Privacy Pros Say Compliance Requires Constant Evolution
CHICAGO -- Keeping up with compliance is critical as the field of privacy evolves, in-house lawyers at two companies told the Association of National Advertisers ad law conference this week.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
“We try to take a practical approach where we try to keep the principles simple,” Kevin Jones, S.C. Johnson counsel, said on a Tuesday panel. “We try to think as a consumer and make those notices and choices as meaningful as possible, while constantly evolving our practices to make sure that people can actually make those choices in a way that is understandable and makes sense.”
An item that has required updates is AI, which “has been changing things by the day," he said. Jones noted that S.C. Johnson is in the middle of a website migration, which has given it a chance to take a fresh look and improve its notices to consumers.
On a Monday panel, Taxwell Chief Legal Officer Willa Kalaidjian similarly noted the “privacy landscape is evolving.” As a result, “the practices that might have been very commonplace or industry norm a few years ago ... may not be a best practice for us” now.
The tax software company regularly conducts privacy training, Kalaidjian said. Also, Taxwell reviews every piece of ad tech before it goes up on its website -- and then audits it after it goes online.
“A few years ago, we introduced a structured intake process to review and approve all third-party ad tech that gets placed on our website,” she said. Requesters must answer a “structured questionnaire” that’s “partially automated through our risk management platform,” she said. They must list the technology type, what data it will collect and where the cookie or tracking pixel will be placed, she said. Then, the legal team reviews the information with consideration for data minimization and reputational risk, among other things, Kalaidjian said.
“Having that consistent process has been very integral in terms of making sure we're documenting everything before those technologies get implemented on the website."
But the review doesn’t end there, said Kalaidjian. “Once that ad tech is deployed on [the] site, we are regularly testing our opt-outs to make sure cookies are categorized properly,” for example, so that “when someone opts out of targeting cookies … [it's] working as intended.”
The company also regularly scans its website to ensure cookies are where they say they are, she said. “The goal is to catch issues quickly and remediate them.”