Maximizing Deliverability

What the FTC's ruling means for Facebook and Privacy

There is a great article talking from Mashable today discussing what the new FTC settlement means for Facebook and other email and social media websites with regards to privacy. While Facebook will have to go through a third party bi-annual audit it seems that they have already learned from their past mistakes, but this ruling is important for other social networking sites to learn from.  For more information click here--


Learn about other email deliverability solutions we provide at StrongView.

Posted by: Spencer Kollas at 7:10 AM
Categories: geo-targetting, permissions, privacy, social sharing

Deliverability and Privacy--one in the same?

Over the years I have seen the role of deliverability experts change and grow. When I first started it was mostly around getting customers to set up authentication, setting up whitelists and feedback loops, understanding bounce codes and making sure clients knew what they need to do in order to get into the inbox. Recently I have noticed an interesting trend in the deliverability space. More and more of the deliverability experts are also becoming privacy experts as well. In fact some of my peers have moved into a strictly privacy focused role, with very little time spent on email deliverability. While I understand that these two fields have a good amount of overlap, I am just wondering if these folks are unique by crossing over or if this is a trend that the industry should plan for.

I have my own opinions on this matter but for all the email marketers out there, my question is easy—do you expect your ESPs deliverability team to also consult with you on privacy related issues?

I look forward to hearing as much feedback on this as possible.

Posted by: Spencer Kollas at 8:43 AM
Categories: deliverabilty, privacy

Court: IP Addresses Are Not 'Personally Identifiable' Information

Republishing of article

Court: IP Addresses Are Not 'Personally Identifiable' Information
By Wendy Davis
MediaPost Publications
July 6, 2009


In a ruling that could fuel debate about online privacy, a federal judge in Seattle has held that IP addresses are not personal information.

"In order for 'personally identifiable information' to be personally identifiable, it must identify a person. But an IP address identifies a computer," U.S. District Court Judge Richard Jones said in a written decision.
Jones issued the ruling in the context of a class-action lawsuit brought by consumers against Microsoft stemming from an update that automatically installed new anti-piracy software. In that case, which dates back to 2006, consumers alleged that Microsoft violated its user agreement by collecting IP addresses in the course of the updates. The consumers argued that Microsoft's user agreement only allowed the company to collect information that does not personally identify users. Microsoft argued that IP addresses do not identify users because the addresses don't include people's names or addresses. The company also said that it did not combine IP addresses with other information that could link them to individuals.
Last month, Jones sided with Microsoft and dismissed the case before trial.

But some say that Jones's decision about IP addresses is inconsistent with other recent opinions about the issue. Eric Goldman, director of the High Tech Law Institute at Santa Clara University, points out that the European Union considers IP addresses to be personal information. Last year, the EU said that search engines should expunge users' IP addresses as soon as possible.

Additionally, a court in New Jersey ruled last year that Internet service providers can't disclose users' IP addresses without a subpoena, on the theory that people expect their IP addresses will be kept private.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, criticizes the Microsoft ruling as "a silly decision." "The judge didn't understand the significance of the IP address or the reason that it was collected," he says.

Rotenberg adds that the judge prematurely dismissed the case, arguing that more facts were needed to determine whether IP addresses were personally identifiable.

Today, industry observers say that IP addresses can be combined with other information to determine people's identity. In addition, even when IP addresses have been anonymized, it's possible to associate the account with a specific individual, given enough other information. The most famous example occurred in 2006, when AOL released search logs showing queries made by more than 650,000 members. The members' IP addresses had been changed, but the queries themselves contained enough clues to people's identities that The New York Times was able to find and profile one "anonymized" user, Thelma Arnold, within days. At the time of that incident, many companies took the position that IP addresses were not personally identifiable information.

Jules Polonetsky, co-chair and director of the think tank Future of Privacy Forum, adds that many sites with older privacy policies maintain that they don't collect personally identifiable information, but log IP addresses. "For many years, people just threw around the term 'personal information,'" he says. "They didn't pay attention to account IDs in the hands of third parties, IP addresses -- other types of information that, with some effort, could become identifiable."

Polonetsky says that companies today are rewriting privacy policies to more carefully define their terms, adding that many in the industry now view IP addresses as more sensitive than completely random data.

Posted by: Spencer Kollas at 9:58 PM
Categories: IP addresses, legislation, privacy