Cookies GDPR CCPA CASL what Law Firm Marketers Need to Know to Comply

NationalLaw 18 views 51 slides May 10, 2024
Slide 1
Slide 1 of 51
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42
Slide 43
43
Slide 44
44
Slide 45
45
Slide 46
46
Slide 47
47
Slide 48
48
Slide 49
49
Slide 50
50
Slide 51
51

About This Presentation

Legal Marketing Presentation to various LMA chapters by attorney Jennifer Schaller on GDPR, Cookies, CCPA, CASL and covering CAN-SPAM. Info for legal marketing professionals about regulatory compliance and data privacy laws applicable to their law firms CRM Systems. Lawyer Jennifer Schaller of the ...

Size: 8.81 MB
Language: en
Added: May 10, 2024
Slides: 51 pages

Slide Content

What to Know What to Do CAN-SPAM , CASL, GDPR + CCPA

Overview CAN-SPAM, CASL, GDPR + CCPA Data Storage, Breach Notification & Privacy Requirements Examples of Disclosures + Forms Gathering + Storing Data for Compliance Mitigate Privacy Risk to Firm from the Marketing Dept

$42,530 Each separate message in violation of CAN-SPAM Now Combined with TCPA + COPPA !

50% Of U.S. SPAM Complaints Because Recipients Couldn’t Easily Opt Out Opt-out barriers not only jeopardize compliance, they can jeopardize your email deliverability as well!

1 2 3

Opt Out Best Practices Don’t charge a fee Don’t require info. beyond email address Don’t require log in “Unsubscribe” link easy to find One action to opt-out Unsubscribes removed within 10 biz days Unsubscribe link active 30 days

CONSENT + RECORD KEEPING CASL requires you to document consent, either implied or express - definitions. APPLICATION + EXCEPTIONS What is a Commercial Electronic Messages (CEM ) What‘s a Business Relationship CASL NON-COMPLIANCE Penalties, incl criminal charges, civil charges, personal liability for officers & directors, & penalties up to $10 mill CASL (Canada’s Anti-Spam Legislation – 2014 ) (Fully Phased in   July 1, 2017

Existing businesses must implement these changes for new mail recipients , but they have three years (until July 1, 2017 ) to apply them to existing mailing-list subscribers . CASL For all Canadian email addresses added to your email marketing database after July 1, 2014, CASL requires you to document consent, either implied or express.

Applies to any (CEMs), incl text, sound, voice, image & certain social media a person “has clearly agreed to receive a CEM, either in writing or orally.” Explicit =checking a box or typing in an email address (consent cannot be pre-checked) Reel Engine Studios | 2020 EXPLICIT CONSENT

Consent cannot be bundled into general terms and conditions Can’t send an electronic message that contains a request for consent to email them also considered to be a CEM under CASL Applies to CEMs sent from or received by computer systems in Canada Reel Engine Studios | 2020 EXPLICIT CONSENT

Exemptions to express permission incl: CEMs sent within or between orgs with an existing relationship ; CEMs sent in response to complaints, inquiries, or requests ; CEMs sent due to a legal obligation or to enforce a right; CEMs sent in relation to clubs or organizations …..PLUS Reel Engine Studios | 2020 IMPLIED CONSENT

1st message sent for the purpose of contacting a person for a referral (with terms & conditions) the recipient has “conspicuously published” electronic address without a statement that the person does not wish to receive unsolicited CEMs AND message is relevant to person’s business or official capacity Reel Engine Studios | 2020 IMPLIED CONSENT

the recipient has “conspicuously published” electronic address without a statement that the person does not wish to receive unsolicited CEMs AND message is relevant to person’s business …duties in a business or official capacity) Reel Engine Studios | 2020 IMPLIED CONSENT

CASL Records + Processes 2) Provide a way for the recipient to readily contact the sender. 3) Provide a functioning unsubscribe method that meets these requirements: Must be functional for 60 days after the message has been sent. Must process a request within 10 days. Both an email + a link for unsubscribing 4) You must store the following information for each of your recipients’ addresses: Type of opt-in (paper, landing page, sign up, etc.) Example of sign-up webpage (if applicable) Date they opted-in The connecting IP (if applicable) Provide a way for the recipient to readily contact the sender Provide a functioning unsubscribe method that meets these requirements: Must be functional for 60 days after the message has been sent Must process request within 10 days Both an email + a link for unsubscribing You must store the following information for each of your recipients’ addresses: Type of opt-in (paper, landing page, sign up, etc.) Example of sign-up webpage (if applicable) Date they opted-in / opted-out The connecting IP address (if applicable)

€20mil Or Sanctions of up to 4% of Annual Global Revenue In addition to brand and reputational damage!

Applies to EEA – Broader Area than EU GDPR General Data Protection Regulation 1 Year Later + Pending E-Privacy Changes GDPR + e-Privacy Directive = EU Privacy Requirements & are Tentatively Changing Again in 2019!!!

Cookies and similar technologies (more info to follow) Electronic direct marketing (email, texting, fax marketing) and most likely soon other direct messaging platforms Phone marketing What’s the Difference?? GDPR + e-Privacy Directive GDPR = general privacy framework for personal data, regardless of type of use, sector or industry Since 2002 e-Privacy Regulates

Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. g GDPR + e-Privacy Directive BASICS Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Photo Printing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Film Developing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Social Media Posting

Freely given, specific and informed Cookie Consent Post-GDPR + New e-Privacy Evidenced by an “affirmative act” Inactivity does not constitute consent Provision of a service pursuant to a contract cannot be conditioned on consent for processing that is not essential Cookie Quiz!!!!

Cookie Quiz!!!! Post-GDPR + New e-Privacy Is the continued use of a website an affirmative act from which consent may be inferred? Does the use of a pre-checked cookie box count as valid consent? The website does not provide the option to use the website without cookies. In other words, there is no option to deny the use of cookies. Is this cookie disclosure OK?

Cookie Consent GDPR .

Cookie Consent GDPR .

Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. g GDPR BASICS Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Photo Printing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Film Developing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Social Media Posting

Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. g GDPR BASICS cont’d Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Photo Printing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Film Developing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Social Media Posting

Under GDPR guidelines, data processing is only acceptable on the grounds that it can be justified as a necessary requisite to accomplish a specific goal. Article 5 of the GDPR  states that personal data can only be “collected for specified, explicit and legitimate purposes.” Minimize Personal Data by Necessity

2) Provide a way for the recipient to readily contact the sender. 3) Provide a functioning unsubscribe method that meets these requirements: Must be functional for 60 days after the message has been sent. Must process a request within 10 days. Both an email + a link for unsubscribing 4) You must store the following information for each of your recipients’ addresses: Type of opt-in (paper, landing page, sign up, etc.) Example of sign-up webpage (if applicable) Date they opted-in The connecting IP (if applicable) Minimize Personal Data by Necessity Personal data means any information relating to an identified or identifiable natural person (‘data subject’) an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier

2) Provide a way for the recipient to readily contact the sender. 3) Provide a functioning unsubscribe method that meets these requirements: Must be functional for 60 days after the message has been sent. Must process a request within 10 days. Both an email + a link for unsubscribing 4) You must store the following information for each of your recipients’ addresses: Type of opt-in (paper, landing page, sign up, etc.) Example of sign-up webpage (if applicable) Date they opted-in The connecting IP (if applicable) Minimize Personal Data by Necessity Identifier such as: a name, an I.D number location data an online identifier factors specific to: physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

GDPR Legitimate Interest

Key Provisions: CAN-Spam v. CASL

Keeping evidence of consent means that you must be able to provide proof of: When they consented What they were told at the time of consent How they consented (e.g., during checkout, via Facebook form, etc.) Whether they have withdrawn consent – when / how Organize Your Data Keep Evidence of Consent

Organize Your Data Delete, securely store any non-essential PII (Personal Identifiable Info) Specially protected categories (ethnic, marital status) Info you would be embarrassed if contact knew you had. Be careful with children's info (info in CRM about contact’s kids, spouse’s health info)

Those in EEA without explicit consent Those without address or country information Older prospects / former employee’s contacts Let other employees know who is on suppression list Organize Your Data Build a Suppression List

Right to be forgotten Right to be Forgotten

Portability + Best Practices . Restrict access to key functions and information Talk with vendors Determine breach / request for info procedure Train your staff; regularly review procedures; audit

Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. g CCPA BASICS Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Photo Printing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Film Developing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Social Media Posting

Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. g CCPA BASICS cont’d Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Photo Printing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Film Developing Presentations are communication tools that can be used as demonstrations, lectures, speeches, reports, and more. It is mostly presented before an audience. Social Media Posting

Comparison of Key GDPR and CCPA Requirements

Ten Steps to Prepare for the CCPA Data inventory and map for your data flows to assess what information you may need to start disclosing publicity or in response to a CCPA rights requests Update your privacy notices to include any required disclosures regarding your collection of personal information or California residents’ rights under the CCPA Add a “Do Not Sell My Personal Information” button to your website Establish at least two ways for California residents to submit CCPA rights requests, including a toll-free telephone number Develop policies and procedures to respond to requests from California residents to access, delete, or opt-out of the sale of personal information

Ten Steps to Prepare for the CCPA – cont’d 6. Review your agreements with existing vendors to determine which ones may be considered “third parties” or “service providers” under the CCPA. Develop standard contracts or agreement riders for “service provider” engagements that comply with the CCPA. Develop a due diligence process to understand, evaluate and manage your vendors’ privacy and data security practices. Evaluate your existing information security practices and procedures and incident response policy. Train applicable employees regarding CCPA requirements.

Begin With An Action Plan – Who is responsible, Location + what to keep Work with GC to take direction case info vs. marketing info. Develop a process to determine what and how long your going to keep data Need to know who within org owns data and how you got it Need to know location of contact Data sorting to ID location can use phone number or .ca or .de help give a clue to contacts location Update data collection forms + how info stored, consider getting rid of personal data collection not expressly needed For data not going to keep – process on who can access info. New protocols to isolate data Building a suppression list – timelines for limited access to data – timelines for data deletion For data not going to keep –records on what and when deleted Develop privacy policy with GC Develop process if person wants to access or change their data with GC Develop breach plan with GC

CAN - SPAM Tools + Resources FTC CAN-SPAM Act: A Compliance Guide for Business https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business Is Your Email Marketing Compliant With The CAN-SPAM Act? https://www.forbes.com/sites/forbesagencycouncil/2018/06/06/is-your-email-marketing-compliant-with-the-can-spam-act/#100f393f32d0 Complying with the CAN-SPAM Act https://www.lexisnexis.com/lexis-practice-advisor/the-journal/b/lpa/posts/complying-with-the-can-spam-act

CASL Tools + Resources Canada’s Anti Spam Legislation website + Is it Spam Quiz https://www.fightspam.gc.ca/eic/site/030.nsf/eng/home https://www.fightspam.gc.ca/eic/site/030.nsf/eng/00016.html https://crtc.gc.ca/eng/com500/guide.htm Deloitte Canada’s Anti-Spam Law FAQ https://www2.deloitte.com/ca/en/pages/risk/articles/canada-anti-spam-law-casl-faq.html Canadian Anti-Spam Law: What You Need to Know https://sendgrid.com/blog/canadian-anti-spam-law-need-know/

Navigating the Inbox: Understanding How GDPR Impacts You - LMA Webinar 3-20-18 https://www.legalmarketing.org/p/do/sd/topic=521&sid=7470 Orrick’s EU GDPR Readiness Assessment Tool https://www.orrick.com/Practices/GDPR-Readiness https://www.alstongdprtracker.com/eea-map/ Alston & Bird GDPR + Privacy Tracker Does GDPR Require New Consent from Existing Clients? https://www.compliancejunction.com/gdpr-require-new-consent-existing-clients/ GDPR Tools + Resources

CCPA Tools + Resources Orrick Readiness Tool for California Consumer Privacy Act https://www.orrick.com/News/2019/04/Orrick-Unveils-Sophisticated-Tool-to-Assess-Readiness-for-California-Consumer-Privacy-Act The California Consumer Privacy Act of 2018 https://privacylaw.proskauer.com/2018/07/articles/data-privacy-laws/the-california-consumer-privacy-act-of-2018/ CCPA and GDPR: Comparison of certain provisions https://www.whitecase.com/publications/article/ccpa-and-gdpr-comparison-certain-provisions
Tags
privacy law jennifer schaller can-spam crm data privacy gdpr ccpa email marketing canada anti-spam casl law email lists privacy data storage privacy regs legal marketing storing data jennifer schaller privacy law crm what data kept law firm data storage email marketing compliance opt out for legal marketing who can you text opt out for emails opt out for texts law
Categories
Marketing Business Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 18
  • Slides 51
  • Age 569 days
Related Slideshows
The Ins and Outs of Sports Sponsorship: What Characterizes the Best Deals and Activations 83
The Ins and Outs of Sports Sponsorship: What Characterizes the Best Deals and Activations
NeilHorowitz
35 views
Commerce at the Limit - Marketecture - October 2025_v5.pptx 50
Commerce at the Limit - Marketecture - October 2025_v5.pptx
EricSeufert
367 views
Marketing Environment and navigating changes 13
Marketing Environment and navigating changes
neetinaag
29 views
FAMILY_PLANNING_METHODS available for women 34
FAMILY_PLANNING_METHODS available for women
Isaiah47
26 views
himani .8.pptx this is about marketing presentation that how marketing control works 8
himani .8.pptx this is about marketing presentation that how marketing control works
sakshi287109
28 views
GAT NEW.pptxfgjjkkkbhhhjjjjiiiuuuuuu8uy4rr 54
GAT NEW.pptxfgjjkkkbhhhjjjjiiiuuuuuu8uy4rr
SirajudinAkmel1
24 views
View More in This Category