 8 under 16 C.F.R. 255.5. And failing to make the required disclosure may expose the employer to liability under the Act. For example, the FTC may bring an enforcement action against an employer if an employee makes a misleading statement about the employer’s products and services that result in injury to consumers. Additionally, if I’m an employer, I would be losing sleep over the preceding example because postings on blogs, MySpace, and Facebook pages may quickly reach wide audiences and, therefore, create the risk of large-scale liability like class-action litigation.

While not the focus of this post, Bloggers should also consider how the Guidelines may apply to their posts. For example, the Guidelines apply to any endorsement of products or services. And any kind of “material connection” between an endorser (like a blogger) and an advertiser must be disclosed to the consumer, e.g., cash payments, free samples, or other benefits to the endorser from the promoter. This is not an endorsement, and even if it was (read with slight sarcasm) I have not received any benefit in connection with writing this post or referencing to the following post and I have no material connection to the brands, products, or services offered by the following post. With that smooth and beautiful literature out of the way, a post bloggers may want to review is provided by Michael Hyatt (click here) (Again – just a suggestion that you may or may not want to follow, and not an endorsement).

The Take Away for Employers

The take-away for employers is to add another item to the “Things that Keep Me Up at Night” list, followed by a note to consider reviewing the company’s technology policies with an eye towards:

  1. Determining if you have a policy? You may not. But you should. And if your company has a policy, what does it say about how the use of the company’s name, trademarks, and other proprietary information may be used (if at all) in blogs and other social media;
  2. Whether the policies include either prohibitions or proper guidance about references to company products or services. Such prohibitions and guidance should go beyond addressing just criticisms of the employer and its products and services;
  3. If endorsements are permitted, employees must understand (and document this understanding) that any endorsement must be limited to truthful and verifiable statements;
  4. Whether employees should be required (probably a good idea) to obtain prior approval by management of any proposed endorsement; and
  5. A requirement that an employee’s statement of endorsement is accompanied by a written disclosure that the employee is not authorized to make statements on behalf of the employer and a disclosure of the employment relationship so that consumers can weigh the testimonial. This statement should be drafted by the company and made readily available to employees.

Additionally, don’t forget to review your marketing contracts. In light of the widespread adoption of “Word of Mouth Advertising” (there is even a trade group for Word of Mouth Advertising, click here) in the Web 2.0 World (I lost track, but I think we are still on 2.0 … right???) companies should also review their contracts with any marketing professionals. This is because such advertising depends upon leveraging social networks in making a product or service go “viral.” Thus, in addition to assessing company employment policies, companies will want to make sure that their marketing contracts properly address compliance with the FTC’s Guidelines (this is a polite way of saying, make sure your marketing firm is going to defend you or reimburse you if you get sued because of an endorsement. After you do this, make sure the marketing firm has the finances/insurance to cover your defense tab – If you can’t avoid risks, make sure someone else has to cover the bill).

Feel free to contact me with questions about this post, about how your company is responding to the FTC’s Guidelines or leveraging social media in general, or about exorbitantly paying me to endorse your products or services, which I’m not above doing if the price and FTC language is right. I’m just kiddin,’ but seriously, I’m not (a little hat tip to Dodgeball).

Follow

Get every new post delivered to your Inbox.