On May 25, 2018, the European Union will begin enforcement of the General Data Privacy Regulations (GDPR). The GDPR represents an expansive approach to protecting the privacy rights of European citizens, and has the potential impact businesses across the globe, not just in the European Union. The business community needs to understand the GDPR, who it affects, and how to comply with the law, lest they face costly punishment by the EU.
What is the GDPR?
The GDPR is an administrative regulation enacted by the European Parliament to protect the privacy of Europeans as it applies to data collection. The GDPR came about, according to the Commission Implementing Decision (EU) 2016/1250 (comparable to the legislative history that accompanies the US Code), because of the European Union’s belief in “the fundamental right to respect for private life with regard to the processing of personal data, [and] also a high level of protection of those fundamental rights and freedoms.”
As noted by CIO, the GDPR requires that personally identifiable information is collected and processed in a manner that is lawful, fair, and transparent. Relevant to the recent scandal involving Facebook and Cambridge Analytica, the EU permits the collection of EU citizen data only for explicit, legitimate purposes. The GDPR requires that data collection be narrowly tailored to the collecting party’s specific needs. It also codifies a requirement that businesses — the law carves out exceptions for data collection for non-commercial, law enforcement, and intelligence purposes — ensure that personally identifiable information only be kept as long as needed by the businesses that collect it. Related to this point, the EU expands on the notion of the “right to be forgotten” by requiring dataprocessors and collectors to take steps allowing for the deletion of an EU national’s data upon request. The GDPR codifies a requirement that data be processed and stored in a fashion that is secure, and requires processors and collectors to notify EU nationals within 72 hours if there is a data breach. The GDPR requires the appointment of Data Protection Officers responsible for the maintenance of records concerning how personally identifiable information related to EU nationals is collected, processed, secured and used, much like how Sarbanes-Oxley and other US regulations required public companies to develop ethics and compliance programs.
Why Does the GDPR matter to non-European Businesses?
While this seems innocuous, if not an admirable position to take by the EU, the underlying regulations have caused some consternation in the international community. Partly, this is due to the extreme applicability of the GDPR. The EU has expanded previous regulations (namely EU Directive 95/46/EC) the GDPR to apply to all companies worldwide that process or collect data relating to EU nationals. Thus, if a resident of Kewanee, Illinois (or Lima, Peru) has a craft business that collects personally identifiable information related to the mailing addresses of EU residents in order to ship goods to them, it is equally subject to the GDPR as British Airways or Novo Nordisk.
Being subject to the GDPR is no small matter. The second reason the GDPR is causing unrest in the business community is the aggressive penalties included in the regulation by the EU. Non-compliance with the GDPR can lead to penalties of up to 4% of a company’s global turnover or €20 million ($25 million at the time of writing), whichever is greater.
The business community responded to the Commission enacting the GDPR with concerns that the GDPR reached beyond the scope of the US-EU Privacy Shield regulations and imposing the will of the EU on other sovereign nationals. If the US Government permits enforcement of the EU regulations on US companies (a jurisdictional issue more for legal scholars), compliance with the GDPR will be costly, most of all to small to mid-sized companies that do not already have compliance programs commonly seen in Fortune 500 companies. According to international law firm Paul Hastings LLP, compliance costs for a business are estimated to be $1 million, just for technology improvements. Additional expenses would be incurred, such as those associated with retaining counsel to understand how to comply with the GDPR and hiring employees to maintain regulation compliance. Writing in the Harvard Business Review, Larry Downes noted that the GDPR appeared protectionist, as it was cheaper for businesses to comply if they used European data centers rather than ones outside the EU. Similar concerns have been raised in the Asian-Pacific market.
What should US businesses be doing in anticipation of the May enforcement deadline?
First, businesses should be aware that, regardless of the GDPR, there are already US regulations concerning the preservation of the privacy of customer personally identifiable information. The Federal Trade Commission already enforces numerous laws and regulations pertaining to data privacy and online marketing, including (but not limited to):
- The Children’s Online Privacy Protection Act (COPPA);
- The Federal Trade Commission Act (FTC Act);
- The Health Insurance Portability & Accountability Act (HIPAA);
- The American Recovery and Reinvestment Act of 2009;
- The Health Breach Notification Rule, 16 CFR §318 (2009);
- The Fair Credit Reporting Act: Disposal Rule, 16 CFR §682 (2005);
- The Fair Credit Reporting Act: Identity Theft Rule, 16 CFR §681 (2009); and,
- The Red Flags Rule, 12 CFR §41 (2007).
If US businesses do not already have data privacy compliance plans in place, they need to do so, not just to comply with the GDPR, but also with the US privacy regulations.
With the respect to the GDPR, to summarize the hundreds of pages of regulation here would be overwhelming, both to the writer and to readers. There are some core changes businesses can make to ensure compliance when the law is enacted in May 2018.
- Businesses should conduct an audit under the command and control of a CISSP-certified professional (or other properly trained and certified network security professional) to identify what personally identifiable information they are collecting;
- Businesses should consider how they process that personally identifiable information, for what purpose, and for how long do they keep it;
- Businesses should consider whether the way they process and store data would be considered reasonably secure by a professional (or by a jury), and, if not, what steps they should take to make their data secure;
- Businesses should consider the processes they have in place to address requests under the GDPR’s “right to be forgotten” requirements;
- Businesses should consider the processes they have in place to address data breaches, including whether they can notify EU consumers of breaches within 72 hours; and,
- Businesses should be considering whether their outsourced cloud storage providers (if they have any) are in compliance with the GDPR and FTC regulations.
Beginning May 25, 2018, the EU’s implementation of the GDPR will have the potential to affect businesses worldwide. Compliance with the GDPR represents a significant commitment of capital and labor for businesses, triggered if these businesses engage in practices that affect the data privacy of EU nationals. Businesses should anticipate the implementation of the GDPR by conducting security audits and developing plans to ensure compliance and avoid liability.
Recently, the Federal Trade Commission (FTC) enacted its first enforcement action against businesses using influencer marketing in ways that violate its regulations against deceptive business practices. (The first crackdown occurred in April 2017, when the FTC sent “reminder letters” to influencers and businesses.) Companies realize that, while influencer marketing is an incredibly effective method of small business marketing, it must comply with FTC and global trade regulations.
Wading through the Code of Federal Regulations governing influencer marketing can be challenging at best, and coma-inducing at worst. While this article should not be substituted for the advice of a retained attorney (seriously; get an attorney if you have questions about the law), it does provide some easy-to-understand tips and checklists for complying with FTC regulations in the hopes of making small businesses and other marketers aware that the issue of influencer compliance is not going away.
Everything begins with disclosure
The FTC is primarily focused on instances where a product or service is recommended and the online personality has a business relationship to the product or service. In the current enforcement action, involving two YouTube video gaming personalities, that relationship was a direct ownership interest in the product business, but it is likely that the FTC would see a relationship if the internet personality has a relationship anywhere in the food chain related to a product (i.e., with distributors, marketing consultants, manufacturers, or retailers). (See 16 CFR 255.5.)
When there is some material relationship between the internet personality and product in their content, there needs to be a disclosure of the relationship. For example, when I use an affiliate link to a product on Amazon, I need to disclose (as I do) on this site that I am a participant in the Amazon affiliate program and benefit from purchases associated with my site. Note, too, that the material relationship does not end with getting paid to display and endorse a product. If I recommend a product or take a picture of a product in exchange for a chance to win something for free, that is a material relationship that requires endorsement. No matter the benefit, it is safe to assume that if I benefit from putting a picture of a product on my blog, on Facebook, or on Instagram, I have a disclosure requirement.
How to make a proper disclosure
The FTC intended for the disclosure requirements to be straightforward (whether they succeeded at making the regulations easy to understand is another story entirely). The requirements are based on the following elements
– disclosures of all material relationships;
– disclosures that are unambiguous in both form and content;
– disclosures that are side by side with the influencer content
Disclosures of all material relationships
The FTC asserts that disclosure is required when there is a “material” relationship, and in this case, the use of the term “material” rather than “financial” is significant. Expanding the scope of relationships to any instance in which it is material means that the influencer content is subject to the regulation when there is a personal, familial, romantic, or other similarly meaningful relationship, regardless of whether the influencer gets paid in a traditional “quid pro quo” method.
Thus, if Jane Doe begins posting influencer content on Instagram about the hot new nightclub in her city, and that hot new nightclub happens to be owned by a partnership that includes John Doe, Jane’s brother, then there is a material relationship for which the regulations would be imposed.
Disclosures that are unambiguous in both form and content
The FTC, in its web pages regarding endorsement marketing/influencer marketing, repeatedly reminds influencers (and the marketers and businesses that work with influencers) that they should not rely on the native endorsement tools within an app to adequately indicate whether the content is paid advertising. Instead, it is the obligation of the influencers and the marketing firms directing the influencers to ensure that their disclosures are unambiguous and easy to see.
Disclosures that are side by side with the influencer content
The FTC addresses the question of whether endorser disclosures are adequate if buried in a linked page somewhere, stating:
Do you click every CLICK MORE link? We don’t either. When disclosing a brand relationship, the better approach is to hit ‘em right between the eyes. Furthermore, on image-only platforms, superimpose your disclosure over the picture in a clear font that contrasts sharply with the background.
FTC, Three FTC Actions of Interest to Influencers
Plainly put, the disclosure must be up front, superimposed on the image or video in a way that is legible and meaningful to the consumer.
Influencer marketing is a useful subset of digital marketing, a low-cost option for small businesses or businesses just getting started to get their products and services in front of potential customers. However, small businesses and the marketing firms that represent them need to make sure that, if they are using influencer marketing, their content complies with FTC regulations concerning endorsements.
When the Small Business Association (“the SBA”) considered what entrepreneurs needed to do to thrive in today’s world of massive, publicly-traded corporations, the SBA recommended that they spend seven to eight percent of their gross income on marketing. For many just starting out, this may not be much, but its money that needs to be spent well if the business is to grow. However, how do veteran businesses spend their marketing dollars wisely?
“Knowing how much you have to spend on marketing is critical; even more critical is how you spend it. This means having a plan. Your small business marketing budget should be a component of your marketing plan, outlining the costs of how you are going to achieve your marketing goals within a certain timeframe.”
– Caron Beesley, How to Set a Marketing Budget that Fits your Business Goals and Provides a High Return on Investment, SBA.gov (January 9, 2013).
As the SBA puts it, have a marketing plan, and have a way to track the return on investment received via that marketing plan.
One of the first steps in developing a marketing plan is determining what platforms suit both your brand and your products well. By platforms, I mean those avenues (often referred to as marketing channels) you want to pursue to promote your business. Marketing platforms can include:
– traditional marketing channels (such as print, radio, television, and billboards);
– owned digital marketing channels (such as websites and apps);
– social media marketing channels (such as Facebook, Instagram, Twitter, and others, as will be discussed below);
– earned media marketing channels (such as Yelp and Nextdoor); and,
– what I will call next wave digital marketing channels (such as Augmented Reality – AR – and Virtual Reality – VR).
Selecting the Right Marketing Platform
There is no one right platform for all products and brands. That needs to be said straight from the outset. However, there is a right way to determine what platforms should be used. When considering how to plan out what platform or platforms to use, a business should think about:
– their brand voice;
– the patterns of life of their target audience; and,
– their financial, technical, and time-based resources available for marketing.
What does this mean? It means that a business that is targeting millennial consumers needs to be using different platforms than a business targeting baby boomer consumers. For enterprises that do target millennial consumers, if their brand’s voice is savvy and sophisticated, they should be focused more on elegantly-composed images on Instagram than on developing an active Facebook group that shares amusing memes.
For small businesses, regardless of their audience and voice, they need to be realistic about those limitations – whether technical, financial or time-based – that will impact their marketing strategy. If business owners do not have the skills to shoot and edit high-quality video (even if with their smartphone), then they should consider whether their approach to marketing should be more focused on text, still photos, and candid live streaming.
Using a Daily Plan of Attack to Give Your Day Structure
When I was in the Army, we were taught a five-paragraph order method to inform troops of what they needed to know to get through a mission. Then, like most grunts proudly clutching their honorable discharges like a dog with a toy, I promptly forgot all about this model. Lately, though, as I have been thinking about productivity as part of work I have been doing with the Creative Alliance of Tacoma, I came across my old notes for the five-paragraph order. I realized that the five-paragraph order represented a great way to frame my day for getting things done.
This post will look at the value of how we frame our approach to the day, then break down what we need to address as part of a daily plan of attack, and finish with an example and a template that you can use to develop your own daily plan of attack based on the five-paragraph order.
What is the Five-Paragraph Order?
When military leaders examined how information was presented to soldiers, they often noted how a lack of structure led to soldiers failing to receive the necessary information about locations, equipment, or other such important factors. The five-paragraph order was designed as a way to ensure that commanders in the field would relay information in such a way that they would not neglect to cover these details. The five-paragraph order covers the following factors about a mission:
- administrative matters/logistics
On the face of things, these five terms don’t mean much to those not actively deployed in a combat zone. When placed into the context of a day in the life of a professional, the five-paragraph order still gives the necessary structure to make sure you don’t fail to reach your goals: i.e., your new mission. Using the five-paragraph model as an entry into your daily note-taking system, whether it be a bullet journal, Day One, or Evernote, and then having the journal entry out throughout your workday, ensures that you stay on target despite the many distractions that exist.
In combat, the situation refers to how a unit is being affected by the actions of enemy forces, by adjacent friendly forces, and by the geographic terrain. These are things that a unit has (generally) little control over.
For professionals, entrepreneurs, and the like, often, our appointments are somewhat beyond our control. They are obligations created by the terrain of business: commitments mandated by bosses, clients, networking groups, and the like that we cannot skip out on just because we don’t want to deal with them. They are our dental cleanings and our need to make sure we schedule a time to get groceries or go to the gym. Appointments are unmovable terrain features that break up our days.
In combat, the mission section of the five-paragraph order focused on the “who, what, when, where, and why” of a tactical plan. This was the part of the five-paragraph order where a leader was expected to brief their troops on what they needed to do in broad strokes, and why it was important to their cause. Thus, for Operation Neptune Spear, the mission for JSOC was to travel on May 1, 2015, to Abbottabad, Pakistan, breach bin Laden’s compound and kill or capture him.
Our day to day work missions are a little less significant than that.
When we think about what our everyday missions are, we are talking about our goals. Our goals – which should follow the SMART model of goal-planning – are our “who, what, when, where, and why” of what we want to accomplish.
For someone who is setting up a retail business, that SMART goal may be to publish 20 Instagram posts that depict their products no later than by the end of the month. For a freelance writer like me, the goal may be to present a document to a client no later than their due date.
No, this is not the “gallows pole” sort of execution about which Robert Plant sang. Execution is the step-by-step methodology of how a unit will engage the enemy to push toward the mission objective. In our every day, non-combat lives, our execution is the steps we will take to advance our progress toward completion of our goals. In this section of your daily plan of attack, you should be going through whatever task manager you use, whether it be on paper, in OmniFocus, Todoist, or Things 3, and identifying the priority tasks that you can accomplish today. You should then take those tasks and then enter them into your daily plan of attack so that they are at the top of mind.
When we think about logistics, we are thinking about what we need to overcome challenges to accomplishing our mission. To know this, we need to know how things could go wrong. As someone put it, no plan survives enemy contact. However, if our planning includes preparing for enemy contact, we can at least adapt and steer back towards the accomplishment of the mission. Consider what are the enemies to you accomplishing work.
The most apparent enemy is that you may find yourself lacking the energy or the concentration needed for particular tasks. There are some days when I am too spent to handle specific tasks. For example, after spending a few hours at the VA, I generally find that I am not in the right mindset to write for my website. However, I still have all that time. I can use that time productively if I know that my fatigue levels and distraction levels are at the point where only low-level tasks are likely to be accomplished. Thus, in the logistics section of my daily plan of attack, I rate my fatigue and distraction on a scale of one to ten. If I see that I am distractible, I am not going to try and write copy for my clients. I am going to focus on those administrative tasks I know I can accomplish so that, when I do have the right level of focus, I can produce a quality product for my clients.
“Command” is about putting it all together. It’s a timeline of what we have to deal with and when we plan on doing it. Command is about visualizing how you accomplish your daily plan of attack. This isn’t some new age approach to your work. This is running a mock battle drill, planning out your maneuvers on a sand table, or practicing CQB in your glass house.
For me, the best way to plan out my attack is to create a timeline of what I expect to devote to any particular task, and then I wall off intrusions from other things (phone calls, impromptu meetings and the like). I leave dedicated blocks of time to deal with emails and phone calls later so that I have the freedom to focus on what I am working on now.
Putting it all together
The easiest way to see how applying the five-paragraph order to productivity works is to see an example of it. The veteran five paragraph order should look like this:
- Priority Tasks
- Fatigue (1–10)
- Distractibility (1–10)
- Other Factors
Here’s an example from my life:
- 0800 – Biz to Biz Meeting
- 1000 – Initial Consultation with Client Lead
- 1900 – Team Rubicon Meeting
- Priority Tasks
- Set up Analytics assessment for client
- review notes for branding presentation
- clean bathroom (hey, it’s gotta get done)
- 0700 – Prep for B2B meeting
- 0730 – Travel to Mtg
- 0900 – travel to Client Lead’s office
- 1000 – mtg w Client Lead
- 1100–1200 – travel home (I work from a home office)
- 1200–1300 – lunch, rest, recharge
- 1300 – 1500 – work on blog post
- 1500 – 1600 – review email; respond to social media contacts
- 1600–1700 – draft social media marketing posts related to client fundraiser
- 1700–1830 – dinner, rest, recharge
- 1900–2030 – Team Rubicon Meeting
- 2100–2330 – Free Time
Planning things out with this level of detail – even going so far as to block off time in my calendar, so others see that I am busy – frees me to accomplish the goals I’ve set for my business and my volunteer work. Rigid structure, ironically, frees me from having to figure out what I need to do.
I recently wrote about retired US Army Lieutenant Colonel David Grossman, who coined the term “sheepdog” to refer to those who, by virtue of their profession or their values, had a capacity for violence and a willingness to stand up for the innocent against those who have a capacity for violence but lack empathy for their fellow humans. The same day that I wrote about Grossman, a white supremacist plowed his car into a group of protesters, killing one and injuring 19. After the attack of this white supremacist, I thought about taking down my post, worried that it would be misinterpreted as heartless or worse. Instead, I decided to talk about something Grossman does not talk about in his book On Combat at length, which is the duty of “sheepdogs” to be ready to save others, not just through the use of violence, but also through the use of lifesaving skills and equipment.
In 2011, in another act of violence, the shooting of Congresswoman Gabrielle Giffords, sheriff’s deputies saved her life through the use of a low-cost first aid kit based on a piece of equipment well-known to veterans of the US Armed Forces: the IFAK. The IFAK – or Individual First Aid Kit – was issued to service members like me throughout the Wars in Iraq and Afghanistan, and serves as a response to the leading causes of combat fatalities in those two engagements. Inside this softball-sized nylon pouch, soldiers kept a small collection of first aid items. In the IFAK, one can find:
- a nylon pouch ($11.99)
- a tourniquet ($9.59)
- a roll of medical tape ($3.49)
- disposable gloves (100/$10.99)
- a nasopharyngeal airway tube (used when injury limits someone’s ability to breathe) ($5.30)
- an Israeli Bandage ($7.97), and/or
- a Quick Clotting or Hemostatic Bandage ($12.16).
The total cost of the IFAK pouch and its contents (even with having to purchase the gloves in bulk)?
Now, this amount could change as one customizes it, adding and removing useful items based on one’s training, comfort level, and personal preference, but basically speaking, I am talking about having a pouch full of equipment that can save a human life for less than $100.00.
The American Red Cross offers basic first aid training, including CPR use and AED use over the course of a six-hour training block at a rate of approximately $110.00. Depending on the nature of this training, it would not take more than two hours additional time to add in training on the proper use of a tourniquet, nasopharyngeal airway tube, Israeli bandage, and hemostatic bandage.
This means that, for roughly $175.00, any American could be trained on and provided with the contents of an IFAK, and be able to prevent some of the most common forms of death:
- obstructed airways,
- external bleeding, and,
- cardiac arrest.
Typically, after violent incidents, such as the one in Charlottesville or the shooting of Giffords, there is a great deal of discussion about whether we have a duty to ban weapons that cause grievous injury. The debate is polarizing, unsettled, and seems to accomplish little. Never is there debate over the affirmative duty to learn how to help heal others after these incidents. Ironically, this training applies to far more than increasingly rare violent crimes, as it covers accidental death and death due to illness.
At the same time, right now there is a trend for people to carry what is known as EDC or Everyday Carry items, typically involving a well-designed pocket knife, a flashlight, and one or two other items, sometimes a multitool, sometimes a firearm (in the case of concealed carry permit holders), and sometimes other gadgets. The EDC trend seems to be an offshoot of the Sheepdog movement that has grown since 9/11 and LTC Grossman’s essay.
I have never seen people choosing to carry first aid gear on the popular websites and forums concerning Everyday Carry. And yet, for such a low individual cost – less than $200 – an individual could be trained in the steps required to save lives from some of the most common causes in fatalities. This is a decidedly unpolitical failing on the part of people on all sides of the debates concerning gun control, violence, and policing. There is no reason a person, heartily in favor of expressing their Second Amendment rights, should not be capable of and ready to save a life, whether it be due to a violent act or due to accidental injury. There is no reason a person heartily in favor of banning all firearms should not be equally as trained and equipped to save a life.
In the case of people that are EDC aficionados, it seems like such a such a basic thing, adding just this small component of knowledge and equipment to their list of what they carry everyday. For those that adopt the mentality of being a “sheepdog,” it seems almost like a moral failing, to be ready to defend others with violence but not to be ready to save others.
 Often, in the military, the IFAK would also contain equipment to treat tension pneumothorax, AKA a collapsed lung.
 The prices listed are examples; I can provide specific links if requested, but did not want to cheapen my argument with affiliate links.
So what do heinous organizations, like the Children of God, an organization that we all have immense pride in, the US Army, and a corporate giant have in common? And why does it matter? Is it possible that there is something that corporations, small businesses, and teams all over the world can learn from them? I think there is, and here it is: it is their need for deliberate programming–and not the type that you might be thinking.
Strong leaders, strong teams, and strong organizations are built deliberately and over a lifetime, and this is done with a strong focus on how they program their people, their teams and their leadership. Mini-cult building, if you will. It doesn’t happen by accident, but with intense focus and purpose.
Over at Task Force Art, former US Army CPT Daniella Young is starting a series on leadership and team-building with some interesting assessments of the cult known as The Children of God, the military, and corporations. Check it out, even if just for the gripping writing.
About the new focus of TWW on information for veterans interested in starting their own business.
I started this site in 2017 after starting my career as a freelance writer. While I got started on this career, I made a lot of mistakes.
New ventures rapidly assemble minimum viable products and immediately elicit customer feedback. Then, using customers’ input to revise their assumptions, they start the cycle over again, testing redesigned offerings and making further small adjustments (iterations) or more substantive ones (pivots) to ideas that aren’t working.
Steve Blank, Why the Lean Start-Up Changes Everything, Harvard Business Review (May 2013).
When I left the military, I went through a process known as the Army Career and Alumni Program (ACAP). Along with teaching soldiers – some of whom have never worked in the private sector – before how to put together resumes and prepare for interviews, the ACAP program had a short talk about how soldiers could instead become self-employed as entrepreneurs. During the presentation delivered by a government employee, the soldiers were given instructions about putting together business plans, using their homes as collateral for loans to start businesses in a way that was old-fashioned back in the years of the first Dot Com boom (I left the military in late 2013, long after Eric Reis and Steve Blank began developing the lean start-up model). No mention was made of venture capital. No discussion occurred regarding agile entrepreneurialism.
Since my ACAP class, I’ve learned a lot about the changing nature of business that I wish I had in front of me back in 2013 when I decided to hang up the uniform. I began to use the skills I developed in the military with digital forensics as a stepping stone to a career in marketing and copywriting. I learned from non-profits and networking groups how to better approach landing clients, manage my business, and refine my products and services.
Looking at other websites out there geared toward veterans, I saw a gap. While sites like Task & Purpose covered foreign affairs and politics well, and Duffel Blog covered… um… entertainment, there was no blog that provided business, culture, and tech news to veterans interested in starting their own companies in the same vein as Wired or Fast Company.
It should be noted that, while the issues faced by veterans may be unique (combat PTSD, TBI, and other chronic ailments, for example, are not as common outside the military as within), the information is intended to be of interest to anyone in business. I appreciate you taking the time to check out the site. Look forward to new content soon!
In 2018, I decided to relaunch my blog. I will be migrating and revamping old blog posts to the site as soon as possible.
When I work with small to mid-sized businesses, I typically begin with helping them claim their businesses on various platforms. (Which platforms? That would be industry-specific, particularly depending on whether these businesses are B2B or B2C enterprises. In general, though, I am talking about Facebook, Instagram, Twitter, Google and Google Local, LinkedIn, and Yelp although niche platforms may apply.) For B2C (business-to-consumer) enterprises, this usually means they will claim their business on Yelp. A short time later, they often receive an email or call from a Yelp sales representative pitching advertising packages on Yelp. Often, my clients will then ask whether advertising on Yelp is worth it. This article addresses that commonly asked question about advertising on Yelp based its relative cost and what litigation concerning advertising on Yelp tells us about its service. The bottom line up front is that I do not recommend that small to mid-sized businesses advertise on Yelp, but I do recommend they claim their business on the service, and have a policy in place for spotting and responding to negative reviews there.
The Problem of Transparency in Cost and Performance On Yelp
Yelp does not publish its rates on its website for advertising, and is not very informative about how it determines its rates. A December 19, 2017 call to Yelp’s advertising department revealed that most customers pay $300.00 to $400.00 per month for advertising based on a pay-per-click model that Yelp described as similar to the one used by Google Adwords. When asked if the cost-per-click rates were available for review, Yelp advised that this was internal information and could not be provided to potential customers. In contrast, Google Adwords provides transparency to customers regarding the cost-per-click rate (CPC) for any given keyword.
In plain English, with Google Adwords, businesses know what they can expect to pay and what they could get in return (based on past performance) before they invest in Google search engine marketing. With Yelp, advertising is hidden in a black box of an internal pricing structure. This criticism of Yelp is nothing new. Others have reported Yelp being unwilling to fully inform current or potential customers as to how their pricing model works (see, e.g., The Yelp Advertising Exposé, Yelp’s Cost Per Click Program – My Experience, and Advertising On Yelp: What You Should Consider.
Transparency (PDF) has become a key component in reforming corporate ethics after the scandals leading to Sarbanes-Oxley, and generally speaking, it is likely that transparency will become problematic for the search industry, which seems hellbent to preserve the secrecy of the algorithms governing search ranking (as an aside, could one imagine libraries doing the same thing?). Yelp’s lack of transparency may make one believe that the business is engaged in nefarious conduct. In fact, this has led to repeated litigation involving Yelp’s business practices, as detailed below.
Litigation involving Yelp
In 2014, Yelp shareholders engaged in a class action securities lawsuit before the District Court for the Northern District of California against the company for its conduct surrounding known fake reviews on its site. In 2015, the Northern District dismissed the suit. See Curry v. Yelp, Inc., Case No. 14-cv–03547-JST (2015). However, as noted by Forbes, this dismissal may be due more to the legal strategy of using securities law to target Yelp’s practices than it is due to the validity of Yelp’s conduct.
Also in 2014, the Federal Trade Commission engaged in an enforcement action against Yelp for violating the Children’s Online Privacy Protection Act. Yelp settled with the Federal Government, paying $540,000 in civil penalties.
In 2016, Yelp appealed a California decision in which it was ordered to remove defamatory content from its website. Yelp asserted in its appeal to the Supreme Court of the State of California that forcing Yelp to remove defamatory content violated its First Amendment rights and that the lower courts’ decisions violated the Communications Decency Act. See Hassell v. Bird, 247 Cal.App.4th 1336 (2016); Communications Decency Act of 1996, 47 USC 230 (the California Supreme Court has not yet issued its ruling). While, as a writer, I am generally in favor of expansive First Amendment rights, my experience as a lawyer has been that defamation has never been protected speech.
Best Practices for Dealing with Yelp
Given the repeated allegations of misconduct against Yelp, some of which has been substantiated, and some which has been dismissed, along with Yelp’s lack of transparency regarding its paid advertising, I believe it unwise to pay for advertising on the site. As reported by Hubspot, only 26% of consumers use branded apps – such as Yelp – to search for local businesses. As mobile devices are becoming the dominant tools for local search, small to mid-sized businesses are better served by focusing on the 74% of consumers that use search engines and Facebook to search for local businesses. In short, they are better served by focusing on the lower cost Google Adwords and social media marketing.
Should small to mid-sized businesses ignore Yelp, then? In a word: no. The site still appears in Google searches, and it represents a valuable way to get logistical data – addresses, hours of operation, telephone numbers, and websites – in front of potential customers. Additionally, businesses simply cannot ignore the potential for unanswered negative reviews on platforms like Yelp. Instead, businesses should have policies to ensure (1) their information on Yelp and other platforms is correct, and (2) that they respond professionally to negative consumer feedback on those platforms.