DEDO e-Commerce Emerging Legal Issues and Business Advice December 5, 2011 Freelance, Startup and Small Business

Resources Online Tools
Freelance Calculator www.freelanceswitch.com/rates/ Fun Project Quote Calculator http://devgrow.com/freelance-project-quote-estimator/ Freelance Calculator www.freelanceswitch.com/rates/ Freelance Writing http://allfreelancewriting.com/freelance-writing-rate-calculator/ Research Project Calculator http://rpc.elm4you.org/classic/ (time management) Project Calculator (software) by Blue Banana http://www.bluebanana-software.com/ Business Plan templates and advice- Small Business Administration www.sba.gov

Books
The Knack: How Street-Smart Entrepreneurs Learn to Handle Whatever Comes Up: Norm Brodsky, Bo Birmingham. Great Business book with just about everything you need to know in it. Online: http://www.theknack.info/ Lost & Found - Geneen Roth. Great book more about understanding money and our attitudes towards it than straight business advice.

Watch these Reality TV Shows: (all show entrepreneurs, small business plans)
It may seem silly to recommend watching TV shows, but these shows all deal with either entrepreneurs pitching ideas to potential investors (think VC funding or getting a loan) or attempts at bailing out folks who have gotten their businesses into serious trouble. You can learn a lot if you watch them carefully. Common themes: Simple is better than complex; defining your market is critical; differentiating between a hobby and a for profit business; the financials and being realistic about projects of growth are much more important than overvaluation and pie in the sky projections; hiring great people is everything. Dragon’s Den (BBC America) Shark Tank (ABC) Gordon Ramsey’s Kitchen Nightmares (BBC America) Tabitha’s Salon Takeover (Bravo) Restaurant Impossible (Food Network)
Whitney Hoffman Hoffman Digital Media www.whitneyhoffman.com hoffmandigitalmedia@gmail.com

Keep a schedule of work. 10. Don’t forget you will get sick. and need help from time to time. Keep REALLY good books. $ out. Make appropriate tax deposits to avoid surprises year end. business expenses. need vacations.whitneyhoffman.$ in. 2. and someone to help keep you honest about profit/loss at least once a year. 3. 8. 4.com hoffmandigitalmedia@gmail. Have a separate bank account for the business. Submit tax forms (if needed) up front to avoid delays in payment 6. Consider getting a good accountant and attorney. Consider getting business liability insurance. Plan and budget accordingly. 5. Whitney Hoffman Hoffman Digital Media www.Ten Things You Shouldn’t Forget to do: 1.may act as back up proof in case of a dispute. If clients don’t pay on time. work flow. your cash flow may cause you to problems. easily retrievable. You need at least one basic contract. Check and see if you need state/city business licenses and if you need to charge tax to customers. etc. and you can’t always guarantee everyone else will be as prompt as you are.com . even if you are just a sole proprietor. along with payment and money flow. Business Correspondence. and deductables. as well as health insurance. 9. etc.emails. Keep it organized. 7.

the Court specifically noted that Congress has the authority to change this policy and could enact legislation requiring all retailers to collect sales taxes without running afoul of the Constitution. when.Internet Sales Tax Fairness from http://www." collects sales taxes nationwide for Target as part of its management of the chain's online business.) The Main Street Fairness Act • Whitney Hoffman Hoffman Digital Media www. which effectively exempts these purchases. Yet Congress has so far failed to extend sales tax collection to online retailers.  The result is a public policy with at least three pernicious impacts: It disadvantages local businesses. or warehouse.com. and a home or workplace where they can accept daytime deliveries are able to take advantage of the tax exemption. and other services. while remote sellers are not required to collect sales taxes.")   Although the case dealt with a catalog mail-order company. the tax is still owed by the individual who made the purchase. 45 states assess sales taxes. In its ruling.S.  • It undermines state and local governments by reducing tax revenue for schools. Supreme Court ruled that retailers are exempt from collecting sales taxes in states where they have no physical presence.  A 2009 University of Tennessee study estimated that uncollected sales taxes on e-commerce cost states $7." Today. such as a store. software has largely eliminated the difficulty of calculating and remitting sales taxes for the country's many state and local jurisdictions. The Court said that requiring these companies to comply with the varied sales tax rules and regulations of 45 states and some 7.7 billion in 2008.com hoffmandigitalmedia@gmail.    (It is important to note that. as regular stores must.  Few people do. Amazon.500 different local taxing jurisdictions would burden interstate commerce." the Court declared. and the use tax is almost impossible to enforce. North Dakota. from which they receive about 25 percent of their total revenue each year. gives these companies a 4 to 9 percent price advantage over local stores — a sizable competitive advantage in retailing.  (The legal term for this physical presence is "nexus.com . because only those with internet access.  Currently. including online retailers. a credit card.  This revenue loss that will only grow as internet sales continue to displace in-store sales. the ruling has subsequently been applied to all remote sellers. and to what extent the States may burden interstate mail-order concerns with a duty to collect use taxes.  Individuals are suppose to keep track of these purchases and pay an amount equivalent to the sales tax as a "use" tax on their state tax returns. the U. however. office. police.  • It makes a regressive tax more regressive. "is … free to decide whether.  "Congress.org/retail/rules/internet-sales-tax-fairness In a 1992 decision.  Exempting online retailers from having to collect sales tax. which opposes extending sales tax to online retailers on the grounds that it would be "horrendously complicated.whitneyhoffman.  Indeed.newrules. Quill v.

California became the first state to issue an administrative ruling against the practice of entity isolation when its Board of Equalization ruled that Borders. Utah. Kentucky. Nebraska. software makes complying with state and local sales tax rules much simpler than when the Supreme Court issued its 1992 ruling. despite having nexus in every state by virtue of their stores. the National Governors Association established the Streamlined Sales Tax Project. and 24 states had taken the next step of passing implementing legislation. Kansas. This practice is known as "entity isolation.  The bill would authorize those states that have implemented the Streamlined Sales Tax to require large online and catalog retailers to collect sales taxes.com hoffmandigitalmedia@gmail.  (Under the Supreme Court's ruling. only retailers that have a physical presence.  (Small online and mail order retailers would still be exempt. Under this legislation. Vermont.   One involves persuading Congress that collecting sales taxes for numerous state and local jurisdictions is no longer a burden for remote sellers.    To further simplify things.) Clarifying Nexus The second strategy states are pursuing does not rely on Congressional action. unrelated to their bricks-and-mortar stores and therefore were exempt from collecting sales taxes. and Wyoming." State action in recent years has sharply curtailed the number of so-called "clicks-and-mortar" retailers using entity isolation to skirt collecting sales taxes on their online operations. states are hoping to persuade Congress to pass the Main Street Fairness Act. Nevada.) In the past. whether marshmallows are considered food or candy for tax purposes).. Georgia.There are two primary strategies that states are pursuing to move toward a level playing field in which all retailers are subject to the same sales tax requirements. Minnesota. Michigan. Those 24 states are: Arkansas. South Dakota. but must adhere to rules governing such things as how and when they can change tax rates. Oklahoma. Wisconsin. Rhode Island. 44 states and the District of Columbia had approved an interstate agreement that establishes uniform sales tax rules and definitions.com was not a separate entity. many national chains.  In 2001. Ohio.  As noted above. North Dakota. a multi-state effort to simplify and align sales tax policies. New Jersey.whitneyhoffman. Washington. In the following years. Tennessee. claimed their e-commerce sites were distinct legal entities. Iowa. Having aligned and greatly simplified their sales tax policies. West Virginia.g. As of July 2010. or nexus. as well as uniform definitions (e. but the online extension of the chain Borders Books & Music and therefore must collect sales taxes on sales to California residents. in a state must collect sales tax on purchases made by that state's residents. several states amended their sales tax laws to clarify that the e-commerce arms of national chains still have nexus and that entity isolation does not absolve them of their obligation to Whitney Hoffman Hoffman Digital Media www. North Carolina. Indiana. states and cities still have the authority to determine what goods are taxed at what rate. but instead uses existing state authority to clarify what constituents "nexus" for the purposes of sales tax liability.com .

accompanying its budget. in 2003 most national chains cut a deal with the states in which they were forgiven all of their back taxes in exchange for collecting sales taxes online from that point forward.  Whitney Hoffman Hoffman Digital Media www.  (Last updated: May 23. claiming that its e-commerce operations are a separate company. Constitution.com and Overstock. The court said that there was not sufficient evidence in the record to make a determiniation on this question.000 a year or more in revenue for the retailer.)  South Dakota and Colorado have also passed laws requiring online retailers to notify their customers that they owe the state's use tax on purchases in which sales tax is not collected.)   On November 4.  The kits include fact sheets and template letters and op-eds. that said that web retailers have nexus in New York and must collect sales taxes if they have sales affiliates in the state that generate a combined total $10.com has thousands of sales affiliates nationwide. Connecticut and California — have followed New York's lead. Amazon. In 2008.com and Overstock.  In all. The legislature passed a bill. as do many other online retailers. more than 30 companies are covered by New York's provision.) Increasingly concerned about the threat of court action by states and the potential liability.com. there remain a few that do not. However.com. a New York state appellate court ruled that New York's law does not violate the commerce or due process clauses of the U. Arkansas.  It maintains divisions in several other states where it currently does not collect sales tax. 2010. California's law also extends the obligation to collect sales taxes to online retailers that have subsidiaries or affiliated companies in the state.com are unlikely to succeed on these points during further proceedings.com hoffmandigitalmedia@gmail.com . The case was brought by Amazon. The claims dealt with the question of whether the retailers' affiliates solicit sales or are simply advertisers. the rest of the ruling suggests that Amazon. North Carolina. The court did say that two of the online retailers' claims could be reinstated for further review.  (Amazon has a techology division in California that developed the Kindle. Six other states — Rhode Island.   (Sales affiliates are individuals or organizations that are paid commission for linking to the online retailer's web site. New York became the first state to further extend the definition of nexus to cover some web-only retailers. adopting similar laws that require online retailers with sales affiliates based within their borders to collect sales tax. which argued that the state did not have the authority to require online retailers to collect sales tax based on the nexus provded their in-state sales affiliates. 2011)  More information: • The American Booksellers Association has created e-fairness action kits for nearly every state.   Although most national chains now collect sales taxes on online orders. including Amazon.whitneyhoffman.collect sales tax. S. Illinois.  (Below we include policy examples from Arkansas and Indiana. as well as the complexity and inefficiency of attempting to treat the e-commerce side of their operations as a separate company.

com hoffmandigitalmedia@gmail. 2010 Amazon's Arguments Against Collecting Sales Taxes Do Not Withstand Scrutiny by Michael Mazerov. William F. 1.  Check out thisinteractive map to see where your state stands.whitneyhoffman. Fox. Nov. 2009 New York's "Amazon Law": An Important Tool for Collecting Taxes Owed on Internet Purchases  by Michael Mazerov. 2009 State and Local Government Sales Tax Revenue Losses from Electronic Commerce by Donald Bruce.  Streamlined Sales Tax Project Multistate Tax Commission In 2002. 2009. Multistate Tax Commission created model state legislation ("Factor Presence Nexus Standard for Business Activity Taxes ") that prevents entity isolation. Whitney Hoffman Hoffman Digital Media www. April 13. and LeAnn Luna.  Why Does Congress want me to Shun my Local Bookstore and Shop Online Instead? by Stacy Mitchell. Center on Budget and Policy Priorities.  Sign-up to receive this monthly e-newsletter. July 23.com . University of Tennessee. Feb. Selected Articles from the Hometown Advantage News on e-commerce and sales tax policy. Center on Budget and Policy Priorities.• • • • • • • • States could eliminate 13 percent of their combined budget gaps if online retailers collected sales tax. 16. according to a May 2010 analysis by the National Conference of State Legislature.

said at Wednesday's hearing. Dick Durbin (D. "Amazon strongly supports enactment of a federal bill with appropriate provisions. John Conyers of Michigan. the top Democrat on the House Judiciary Committee. Photo: AP. "suffer when they have to collect a sales tax but online retailers don't. but would have to adopt certain simplification requirements to become eligible to collect the tax. which helps coordinate state tax rules and definitions and incorporates new technology. Though the Seattle-based online retailing giant has clashed with several individual states this year over efforts to gather sales tax. and other businesses." Paul Misener.. Earlier in November." he said. December 1. 2011 By KRISTINA PETERSON WASHINGTON—-Amazon. Tenn. Whitney Hoffman Hoffman Digital Media www. Ill.com . Amazon's vice president for global public policy.). States also have the option of not joining the coalition. The National Governors Association estimated that states are currently missing out on collecting more than $22 billion each year in sales tax on goods sold online or through catalogues. often placing them at a competitive advantage over local brick-and-mortar stores. Misener said. Amazon is backing new sales-tax proposals but some small businesses are worried it may hurt them in the end. "strongly supports" federal legislation permitting states to collect state sales tax from Internet retailers. a bipartisan clutch of 10 senators introduced a bill that would allow states to require online and catalog retailers to collect sales tax.." Rep. Currently. A state would be able to collect sales tax after 90 days if it joins the Streamlined Sales and Use Tax Agreement. so long as few companies are permitted to duck the requirements. an Amazon executive said at a congressional hearing Wednesday." Mr.whitneyhoffman. Amazon supports "an even-handed federal framework for state sales tax collection. said at Wednesday's House Judiciary Committee hearing..) and Lamar Alexander (R. "What we're doing today is exploring the need for legislation to level the playing field between small businesses and online retailers. The 10 senators—who include Michael Enzi (R. Stu Woo reports on digits.com hoffmandigitalmedia@gmail.)—introduced a bill that would allow states to choose whether to collect sales tax from out-of-state businesses.com Inc. online retailers are not mandated to gather state sales tax in states where they have no physical presence. Wyo. Bills in the House would also enable states to collect sales tax from online retailers.Amazon tells Lawmakers it Supports Sales Tax Wall Street Journal. "Local mom-and-pop" stores.

Misener said. The threshold for exempting businesses "must be kept very low to attain the objectives of protecting states' rights. if a federal law is passed. but left room for Congress to resolve the issue. The National Retail Federation said the current tax collection laws discriminate against brickand-mortar stores.000 per year. and creating fairness among sellers. Read more: http://online.com . countered that small Internet retailers need protection to keep them competitive against larger retailers. the National Retail Federation's senior vice president of government relations. said in a statement Wednesday. Misener said. The bill currently proposes to exempt online sellers with less than $500.com hoffmandigitalmedia@gmail." Mr. the Amazon executive stressed that few businesses should be freed of obligations to collect the tax. Thanks to modern technology.States' ability to bring in sales tax from remote businesses has been a contentious issue for decades. Mr. Misener argued that only 1% of online retailers sell more than $150. "widespread collection no longer would be an unconstitutional burden on interstate commerce. said in his testimony Wednesday. "In addition to the pricing disadvantage caused by sales tax being included in the cost of the purchase from the brick-and-mortar store. The U. North Dakota held that online retailers don't have to collect sales taxes in states where they don't have a physical presence. --John Letzing and Stu Woo contributed to this article.html#ixzz1fQ7AvsYh Whitney Hoffman Hoffman Digital Media www." Mr. "eBay supports robust protections for small business retailers.000 in annual sales.wsj. However. eBay's vice president and deputy general counsel." David French.whitneyhoffman. addressing the states' needs. If a federal bill is passed. Allowing states to force them to collect sales tax "means that the shopper will be less likely to buy from small retailers on the Internet. and Congress feasibly can authorize the states to require all but the very smallest volume sellers to collect." he said. Wednesday's hearing is focused on the constitutional limitations on states' authority to collect sales tax from Internet retailers.com/article/ SB10001424052970204012004577070191865973750." Tod Cohen. Rival online retailer eBay Inc. Supreme Court's 1992 decision in Quill v.S. local stores also bear a significant compliance burden for collecting the tax.

consumers are technically responsible for remitting any unpaid sales tax on online purchases directly to their state. However.whitneyhoffman.Sales Tax on the Internet When sales tax must be charged for online purchases. If a business does not have a physical presence in a state. A few months later. it is referred to as "use" tax rather than sales tax. some big retailers with local stores sold their products tax-free over the Internet by creating separate legal subsidiaries to handle Internet business.com . business office. discussed below) has ended that practice of avoiding sales taxes. it is not required to collect sales tax for sales into that state. Whitney Hoffman Hoffman Digital Media www. For a while. Collecting Sales Tax: Some Sites Have To. or warehouse. it must collect sales tax from customers in that state. so she orders her supplies online from an orchid supplier with headquarters in Vermont.the seller or the buyer -. such as cars and boats. states have traditionally attempted to collect a use tax only on big-ticket items that require licenses. Margo continues to order her orchids from the headquarters in Vermont but she must now pay Indiana sales tax. no-tax shopping has become a prime lure of online retailers looking to hook consumers on click-and-charge buying.pays the state. The supplier has all of its facilities in Vermont and collects payment in Vermont. This rule is derived from a 1992 Supreme Court decision which held that mail-order merchants did not need to collect sales taxes for sales into states where they did not have a physical presence. When consumers are required to pay tax directly to the state. use taxes are just a backup plan to make sure that the state collects revenue on every taxable item that is purchased within its borders. the supplier opens a warehouse in Indiana to handle its online orders for the entire country. The only difference between sales and use tax is which person -. Margo does not have to pay Indiana sales tax (or Vermont sales tax) on her orchids. such as a store. Some Don't If an online retailer has a physical presence in a particular state. In fact. lawsuits by several states and pressure from the Streamlined Sales Tax Project (a group created by states supporting the Streamlined Sales & Use Tax Agreement. EXAMPLE Margo is passionate about rare orchids but can't find them in Indiana. Her ride on the tax-free train is over. however. The Internet takes tax-free shopping to a new level. some Internet sales are subject to sales tax. But because collecting use tax on smaller purchases is so much trouble.com hoffmandigitalmedia@gmail. Consumers' Responsibility to Pay Sales or Use Taxes Consumers who live in a state that collects sales tax are technically required to pay the tax to the state even when an Internet retailer doesn't collect it. Theoretically. and even when a site doesn't collect sales tax. Despite what you sometimes hear.

however. California has begun a campaign to educate taxpayers on what's owed. or out-of-state purchases. The Internet's Future as a Tax-Free Zone Will Internet purchases remain free from sales-tax? We'll find out in coming years as Congress and state legislatures wrestle with this issue. The Streamlined Sales Tax Governing Board (http://www. Delaware.aren't hurt at all. Under a state-led initiative known as the Streamlined Sales & Use Tax Agreement (SSUTA). Montana. States that don't have a personal income tax.org) maintains a website detailing the organization's progress. mail order. Several national retailers have negotiated with member states for amnesty deals in return for future collection of sales tax. New Hampshire. The SSUTA has gained traction. it is considered a necessary stepping stone to federal legislation.streamlinedsalestax. as well. there is a great deal of opposition to the current approach. However. the collection of sales tax still remains voluntary. parks. by: Rich Stim.com) provides a range of services and links associated with sales tax. 40 states and the District of Columbia banded together to simplify their sales tax codes in order to make sales tax collection easier. MORE INFORMATION ABOUT INTERNET SALES TAX 1 2 3 E-fairness (www. Watch for more states to step up use tax collections. California alone estimates losses of over a billion dollars per year in sales tax revenues. The Sales Tax Institute (www.Alaska.com hoffmandigitalmedia@gmail.salestaxinstitute. several states have already amended their tax laws to conform to the SSUTA.) Streamlined Sales & Use Tax Project In 2002. and Oregon -. many expert believe that within the next few years you'll be throwing a few more dollars into your shopping cart for state sales taxes. and state governments and brick-and-mortar retailers are seeking legislation to overturn the 1992 Supreme Court ruling. For example.whitneyhoffman. learn more about how to minimize taxes in The eBay Business Start-Up Kit. by Richard Stim (Nolo). In addition. New York state has added a line to income tax returns requiring all residents to calculate how much they should pay on Internet. state governments organized to fight back. A look at the numbers explains why -.That. like Texas.com . and other state services. With all of this pressure from states. These taxes pay for everything from schools and police to roads. (The five states that don't have a sales tax -.org) represents retailer organizations lobbying Congress for equal taxation. and more are expected to follow. are even more dependent on sales tax revenue.e-fairness. Many states have reevaluated their attitude towards collecting use taxes.sales tax revenues currently amount to about $150 billion annually and make up approximately one-third of all state revenues. Attorney Whitney Hoffman Hoffman Digital Media www. If you're thinking about setting up an online shop. Naturally. may be changing. Under SSUTA.

Identify the message as an ad.” “Reply-To. but you must disclose clearly and conspicuously that your message is an advertisement. color.S. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. a message to former customers announcing a new product line – must comply with the law. Make sure your spam filter doesn’t block these opt-out requests. But following the law isn’t complicated. 3. gives recipients the right to have you stop emailing them. read. The subject line must accurately reflect the content of the message. The law gives you a lot of leeway in how to do this. and understand.000. It covers all commercial messages. Whitney Hoffman Hoffman Digital Media www. The law makes no exception for businessto-business email. This can be your current street address.CAN-SPAM Act: A Compliance Guide for Business [PDF] from http://business. the CAN-SPAM Act doesn’t apply just to bulk email. Don’t use false or misleading header information. Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $16. Here’s a rundown of CAN-SPAM’s main requirements: 1. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you.” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message. You may create a menu to allow a recipient to opt out of certain types of messages. so non-compliance can be costly. and spells out tough penalties for violations. Craft the notice in a way that’s easy for an ordinary person to recognize.” including email that promotes content on commercial websites.gov/documents/bus61-can-spam-act-compliance-guide-business Do you use email in your business? The CAN-SPAM Act. 2. Creative use of type size. 4. Tell recipients where you’re located. Despite its name.com . Tell recipients how to opt out of receiving future email from you. Don’t use deceptive subject lines. but you must include the option to stop all commercial messages from you. 5. Your message must include your valid physical postal address. or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.” “To. That means all email – for example.com hoffmandigitalmedia@gmail. which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service. a law that sets the rules for commercial email. Postal Service. Your “From.ftc. establishes requirements for commercial messages. a post office box you’ve registered with the U. and location can improve clarity.whitneyhoffman.

Honor opt-out requests promptly. the FTC is finding a way to regulate online privacy sans national legislation directly addressing the issue.com . Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible. you can’t contract away your legal responsibility to comply with the law. But a privacy audit focuses more on how a company is using someone’s personal information internally — how it’s aggregated or repurposed — and when it’s being shared with Whitney Hoffman Hoffman Digital Media www. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CANSPAM Act Monitor what others are doing on your behalf. or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.forbes. that are currently “sentenced” to data security audits — which focus on ensuring that information the company has on us isn’t vulnerable to hackers. There are about a dozen other companies. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee. including Twitter.com hoffmandigitalmedia@gmail. The law makes clear that even if you hire another company to handle your email marketing. and Twitter for the next 10. require the recipient to give you any personally identifying information beyond an email address. Once people have told you they don’t want to receive more messages from you.com/sites/kashmirhill/2011/11/30/so-what-are-these-privacyaudits-that-google-and-facebook-have-to-do-for-the-next-20-years/ The FTC will be auditing Google and Facebook for the next 20 years. Facebook and Google are expected to do 10 privacy audits each over the next 20 years to ensure that their handling of our personal info lives up to the expectations of the FTC.6. So what exactly is a “privacy audit”? It’s not a punishment the FTC had doled out before the Google Buzz settlement. you can’t sell or transfer their email addresses. Two decades is a long probation! As Berin Szoka of Tech Freedom notes. But there is one thing that I can tell you with certainty about that year: it will mark the last privacy audits that Facebook and Google will be required to do for the Federal Trade Commission. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. What Are These Privacy Audits That Google And Facebook Have To Do For The Next 20 Years from Forbes http://www. So.whitneyhoffman. per settlementsthat both tech companies reached with the government agency after complaints about “unfairness and deceptiveness” in the way that they handled their users’ personal information. 7. It’s hard to predict what 2032 will bring. even in the form of a mailing list.

accounting firms. It requires the companies to hire a third-party firm that the FTC approves of. Google’s chief privacy lawyer Peter Fleischer complained on his personal blog about the lack of firms available to do these: Lots of people purport to be able do privacy audits. suggesting that tech companies are better at finding the right people than they would be. but they are often rudimentary checklists (e.. and will likely cost “hundreds of thousands of dollars.” Whitney Hoffman Hoffman Digital Media www. whereas Facebook’s will be due later in 2012.” Google hasn’t finalized who they’re hiring to do their audit yet. “do you have a written privacy policy in place? yes. an associate director in the FTC’s enforcement division. in April 2012. if you ask around amongst people who have tried to hire them. So. offer the service at a competitive cost. while a privacy audit is about how to protect info from authorized and unauthorized access. “We’re giving the auditor a lot of power.g. and talking to product managers to make sure the companies are following through with those policies. “The main difference is that a security audit is about how to protect info from unauthorized access. There are also a few “low-cost” versions floating around. if the FTC decided to pursue the fines in court. and help fill a vacuum? via Peter Fleischer: Privacy…?: Privacy Audits. here’s a business idea. consulting firms are all ready to sell this service. who helped negotiate the settlements with Google and Facebook. We don’t want someone who is going to just rubber stamp their procedures.) Kohm said the auditors will be looking at the technologies and what information is being kept. in 2010. Privacy audit vs. In fact. security audit Jim Kohm.com . at sometimes astronomical costs. check!”) etc. an associate director in the FTC’s Privacy and Identity Protection bureau. combining some deep technical understanding with process rigor.com hoffmandigitalmedia@gmail. talking to the engineers. but in practice. (Auditing firms like KPMG and PwC pop up in a Google search. pre-settling with the FTC.third parties (such as advertisers).” says Maneesha Mithal. Problems that come out in audits could be costly — $16. Google’s first audit is due in six months. The FTC doesn’t provide folks with a list of suggested auditors. Bruce Bakis of Mitre created a handy chart explaining the difference between the two types of audits here (slide 11) [pdf]. There must be more room for the happy middle ground between the super-high-cost customized audit and the self-audit checklist models. Law firms. The FTC is not conducting the audits itself. inspecting privacy policies.000 per violation per day. Why don’t some enterprising people work to establish a privacy auditing business.” says Kohm. so we don’t want someone who’s in the pocket of the company.whitneyhoffman. “The auditor needs to be someone who is objective and independent. you often hear people complain about high-priced pay-as-you-learn tutorials for junior professionals. says that the first audit for the companies may take the entire six months to conduct.

” Many have asked whether the audits will be available to the public once complete.* Whitney Hoffman Hoffman Digital Media www. “If they say they’re not sharing your data with someone. they’d better not be sharing it. assuming those will be available to the public at some point in the next two decades.(Though. the auditors will be at least putting their hands into those pockets.com . What if Google wanted to create a social network based on people who drive on the same roads.) “The auditor’s assessment has to explain how privacy controls have been implemented. or take the same routes to work? “There should be a privacy person who says that they need affirmative express consent from drivers to do that. but that the documents will likely contain trade secrets or confidential financial information in which case they’ll be exempt from public disclosure [pdf]. *Insert joke about Google and Facebook’s right to privacy here. to Google’s work on driverless cars. the auditors would assess to what extent the data is personally identifiable and how that could get out.whitneyhoffman. for example.com hoffmandigitalmedia@gmail. The FTC has indicated that they’ll be available through FOIA requests. “Have they appointed someone responsible for looking at privacy? Are they doing risk assessments? Have they trained employees? Are they doing continual testing to make sure they’re closing loopholes? Do they have service providers that handle consumer data.” she said.” says Mithal of the FTC. since Google and Facebook are paying for the audits. “If they’re collecting data about where the car goes and that sort of thing.” says Mithal. They must keep the data aggregate and not share it with service providers without consent. do they specify privacy protections in the contracts with them?” I asked Mithal how the audit might apply. technically.

Sign up to vote on this title
UsefulNot useful