Copyright © 2009 Chip Cooper Let’s suppose you want to track behavioral data indicating how users use your website. You provide users who volunteer with a downloadable software application to track this data. Also suppose you provide a notice of your tracking plan in your end user license agreement accompanying the software, and also in your privacy policy. Should you feel confident that you’ve covered all the bases in terms of website legal compliance? No… says the Federal Trade Commission (FTC) in a June, 2009 settlement with Sears Holding Corporation. The Sears.com Case Sears operates both the Sears.com and Kmart.com websites and related marketing operations. To collect consumer behavior regarding shopping habits, Sears initiated a new online community promotion called “My SHC Community”. Sears pitched consumers to join its online community to “participate in exciting, engaging, and on-going interactions – always on your terms and always by your choice.” Participating consumers were paid $10. As part of the registration process for the online community, consumers were notified that if they joined the community, “research” software would be installed on their computers to facilitate the tracking of their “online browsing”. However, the real extent of the tracking was disclosed only toward the end of a relatively long end-user license agreement that was presented in a scroll box at the end of a multi-step registration process. Tracking disclosures were also made in Sears’ Privacy Statement. According to the FTC, starting on line 75 of its agreement, Sears indicated that the “research” software would track “nearly all Internet behavior” of participants including “web browsing, filling shopping baskets, transacting business during secure sessions, completing online application forms, checking online accounts, and, through select header information, use of web-based email and instant messaging services.” The FTC claimed that Sears had failed to adequately disclose the scope of its online tracking to consumers. According to the FTC, facts regarding the full extent of the tracking would be material to consumers who were deciding to participate in the online community, and Sears’ failure to adequately disclose these facts constituted a deceptive act in violation of Section 5 of the FTC Act. Sears Settles With The FTC Sears agreed to do the following as part of the proposed settlement agreement: * disclose to consumers all of the types of data that will be tracked, how the data will be tracked, and the extent to which it may be shared with third parties; * obtain express, op-in consent from consumers for the download of the tracking software through the use of a button or link that is not pre-selected and is clearly labeled; * provide notification to participants in the online community regarding the installation of the tracking software and how to uninstall it; and * discontinue collecting data that was transmitted prior to the settlement, and destroy all data collected prior to the approval of the settlement. Conclusion The key take-aways from the Sears case are that: * the true scope of consumer tracking must be prominently and conspicuously displayed, and * the display should be made early in the consumer’s decision-making process. “Burying” such disclosures in an end user license agreement and a privacy policy will no longer comply. The Sears case is significant because it is a clear indicator of future enforcement by the FTC in the areas of transparency in the tracking of consumer behavior.
Posts Tagged ‘compliance’
New Consumer Tracking Rules Make it Easier to Flunk Website Legal Compliance
Posted in Software Piracy 
Tags: compliance, Consumer, Easier, Flunk, Legal, Rules, Tracking, Website 
Comments OffExport Trade Compliance – What Every Contract Manufacturer Needs to Know About Export Compliance
Contract manufacturers (CMs) have become the de facto production division for many U.S. companies. The reasons for this continued trend include outsourcing non-core competencies (i.e. manufacturing), reducing supply chain costs, reducing capital expenditures, and building flexibility into production operations. The CM’s customer who exports is required to comply with the U.S. Department of Commerce Export Administration Regulations (EAR) and the U.S. Department of State International Traffic in Arms Regulations (ITAR). The EAR has jurisdiction over “dual use” items, that is, those items with both commercial and military applications, while ITAR has jurisdiction over defense articles. But what about the CM’s export compliance requirements? CMs must first establish whether or not the assemblies or products they produce are under the jurisdiction of ITAR or EAR. For this reason it is important that the CM have a good understanding of their customer’s business. Receiving drawings stamped “ITAR Controlled” are a sure bet that the products fall under ITAR jurisdiction. Are the assemblies used in defense, satellite or aerospace applications? Are the items used in telecommunications or commercial applications? If so, what are the end articles produced and what are their end-uses? CMs will likely already know the answers to these questions, which will help to determine the commodity jurisdiction. Items under ITAR jurisdiction are defined on the U.S. Munitions List (USML), which can be found in CFR 22, Part 121. In addition to ammunition, missiles and explosives, this list includes military vessels, vehicles, aircraft, training equipment, protective personnel equipment, military electronics, optical and guidance control equipment. It is imperative that the CM knows that the USML includes components, parts, accessories, attachments, and associated equipment specifically designed or modified for use with the equipment in each of the USML categories. Consequently, the subassemblies that a CM produces are controlled on the USML. In addition, ITAR Part 120.10 controls technical data which is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles. This includes information in the form of blueprints, drawings, photographs, plans, instructions and documentation. Items under EAR jurisdiction can be found on the Commerce Control List (CCL) in CFR 15, Part 774. The CCL includes items (commodities, software, and technology) subject to the authority of the U.S. Department of Commerce, Bureau of Industry and Security (BIS) and include “dual use” items as well as purely commercial items. The CCL does not include those items exclusively controlled for export by another department or agency of the U.S. Government. In instances where other agencies administer controls over related items, entries in the CCL will contain a reference to these controls. If you are unsure of the export jurisdiction of an item or service, you should request a commodity jurisdiction (CJ) determination from the U.S. Department of State, Directorate of Defense Trade Controls (DDTC). SO, WHAT DOES A CM NEED TO KNOW ABOUT EXPORT COMPLIANCE? Under ITAR Jurisdiction * Registration with the Department of State (DDTC). This is required even if the CM does not export the controlled items * Notification of the DDTC of violations of criminal statutes, changes in senior management, changes in foreign ownership, and mergers and acquisitions * Maintenance of records concerning the manufacture, acquisition and disposition of defense articles and technical data * Application for licenses (or use of appropriate exemption) for exports of items on the USML * Application for licenses (or use of appropriate exemption) for technology transfers of items on the USML to foreign persons or entities Under EAR Jurisdiction * Application for licenses (or use of appropriate exception) for exports of items on the CCL and Commerce Country Chart as required * Application for licenses (or use of appropriate exception) for technology transfers to foreign persons or entities of items on the CCL and Commerce Country Chart as required * Checking on end-user against government lists of prohibited parties/entities * Ensuring that items are not intended for prohibited end-uses (i.e. WMD) Failure to comply with these federal regulations can result in significant criminal penalties (possible prison sentences and fines) and civil action (e.g., fines and denial of export privileges). For more information about corporate trade compliance or to contact an export trade compliance specialist please visit http://www.wearecompliant.com
Posted in Software Piracy Tags: About, compliance, Contract, Every, Export, Know, manufacturer, Needs, Trade Comments OffProtect Your Company with Good Quality Financial Compliance Software
If you work in the financial services sector then you are well aware of the spot light that is now being shined on you. Thanks to a series of actions that ultimately lead to the collapse of the world economy, financial compliance software is no longer optional. Your executive team may be personally liable and certainly your company is responsible for ensuring that your books are maintained to an increasingly high standard. Unfortunately, we all know that in today’s world no organization is immune to mismanagement or financial wrongdoing. So how can you protect yourself, your company, and those around you from becoming vulnerable to financial irregularities? One key way is to implement well designed financial compliance software. Of course, no financial compliance software will prevent someone from taking the wrong course if it’s set in from of them. But what your systems can do is alert you when there is a non compliance. You need a full featured financial compliance software system to ensure that you have the audit and compliance reviews to help you avoid trouble. This early warning system can save an organizations reputation and indeed prosperity. For most companies it makes good sense to turn to financial compliance software that is already developed to global best practices and is accessed via the internet or intranet. A well developed web enabled system can help you avoid the costly and time consuming process of maintain the staff and resources needed to support the system. Web enabled financial compliance software runs 24/7 meaning it works when you work. Licenses for web versions typically include software upgrades for some period of time. Not only do you avoid the cost of the hardware, you can be assured that your financial compliance software stays up to date and current The Internet provides a great place to start looking when it comes to finding a specific package for your financial needs. Most of larger more established software providers will provide you with a configured demonstration. They will also offer you support and training. This is extremely important if you expect to get your system up and running quickly. Take full advantage of this In terms of a specific financial compliance software package you need something that is flexible and configurable in order to maximize the return on investment. . You should also be prepared to take full advantage of any training that is offered. Look for a powerful and customizable reporting engine that will help you keep an eye on your systems. The point is, there are many solutions out there. Do a little homework but don’t delay in getting your financial compliance software in good shape now.
Posted in Software Piracy Tags: Company, compliance, Financial, Good, Protect, Quality, Software Comments OffCompliance, Security, And Cost-Efficient Management: Ecm Rises To The Challenge
The combination of a weak economy – causing many to streamline operations to keep afloat – and increasing regulatory demands made business challenging for many in 2009. Those that emerged from the rubble of crumbling profits, hoping to resurrect their bottom line and succeed in this decade are working harder than ever, often with fewer resources. Although the economy will eventually improve, the regulatory scene is becoming more demanding, placing greater burdens on business. Only those that make wise use of limited resources will survive. Despite recent unpredictability in government, business, and the economy, one thing is unchanged: compliance, security, and cost-efficient management remain the focus of many businesses. Named in multiple industries as the top three drivers for enterprise content management (ECM), they are more closely intertwined than ever: Cost efficiency is only possible in today’s litigious economy with an integrated, efficient compliance management program that mitigates risk and avoids costly penalties. In a paper or mixed media environment, it’s nearly impossible to achieve. Compliance is only achievable with stringent internal controls and an overseeing force to manage document security, governing access to information and how it is used. Entrusting oversight to fallible humans alone means there will always be mistakes. Zero tolerance is on the rise; penalties for non-compliance can be financially devastating. Security is only manageable in information-intensive businesses when you have the tools to pull all of your information together so it can be controlled, centrally and consistently. Even with a full complement of employees, it’s challenging. In a paper-based environment, it’s impossible. The solution? ECM. ECM in 2010: stronger, more accessible ECM delivers the control and insight you need to run your business intelligently, compliantly, and with confidence. What’s different this year? Top-line solutions are more accessible, interoperable, affordable, and intuitive, making it easier than ever to secure documents, govern them consistently, and comply. ECM is a mature technology. When its capture, indexing, processing, and archiving capabilities are coupled with powerful Web services (now the industry standard for integration, but not offered by everyone), businesses benefit from redefined connectivity. ECM connects silos of vital business information, giving you comprehensive insight into your business, tools to work efficiently, the consistency you need to comply, and the digital trail to prove regulatory fulfillment. Since the palette of ECM tools varies from one solution to the next, it’s vital to know what you’re looking for. The tips below will help you to find the best solution for your business. Look for a system that will: 1. Help you manage changing regulations Whether you’re ruled by the mandates of HIPAA, SOX, Gramm- Leach-Bliley, FERPA, the Freedom of Information Act or other regulations, managing compliance is expensive. ECM lets you track information, implement rules for information management, amend those rules to reflect regulatory changes, and ensure they are followed. It removes the burden and streamlines costs by following your rules implicitly – correctly, completely, and consistently. Look for: …web-based architecture that lets authorized IT staff administer the system remotely, 24/7, and allows authorized persons to access, view, search, process, and manage requests for information, wherever and whenever it’s needed. …configurable functionality that lets you regulate who can access and manage various document types (HR contracts, invoices, etc.) and the functions each person can perform (importing, indexing, emailing, etc.). …centrally configured, administered, and supported software. Modular solutions typically require multiple configurations and are more difficult to support. Central configuration saves considerable time and money. …a business process management (BPM) or workflow component. BPM lets you regulate internal governance policies by setting rules and exceptions for routine processes (such as invoicing) that are followed without question, eliminating human error. Since BPM presents the greatest potential investment returns for an enterprise, buying ECM without a BPM/workflow component is shortsighted. Regulations change constantly, so make sure the solution you choose will let you make modifications easily so you can enforce new rules on the fly. …lifecycle management features to let you set default retention schedules, backups, audit trails, data migration, and destruction schedules. Managing files throughout the entire document lifecycle is an important part of compliance. …detailed audit trails that prove observance of the rules you set in response to regulations. Whether you’re replying to e-discovery requests, Open Records, or auditing demands, electronic discovery is far more cost effective than manually searching through scattered files. ECM, when integrated with legacy systems, line-ofbusiness software, email, and other digital repositories, produces thorough audit trails, mitigating the risk of non-compliance penalties and saving staff considerable time. Make sure your solution provides the detail you need. 2. Assure file security As organizational hierarchies, regulations, positions, and job functions change, security rules must be adjusted. Centrally administered ECM makes it easy for IT administrators to amend the rules: a few clicks in one place, and all of the features and functions within the suite follow the new rules. No more need to rely on perfect memory, reminders, logons and passwords and hoping new employees get it right. ECM ensures the right people have access, know what to do, and can process their work. Organizational dictates are followed – every time. Look for: …the ability to lock down document types and specific document sections by groups of users (such as HR managers) and job role (such as directors or department managers). …configurable, permission-based feature rights that let you determine who can retrieve, view, edit, annotate, sign, email, move, or delete documents; initiate workflows; etc. …a centralized, tamper-proof repository to ensure the accuracy, quality, and integrity of archived information. …the ability to electronically create file backups and enable quick recovery of information in the event of a business catastrophe. 3. Make compliance (and operations) cost efficient In a paper-based or mixed media environment, compliance demands drain limited human and financial resources. Managing processes, following approval hierarchies, updating duplicate information in multiple systems (such as customer contact data), and filing documents correctly to ensure they’re found later demands precious time. Logging into multiple software systems, re-keying data from one system into another, wading through duplicate or conflicting customer records, and searching for insufficiently indexed or missing documents adds to the frustration. Being ill prepared to respond to demands is costly enough; making mistakes, missing deadlines, and failing to find information when it’s needed can be financially devastating. ECM lets you respond to mandates cost efficiently by eliminating tedious search, expediting processes, eliminating the incidence of duplicate files and tasks, and ensuring your rules for access and processing are followed. Look for a solution that will: …index documents thoroughly so staff with diverse needs and searching methods can find what they need. …integrate thoroughly with industry-standard Web services. Make sure the functionality of the suite you choose is fully underwritten in web services so you can take full advantage of its features and functions within your users’ familiar business software. This reduces the learning curve and cost of training. Also investigate your vendor’s fees for Web service calls: If you have to pay for every data request you make, you’ll be surprised how quickly it adds up. …accommodate all phases of the document lifecycle, from document creation and capture through indexing, business process automation, document archival, retention, and destruction. …deliver the information you need. Look for diverse search functionality such as enterprise, full-text, and keyword search. If you’re subpoenaed for information, you can’t afford to consume staff resources scrolling through electronic files manually because your ECM system won’t deliver what you asked for. ECM that is configurable, with thorough indexing and strong search, should respond to requests in seconds. 4. Be embraced by staff A clear vision, solid plan, and top-line ECM won’t solve your business challenges unless the solution is fully embraced by your IT staff and end users. Consult them as you evaluate business needs. Understand their day-to-day challenges, no matter where they stand in the hierarchy. Streamline and improve your current processes before you get started with ECM. Since both IT and end users are facing more responsibilities than ever, the solution needs to make their lives easier, every day. Look for: …a flexible user interface, with drop-down menus, on-line help, and user-friendly documentation to guide end users. …adjustable, moveable windows and work spaces to honor employees’ individual work preferences and maximize their productivity. …a central log-on for all work, rather than needing to log in and out of each function to start scanning, send emails, launch processes, etc. Don’t waste precious staff resources on inefficient access to ECM products that exist to promote efficiency! …a full suite of functionality that is centrally configurable, administered, and supported. This significantly reduces IT administration and eliminates the need to log in and out of each application to make changes. Considerations in buying ECM Quality vs. cost Choosing a top-of-the line solution has never been as affordable as it is today, but don’t make the mistake of making price your only criterion. If you sacrifice quality or choose a solution that won’t meet your needs as the economy rebounds and your organization grows, [...]
Posted in Software Piracy Tags: Challenge, compliance, CostEfficient, Management, Rises, Security Comments OffRegulatory Compliance and Air Quality Management Services
What is Regulatory Permitting? Our governments keep a tight control on air polluters. They have to maintain their licenses and approvals to stay in business. Or to change any emitting characteristic of their business. What happens to contaminants once they reach the atmosphere? Do they go up and away or do they hit the ground elsewhere? A little of both, really, and at different times. With the right computer software and knowledge, a consultant can determine what will happen, where, when and how often. They can figure out if a problem will persist, resulting in complaints from neighboring communities, diseased foliage and livestock, or visibility problems. And they can even address potential public health problems. Where will ground level concentrations become problematic? What can be done to fix it before it even happens? These things to have answered ahead of time. Modelling, as this activity is called, is about design. Modellers parameterize the physical layout and emission characteristics and then quantify resulting gas and particle concentrations in the ambient atmosphere. They then use these numbers to make design and policy decisions for the plant. Ones that will keep it out of trouble. Please see http://www.stuffintheair.com/airqualitymodeling.html for details about the air dispersion modeling process. Good modelers work in conjunction with government officials to arrive at a workable solution for the company. Keep an eye out for models with names like CALPUFF and others as they are standard tools of this trade. These professionals report the modelling results and interpretations to the client and to officials. They say which modifications have been made to correct situations, if needed. The most advanced people in this field go to bat for their clients. They attend hearings and defend the operation. We call them expert witnesses. We do not want diseases from air pollution. Air quality modeling helps us determine how to avoid that. A variety of substances come from a variety of plants and can have a variety of effects. None of them good. With modelling, policy makers can reduce those effects. A consulting service company performs dispersion modeling, prepares relevant agency applications and handles the tricky side of the approval process. There may be several boards and offices to deal with for a simple situation. It helps to use professionals who know the regulatory staff personally, work with them repeatedly and can maneuver skillfully through the regulatory process with the smallest amount of friction possible. Another thing to deal with is government reporting. Emissions, wastewater and air quality data have to be sent to the appropriate agency. It has to be accurate and delivered on time. With the right consulting firm, you never have to think about those tasks yourself, once the reporting procedure is initially set up. More complicated environmental laws make for more difficult procedures needed to be in compliance. Especially when it comes to air. Therefore production firms have become less likely to perform these tasks in-house. Expertise needed to obey the rules has become very much a multi-disciplinary thing. That is a key reason for the rise in consulting service firms. All that expertise in one place providing knowledge-based services to several clients really has become more efficient than trying to cultivate the know-how within the office walls of manufacturers. That goes beyond technical knowledge. An understanding of human nature plays a major role as well. With that understanding, professionals can negotiate with other companies and regulatory staff to get to what is best for all involved. They need to defend their work, justify their arguments and point out how the environment and how society benefits from their accomplishments. The client benefits even more greatly. For example, energy producers may have problems with emissions. They work with large volumes of stocks that may result in emissions of sulfur compounds, carbon compounds, particulates and other noxious substances. Do oil companies meet a lot of public opposition? Is it all warranted? Maybe the public is concerned about the unknown. Maybe interveners need to know how thorough and careful a producer is these days when it comes to ecological issues. But that credibility has to be there in the first place. Simply obeying the laws goes a long way. Doing so is not trivial by any stretch. Needed tasks can include audits, applications, remediation and management. If it’s too complicated for you, a consulting company will help.
Microsoft Copyright Compliance Tool And Uk Small Businesses
A new software compliance tool aimed at medium sized businesses that have windows based machines and also ones that use internet explorer as their default browser has been launched and is being sold by Fast Consultancy Services. The Fast Consultancy Services is selling the Fast Compliance Manager software as a support of the Federation against Software Theft (FAST) that was launched recently. The consultancy firms managing director Andy Pearce explained that the software has been incorporated into the firms existing membership. He further stated that the firm does not sell the software or trainings, rather they sell membership and also that they offer a wide range of consultancy and professional services. The consultancy firm is looking for businesses that will sign up to either one of their three different packages that offer analysis of procedures and policies, software provision and support, telephone and trainings all at a fixed charge paid annually for renewal of the membership. The membership fee is set at £6,000 pounds per annum, a basic package is £3,500 per annum, the premium version is set at £9,995 per annum and it includes a Software Asset Management (SAM) review. Andy mentioned an unnamed company that was charged £600,000 over-licensed because it failed to show the software it had on its old hardware. Additionally, he said that a multinational company in the Midlands ended up with £1.3million over license with its software. Fast which has 2,500 members in UK from all sectors says that the software is targeted at SMEs that have 30 to 250 PCs in their business but this does not single out smaller businesses. Andy however said that the software does not have anything to offer to the smaller businesses. He further stated that Fast is a commercial enterprise that has a responsibility to their shareholders that is why they are focusing mostly on 30 to 250-PC market segment where there is a significant opportunity. Furthermore he stated that their Federation against Software Theft (FAST) is making enterprises to be up to date on legislations so as not to be fined for software piracy. Samantha Bramwell Microsoft’s anti-piracy and SAM marketing manager commented that the Fast should look deeper into covering the small businesses since they will expand into larger enterprises. She further added that she knows that many companies have complained of the hard and long process in Microsoft’s licensing model which is over complicated, unwieldy and difficult to work on. On the Microsoft’s model defense she said that they are offering over 500 options. Meanwhile, all UK organization that are interested in adding the Fast consultancy software to their systems, they will have to install the free Microsoft’s SQL Server Express edition that does not require a license to allow you to host the data base. Additionally there will be no client installations that will be required because the database can be accessed through the web browser. However the Fast software only supports Internet Explorer only.
Posted in Software Piracy Tags: Businesses, compliance, Copyright, Microsoft, Small, Tool Comments OffHow I Learned to Love (“Ate”) Software Licensing
By: Cris Wendt Software Licensing is always a complex topic, filled with numerous approaches and issues.
Posted in Software Piracy Tags: common-behavior, common-license, complex-topic, compliance, from-the-old, license-success, Licensing, michael-smith, practices-every Comments OffSoftware License Compliance – A Modern Day Dr. Jekyll and Mr. Hyde
By: Cris Wendt The software licensing market is certainly maturing and evolving when it comes to the different ISV views on compliance and enforcement. In fact, there's almost a Dr
Posted in Software Piracy Tags: Agreement, compliance, Enterprise, market-segments, markets, meet-the-needs, philosophy, philosophy-may, segmentation, software licensing, software-piracy, software-within, the-philosophy, user Comments Off