In this world of Facebook, Twitter, Pinterest, Youtube, and the myriad of other social media outlets, it doesn’t seem that much care is paid to what gets posted on the internet. On the other hand there has recently been a huge uproar about the National Security Agency (NSA) of the Federal Government reviewing email addresses. As a business entity, what you say on the internet definitely does matter.
Food and Drug Administration
For medical device manufacturers, the Food and Drug Administration (FDA) is the key regulatory agency and defines the parameters within which the manufacturer can promote the use of the product. This holds true for all forms of media used to convey information about the device, whether specifically on the label or package insert, owner’s manual, instructions for use, advertising claims, or even when blogging about it or posting on social media. In fact, the FDA has specific guidelines as to how to respond to unsolicited and solicited requests for information for “off-label” use of products which addresses this very thing. The caution here is to make sure that anything that is said about a product complies with FDA approvals for use, no matter what the medium, even blogging.
Federal Trade Commission
In addition to its other roles, the Federal Trade Commission (FTC) is most notably responsible for assuring “truth in advertising”. Its primary function is to patrol and control; to patrol the various modes of communication such as print and broadcast media, and now emails and social media to control or prevent fraud and deceptive practices. So the thing for businesses to keep in mind is to be sure, when blogging, not to overstate the capabilities of the product. When describing the function of your product, you may want to avoid the use of definitive terms like “always”, or “never”. You may be better off to choose terms that provide a little wiggle room, like “usually” and “rarely”. Similarly, you might choose to say “can be expected to” instead of “will”.
These are just examples. You get the idea, right?
Privacy Policies
In the healthcare arena, the whole concern with privacy of personal information culminated in the Health Insurance Portability and Accountability Act (HIPAA). This came on the heels of the unscrupulous practice of selling private personal information to marketing firms, that would then inundate unsuspecting people with mailings and unsolicited phone calls. The latter led to the “Do not call” legislation.
Understandably, the reason your company posts blogs is to drive inquiries to your website. Once there, you can offer a downloadable resource and capture their email address, and other information, so you can then send them other information that you hope they may have an interest in. This is using inbound marketing to create an outbound opportunity. That is reasonably expected when getting something for free. What should not be expected is to have that private personal information sold off to some unrelated third party, or be posted on the internet. So when asking for private information from a person to download a resource of some sort, such as a Whitepaper or an eBook, it is only right and proper to tell that person what you will and will not do with the information they provide. Just as important as telling them what you will do with it is to tell them what you won’t do with it; like selling it to third party exploiters.
Suffice it to say, if you are going to ask visitors to your site for personal information, like an email address, have a privacy policy statement that they can look at and agree to or not.
Here are some links that might provide additional direction:
http://www.freeprivacypolicy.com/
http://www.ftc.gov/reports/privacy2000/privacy2000.pdf http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM285145.pdf
