Incredimail 2011 Annual Report Download - page 32

Download and view the complete annual report

Please find page 32 of the 2011 Incredimail annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 233

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233

In addition, some state laws govern internet activity generally. For example, the California Online Privacy Protection Act which applies to any Internet
website which can be accessed by California residents and regulates information collected about users.
The Massachusetts Office of Consumer Affairs and Business
Regulation established data security regulations (201 CMR 17.00 et seq.) which became effective on March 1, 2010. They require any company which possesses the
personal information of a Massachusetts resident to adopt and implement a comprehensive written information security program. The program must include technical,
physical, and administrative safeguards for the protection of personal information owned, licensed, received, stored, maintained, processed, or otherwise accessed by
the company. State legislation could require us to modify our business practices and could potentially subject us to liability.
United Kingdom and European Union
The U.K. Data Protection Act and similar European Member State implementations of the European Union Data Protection Directive establish a core
framework of rights and duties which are designed to safeguard personal data processed within the EU. There are other ancillary and related laws and regulations
across the EU which combine to create an extensive regulatory regime. The core data privacy framework is underpinned by a set of eight straightforward principles
which we must apply to safeguard personal data. Any failure to ensure that personal information is processed in accordance with these principles could result in
criminal or civil penalties as well as potentially damage our customers. EU data protection legislation further prohibits the transfer of personal data to non-
EEA
countries that do not meet the European “adequacy
standard for privacy protection. The European Union privacy legislation requires, among other things, the creation
of government data protection agencies, registration of processing with those agencies, and in some instances prior approval before personal data processing may
begin. Such legislation and the associated compliance practices implemented under such legislation may impose significant additional costs or restrictions on our
business or subject us to additional liabilities.
On November 25, 2009, EU Directive 2009/136/EC was enacted, which amended certain p
rior directives affecting online service providers respecting the
processing of personal data and the protection of privacy in the electronic communications sector. As mentioned above, this amendment tightened the restrictions
around the use of cookies with EU consumers and this amended "ePrivacy Directive" now requires that:
"
the storing of information or the gaining of access to information already stored in the terminal equipment of a subscriber or user is only allowed on
condition that the subscriber or user concerned has given his or her consent."
Some local legislation is now implemented by Member States but others, missing the prescribed deadline for such implementation of May 2011, have not
resolved and published their approach to the required changes to legislation. Much about how this new directive may affect our operations in the European Union
remains unknown until member states pass their own implementing legislation. Valuable associated regulatory guidance on best practice in those Member States that
have implemented the rules is only slowly being issued leaving additional uncertainty around the changes which may be required of our business. As others in the
online market, we are observing the changes in online practice made by our peers and recognize a likely need to amend our practices.
Notably, and as mentioned above, Article 66 of the ePrivacy Directive requires both transparency about cookie use and that a provider obtain a user’
s consent
before a cookie is placed on the user’s computer. While a user’
s choice in browser settings to allow cookies has been deemed to suffice in several European
jurisdictions these technologies have not yet emerged and as a consequence it is likely that some form of affirmative step is to be necessary to enable a user to opt in
before or at the time the cookie is placed. As clarity around these new rules and associated guidance emerges we might be required to incur costs to ensure compliance
and consider solutions or limitation of access to our services, and we might become subject to additional liability. Inevitably the solution required may also have a
negative impact on consumer adoption and the types of services and revenue we can drive from cookie use and the information such use can derive.
29