By Joseph Titlebaum
Chief Legal and Privacy Officer
As a longtime corporate general counsel, I have long thought that the “golden rule” of compliance is a simple thought: “Say What You Do and Do What You Say.” It is practically a palindrome. And it was the failure to follow this simple maxim that lead to one promising tech start-up’s April 23 settlement with the FTC.
Some factual background: Nomi Technologies, an interesting New York-based tech start up (full disclosure: friends work there), provides a technology that allows brick-and-mortar retailers to track how customers travel through their stores by tracking a hashed version of the Media Access Control (MAC) identifier of customers’ mobile devices. Nomi does not track personally identifiable information relating to consumers, and only shares aggregated data with its retail store clients. The information provided is valuable to retailers – and consumers – as it enables retailers to better understand consumer behavior and create a retail environment more responsive to consumer needs.
However, no retail establishment that used Nomi technology told members of the public that they were being tracked by Nomi or the establishment, and no retail establishments provided any means to opt out of tracking by Nomi.
In its settlement, NOMI agreed to fix the problem and not do it again.