Ticketmaster violates privacy laws

Back in April, the Privacy Commissioner released a summary of the Ticketmaster case. At issue was Ticketmaster’s practice of disclosing personal information of customers to third parties for marketing purposes. The problem was that there were no opt-out provision provided if customers did not want their personal information used for this purpose. If you tried to purchase tickets online, you couldn’t complete the purchase without agreeing to all aspects of the privacy policy. Essentially, for online purchases, it was a precondition of service that you agree to have your personal information disclosed for marketing.

Another issue was how Ticketmaster communicated the privacy policy over the internet and the telephone. Telephone customers ordering tickets over the phone were advised that there was a privacy policy in place, but had no way of actually reading the policy before a purchase was made unless they had access to the internet. Online customers, on the other hand, could read the policy in its entirety.

Learn from Ticketmaster’s mistakes and make sure your privacy policy addresses these points:

• consent to a privacy policy needs to be obtained before payment is made
• the policy must be easily accessible for customers to review- you don’t have informed consent if customers don’t know what the policy says
• the communication of your privacy policy must be consistent, whether you’re serving customers online, over the phone, or in person.