Best Practices: Email Deliverability and Privacy Flashcards by Naomi Pierce

According to the 2014 Email Deliverability 101 report, how many opt-in marketing emails never make it to the in-box?

Over 20%.

How well did you know this?

Not at all

Perfectly

Where do emails that don’t make it to in-boxes end up?

In spam or junk folders, or are blocked by ISP-level filtering before even making it to the email address.

How well did you know this?

Not at all

Perfectly

What region had the highest rate of commercial emails delivered to the in-box?

Europe.

How well did you know this?

Not at all

Perfectly

Define email deliverability.

The process of putting your email marketing messages into the in-box of recipients.

How well did you know this?

Not at all

Perfectly

One of the key factors to successful email deliverability is creating email campaigns that are __________

relevant to your audience.

How well did you know this?

Not at all

Perfectly

Your ability to reach prospects’ in-box is tied to ___

deliverability and privacy.

How well did you know this?

Not at all

Perfectly

You are responsible for developing a comprehensive ___

How well did you know this?

Not at all

Perfectly

You need to reduce the likelihood of _____, unsubscribes, bounces, and spam traps.

complaints

How well did you know this?

Not at all

Perfectly

You need to reduce the likelihood of complaints, ____, bounces, and spam traps.

unsubscribes

How well did you know this?

Not at all

Perfectly

You need to reduce the likelihood of complaints, unsubscribes, ___, and spam traps.

bounces

How well did you know this?

Not at all

Perfectly

You need to reduce the likelihood of complaints, unsubscribes, bounces, and ____.

spam traps.

How well did you know this?

Not at all

Perfectly

Your reputation as an _____ impacts your potential reach as a marketer.

email sender

How well did you know this?

Not at all

Perfectly

To understand your email service provider’s capabilities, you should (1) _________; (2) get proper counsel; (3) attain third-party certification as a trusted sender.

know privacy laws where you do business

How well did you know this?

Not at all

Perfectly

To understand your email service provider’s capabilities, you should (1) know privacy laws where you do business; (2) _____; (3) attain third-party certification as a trusted sender.

get proper counsel

How well did you know this?

Not at all

Perfectly

To understand your email service provider’s capabilities, you should (1) know privacy laws where you do business; (2) get proper counsel; (3) ______.

attain third-party certification as a trusted sender.

How well did you know this?

Not at all

Perfectly

Best practices for successful email deliverability: (1) ______, (2) Manage your email list, (3) Optimize your content.

Manage your reputation

How well did you know this?

Not at all

Perfectly

Best practices for successful email deliverability: (1) Manage your reputation, (2) _____, (3) Optimize your content.

Manage your email list

How well did you know this?

Not at all

Perfectly

Best practices for successful email deliverability: (1) Manage your reputation, (2) Manage your email list, (3) ______.

Optimize your content

How well did you know this?

Not at all

Perfectly

____ is based on your behavior as an email sender.

Sender reputation

How well did you know this?

Not at all

Perfectly

To manage your sender reputation, you need to know your __

Sender score

How well did you know this?

Not at all

Perfectly

Spam filtering has made a shift from _______ to a reputation based system.

content scoring

How well did you know this?

Not at all

Perfectly

To manage your email reputation, you need to control ______.

spam complaints.

How well did you know this?

Not at all

Perfectly

To keep spam complaints down and comply with regulations, you should ______

obtain recipient permissions.

How well did you know this?

Not at all

Perfectly

To see the data underlying your email sender score, you can _____

How well did you know this?

Not at all

Perfectly

Sender scores use the following data: (1) _____, (2) complaint rates (3) unknown user rates (4) infrastructure (5) spam trap hits (6) content

send volume

Sender scores use the following data: (1) send volume, (2) _____ (3) unknown user rates (4) infrastructure (5) spam trap hits (6) content

complaint rates

Sender scores use the following data: (1) send volume, (2) complaint rates (3) ____ (4) infrastructure (5) spam trap hits (6) content

unknown user rates

Sender scores use the following data: (1) send volume, (2) complaint rates (3) unknown user rates (4) ___ (5) spam trap hits (6) content

infrastructure

Sender scores use the following data: (1) send volume, (2) complaint rates (3) unknown user rates (4) infrastructure (5) ___ (6) content

spam trap hits

Sender scores use the following data: (1) send volume, (2) complaint rates (3) unknown user rates (4) infrastructure (5) spam trap hits (6) _____

content

Sender scores are based on a scale of

0 to 100

If you would like to see your Sender Score, you must first know if...

you are using a Dedicated IP or a Shared IP

If you are on the Shared IP range, can one company's bad behavior affect another company's sender score?

Yes.

Besides senderscore.org, where can you find more statistical information on sender scores?

Eloqua Trust page.

What did a Return Path study learn about messages sent by senders with a sender score lower than 50?

Over 85% of them were classified as spam.

For webmail providers, a sender score of 90+ equals what average inbox rate?

84%

What is the #1 global deliverability organization?

ReturnPath

If your sender score is in the highest benchmark range of 90-100, what will your average deliverability rate be?

95%

Where do most legitimate businesses fall in terms of sender score, and what does this mean for their average deliverability rate?

Most fall in the range between 60 and 89, and end up with an average deliverabiity rate of 68%.

Sender Scores are based on what three key components?

Complaints, unknown users, and spam traps.

What is the "unknown users" component of sender score?

The percentage of emails sent from an IP address to nonexistent addresses - aka hard bouncebacks.

______ are dummy email addresses developed by ISP's or anti-spam organizations to catch illegitimate emails.

Spam traps

If your email is caught in a Spam Trap, ISPs send out a _____ message.

5XX Unknown User SMTP error message

One Spam Trap can decrease your Sender Score and inbox placement rates by how much?

Your Sender Score can decrease by more than 20 points and your inbox placement rates can go to 81% and lower.

Spam Traps can cause your ____ to become blacklisted.

Mailing IP's and/or domains

Membership in the ____ may be suspended for exceeding acceptable Span Trap thresholds.

Return Path Certification Program.

Because identifying Spam Traps can be time consuming, you should narrow in on ...

suspicious segments.

For the most part, _____ are the primary source of Spam Trap addresses.

rented or purchased lists.

You can manage Spam Traps by using an _____ filter to...

using an inactivity-based filter to filter out inactive contacts from your list.

A ______ can check your lists against known spam trap addresses.

third-party service

If you need more help with spam traps, consider using a...

Delivery Program Assistance incident.

A Delivery Program Assistance incident is available as part of Eloqua's...

Branding and Delivery Boost package.

To control complaints, (1) monitor complaint trends and (2)

Avoid getting on blacklists.

To control complaints, (1) ___ and (2) Avoid getting on blacklists.

monitor complaint trends

As a best practice, keep a close eye on your complaints. When should you benchmark?

Every few months and/or when you email in large batches.

A _____ is a list of IP addresses, URLs, or domain names that are to be avoided.

blacklist

Blacklists are chiefly used to publish...

lists of addresses linked to spamming.

tip 1 to remove yourself from a blacklist: (1) visit the link to the ______ that is included in the notification

blocking service

tip 2 to remove yourself from a blacklist: (2) If the link to the blocking service is not provided, search your ___

Bounceback History report

tip 3 to remove yourself from a blacklist: contact the _____ to discuss and identify the issue

ESP/ISP Postmaster

How can you find out if you're on a blacklist?

Use an online tool

If you've been blocked via blacklist, you will typically...

receive a notification.

___ is an email validation system, allowing admins to specify which hosts are allowed to send email from a given domain.

Sender Policy Framework (SPF)

What does SPF stand for?

Sender Policy Framework

SPF creates a specific ______ in your DNS settings.

SPF or TXT record

When Eloqua is first installed, part of the implementation process involves setting your ____ to validate email spoofing.

SPF record details within the DNS settings on all sending domains.

A _____ is a list of approved IP addresses and senders.

whitelist

To get your IP address on a whitelist, you need to establish a track record as a ___

permission-based email marketer.

_____ provides the certification to whitelist your IP address.

Return Path

Does manually moving messages into the junk folder impact the complaint rate?

Not on a desktop client like Outlook, but it will on web clients like Gmail.

The rate of email complaints _____ as the sender score rises.

falls dramatically

To gain recipient permission, send emails only when ____

explicitly requested.

To gain recipient permission, _____ neutral contacts.

target neutral contacts in an attempt to get them to opt-in.

To gain recipient permission, ____ inactive contacts.

re-engage

To gain recipient permission, _______ active opt-in contacts

strengthen your relationship with active opt-in contacts.

To gain recipient permission, respect...

subscriber preferences about content and timing.

When someone submits an email address in a web form, then submits that address again on a second page, it is referred to as...

double opt-in.

When someone fills out a web form, then affirms their request again to be on your mailing list, it is referred to as...

confirmed opt-in.

Spammers use the term _______ to refer to a situation where the subscriber was opted in without their consent, then "opted in" a second time by failing to unsubscribe.

double opt-in

As a best practice, use the __ to increase the number of valid emails in your database.

Confirmed Opt-In

Is Confirmed Opt-In widely used? Why or why not?

It is used by very few clients because of its impact on the subscription rates.

To manage your email list, (1) ____, (2) perform IP warming, (3) process bouncebacks, (4) filter to find active contacts.

validate list sources.

To manage your email list, (1) validate list sources, (2) perform IP warming, (3) _____, (4) filter to find active contacts.

process bouncebacks

To manage your email list, (1) validate list sources, (2) perform IP warming, (3) process bouncebacks, (4) ___

filter to find active contacts.

To manage your email list, (1) validate list sources, (2) _____, (3) process bouncebacks, (4) filter to find active contacts.

perform IP warming

True or false: Best practice says do not buy or rent lists.

True.

If you buy lists, understand (1) _____ (2) age and last usage date (3) how they monitor and remove complainers (4) how they verify and maintain opt-in statuses

source of data

If you buy lists, understand (1) source of data (2) ________ (3) how they monitor and remove complainers (4) how they verify and maintain opt-in statuses

age and last usage date

If you buy lists, understand (1) source of data (2) age and last usage date (3) ______ (4) how they verify and maintain opt-in statuses

how they monitor and remove complainers

If you buy lists, understand (1) source of data (2) age and last usage date (3) how they monitor and remove complainers (4) ____

how they verify and maintain opt-in statuses

Use Case - Eloqua's marketing IP had been blocked on ____

SpamHaus

Eloqua had to remove a purchased list from its database in its entirety, which meant...

they lost addresses they had paid for.

Out of the SpamHaus incident, Eloqua's ___ document was born.

Outside List Acquisition Best Practices document

To perform IP warming, (1) send emails to all addresses in a phased manner and then remove hard bounces; (2) ______; (3) use recent contact info only; (4) use HTML with simple design; (4) review reports after each send.

confirm the list does not contain previously unsubscribed addresses

To perform IP warming, (1) ______ (2) confirm the list does not contain previously unsubscribed addresses; (3) use recent contact info only; (4) use HTML with simple design; (4) review reports after each send.

send emails to all addresses in a phased manner and then remove hard bounces;

To perform IP warming, (1) send emails to all addresses in a phased manner and then remove hard bounces; (2) confirm the list does not contain previously unsubscribed addresses; (3) use recent contact info only; (4) ______; (5) review reports after each send.

use HTML with simple design

review reports after each send

To perform IP warming, (1) send emails to all addresses in a phased manner and then remove hard bounces; (2) confirm the list does not contain previously unsubscribed addresses; (3) _____; (4) use HTML with simple design; (4) review reports after each send.

use recent contact info only

__ is the process of slowly introducing your new sender IP address by gradually increasing the volume of emails sent from that IP over a period of time.

IP warning

Many companies skip the IP warming process. Why?

Because it may slow their sending for the first month.

In IP warming, the first step uses content that is...

not time sensitive.

3 good campaign types to use for IP warming are:

(1) a data harvest campaign, (2) a campaign to update subscription options, or (3) a simple newsletter campaign

Step 2 in IP warming is to build a list of contacts that...

have explicitly opted-in.

In the first week of IP warming, send the email to...

1% of your total list each day.

In the second week of IP warming, send the email to..

3% of the list each day

In the third week of IP warming, increase the email send to...

10% of the list each day.

During IP warming, monitor and remove contacts who...

bounceback, unsubscribe, or complain.

To manage lists successfully, (1) ____ (2) keep hard bouncebacks under 3% (3) monitor spam complaints and bounceback reports

remove hard bouncebacks from segment

To manage lists successfully, (1) remove hard bouncebacks from segment (2) _____ (3) monitor spam complaints and bounceback reports

keep hard bouncebacks under 3%

To manage lists successfully, (1) remove hard bouncebacks from segment (2) keep hard bouncebacks under 3% (3) ____

monitor spam complaints and bounceback reports

Eloqua by default auto-suppresses any sends to a Contact flagged as a...

hard bounceback

Not sending to hard bouncebacks supports...

reporting

What timeframe do most Eloqua clients use to weed out inactive contacts?

3 - 6 months

After __ unsuccessful attempts to engage contacts, it's time to...

suppress them from future sends.

To manage your content, (1) ______, (2) optimize relevancy and frequency, (3) review and refine content.

reinforce email expectations

To manage your content, (1) reinforce email expectations, (2) ______, (3) review and refine content.

optimize relevancy and frequency

To manage your content, (1) reinforce email expectations, (2) optimize relevancy and frequency, (3) ______.

review and refine content

To reinforce email expectations, (1) ______, (2) send welcome messages, (3) check in with contacts periodically, (4) move subscription management options to upper half of your emails

communicate your privacy policy

To reinforce email expectations, (1) communicate your privacy policy, (2) send welcome messages, (3) _____, (4) move subscription management options to upper half of your emails

check in with contacts periodically

To reinforce email expectations, (1) communicate your privacy policy, (2) send welcome messages, (3) check in with contacts periodically, (4) ____

move subscription management options to upper half of your emails

To reinforce email expectations, (1) communicate your privacy policy, (2) ____, (3) check in with contacts periodically, (4) move subscription management options to upper half of your emails

send welcome messages

To optimize relevancy and frequency, use ___ to test frequency and determine the optimal mix for your target audience.

automated programs

To optimize relevancy and frequency, ask subscribers for...

input and feedback.

What should you strive for in bounce and complaint rates?

Bounce rate less than 3%, complaint rate less than 0.01%

You should generate reports that provide insight into:

bounces, complaints, and unsubscribes

Forrester's Email Marketing Trends 2012 report shows what two are the leading reasons for unsubscribes?

Relevance at 31.4%, frequency at 30.7%

In the ASCE case study, how did Eloqua help ASCE send to over 1.5 million contacts in 30 days with a 98% inbox acceptance rate?

(1) Analyzed lists, (2) optimized content, (3) sent emails in multiple small batches each day.

The ______ report allows you to see the contacts that have bounced per email

Email Bounceback Overview

The ___ report allows you to see specific bounceback error messages

Bounceback History with Messaging

The __ report allows you to see bounceback messages generated by email sends by Sales reps

Sales Email Overview

The ____ report allows you to see who has reported you as spam to their email provider

Spam Unsubscribe Report

What are the three standard testing tools of Eloqua per email?

General Deliverability Test, Inbox Preview Test, and Spam Content Check

To access the General Deliverability test from an email...

Action > Test Content and Deliverability

Test Content and Deliverability allows external tests via ___

Return Path

The _______ test sends your email to a variety of seed accounts and returns Inbox, Junk, and Missing percentages or each domain.

General Deliverability Test

The output of the General Deliverability test is an __ that displays your deliverability percentages around the world.

an Excel file

The Excel file that you get after running a General Deliverability Test shows what three statistics?

Inbox Percentage, Bulk Percentage, and Missing Percentage.

"Missing" emails are what?

Emails that never made it to the Inbox or the Junk folders, which typically means they were blocked at the ISP level.

The General Deliverability column that reads ISP also includes what else?

ESP's and Spam filters

The _____ report shows how emails will appear in a number of different email client inboxes.

Inbox Preview Test

The ___ and the ____ run together

Inbox Preview Test and Spam Content Test

The __ examines email performance against a range of commonly used email spam filters.

Spam Content Test

The Spam Content Test evaluates your email for _____ words

spam-like words

A link reputation check checks your email for...

links to questionable websites

Which report shows information more on the bouncebacks themselves, and not the Contacts?

Bounceback History with Messaging

Name three steps with regards to Email Deliverability Best Practices.

1. Manage your reputation, 2. Manage your email list, 3. Optimize your content

What factors is your sender reputation based on?

Complaints, unknown users, and spam traps.

Canada's Anti-Spam Legislation is a __ available to everyone

Private Right of Action (PRA)

True or false: CASL is not limited to email communications.

True. It includes all commercial electronic communication.

True or false? CASL requires express affirmative consent, or opt-in.

True.

True or false? CASL requires truthful headers like sender and subject line.

True.

True or false? CASL permits you to alter transmission data.

False.

True or false? CASL requires a conspicuous unsubscribe mechanism.

True.

True or false? CASL requires you to include the postal address of the sender.

True.

Under CASL, can you perform address harvesting or send to harvested addresses?

True.

Who has liability under CASL?

Entities who knowingly allow spam to be sent on their behalf

The CASL law accepts implied opt-in in what 3 situations?

(1) existing business relationship; (2) conspicuously published email addresses; (4) recipients have provided email address directly to sender

Is it an existing business relationship if someone donates to, volunteers for, or becomes an official member of your organization?

No.

What are CASL fines?

Up to $1 million per violation for individuals, up to $10 million per violation for businesses.

To grow your database, adopt rigorous list management and acquisition practices, including:

a double opt-in or confirmed opt-in process.

Keep opt-outs ______________

simple and easy to access

A C-28 best practice is to include what kind of contact information in each email?

Company name, contact information and sender's information if company is sending emails on your behalf?

A C-28 best practice is to build your own list of ...

permission-based contacts.

In case your unsubscribe link is not working properly, you should include a....

phone number.

CASL's anti-spam provisions went into effect when?

July 1, 2014

When do CASL's installation of computer programs provisions go into effect?

January 15, 2015

When do CASL's Private Right of Action provisions take effect?

July 1, 2017

For more info on CASL where can you go?

The Canadian Communications Law website.

What are 3 things you should do today about CASL?

(1) Check if you have opt-in confirmation for Canadian contacts (2) if not, obtain explicit consent within 2 years (3) segment contacts by country

What are penalties for CAN-SPAM violations

Up to $1 million or 5 years in prison

For more info on CAN-SPAM where can you go?

Bureau of Consumer Protection Business Center

CAN-SPAM prohibits the use of false or misleading _________

header information and subject lines

True or false: CAN-SPAM requires you identify a message as an ad.

True.

What are CAN-SPAM's opt-out requirements?

Tell recipients how to opt out, and honor opt-out requests promptly

Does CAN-SPAM require you to monitor what others are doing on your behalf?

Yes.

What kind of contact information does CAN-SPAM require you to provide?

A valid physical postal address.

Under CAN-SPAM, can your contact address be a P.O. box?

Yes.

The key to determining if your message is commercial or transactional lies in...

The bulk of the message's content.

Under CAN-SPAM and CASL can you include a short commercial message in a transactional email?

Yes.

4 CAN-SPAM best practices: (1) ____; (2) Keep a company-wide Do Not Email list; (3) Include address specific code to help identify Do-Not Email requests; (4) honor opt-out requests promptly

Use a footer allowing opt-outs

4 CAN-SPAM best practices: (1) Use a footer allowing opt-outs; (2) _____; (3) Include address specific code to help identify Do-Not Email requests; (4) honor opt-out requests promptly

Keep a company-wide Do Not Email list

4 CAN-SPAM best practices: (1) Use a footer allowing opt-outs; (2) Keep a company-wide Do Not Email list; (3) _____; (4) honor opt-out requests promptly

Include address specific code to help identify Do-Not Email requests

4 CAN-SPAM best practices: (1) Use a footer allowing opt-outs; (2) Keep a company-wide Do Not Email list; (3) Include address specific code to help identify Do-Not Email requests and prevent forwarded emails from being confused with spam; (4) _____

honor opt-out requests promptly

Do CAN-SPAM and CASL prohibit no-reply email addresses for commercial email?

Yes.

Does Eloqua automatically include recipient-specific coding in emails to prevent forwarded emails from being confused with spam?

Yes.

Under CAN-SPAM and CASL, what are the time requirements for unsubscribe requests to be processed?

Must be processed within 10 days.

Under CAN-SPAM and CASL, how long after an email is sent must the Unsubscribe link be valid

60 days.

What is Canada's privacy law called?

PIPEDA

What is the EU privacy law called?

EU Data Protection Law

Does the US have different laws for different types of data?

Yes

In the US, who governs commercial data privacy?

The Federal Trade Commission (FTC)

In the US< who governs health data?

Department of Health and Human Services

When did PIPEDA become law in Canada?

April 13, 2000

What does PIPEDA stand for?

Personal Information Protection and Electronic Documents Act

The 5 principles of PIPEDA are: (1) ____, (2) Identifying Purposes (3) Consent (4) Limiting Collection (5) Limiting Use, Disclosure, and Retention

Accountability

The 5 principles of PIPEDA are: (1) Accountability, (2) _____ (3) Consent (4) Limiting Collection (5) Limiting Use, Disclosure, and Retention

Identifying Purposes

The 5 principles of PIPEDA are: (1) Accountability, (2) Identifying Purposes (3) ___ (4) Limiting Collection (5) Limiting Use, Disclosure, and Retention

Consent

The 5 principles of PIPEDA are: (1) Accountability, (2) Identifying Purposes (3) Consent (4) _____ (5) Limiting Use, Disclosure, and Retention

Limiting Collection

The first 5 principles of PIPEDA are: (1) Accountability, (2) Identifying Purposes (3) Consent (4) Limiting Collection (5) ______

Limiting Use, Disclosure, and Retention

According to the _____ principle of PIPEDA, you have to have an individual at your organization who owns PIPEDA compliance.

Accountability

The _____ principle of PIPEDA says a company has to tell you why they want certain information.

Identifying purposes

What is one example of a way you can provide data without giving consent?

When your online behavior is tracked via cookies.

The _____ principle of PIPEDA means you can only collect as much data as you need for the purpose.

Limiting Collection.

The ____ principle of PIPEDA means you can't keep information longer than you need it to fulfill the purpose you stated when you collected the data.

Limiting Use, Disclosure, and Retention

The second 5 principles of PIPEDA are (6) Accuracy, (7) ____, (8) Openness, (9) Individual access, (10) Challenging compliance

Safeguards

The second 5 principles of PIPEDA are (6) Accuracy, (7) Safeguards, (8) _____, (9) Individual access, (10) Challenging compliance

Openness

The second 5 principles of PIPEDA are (6) ___, (7) Safeguards, (8) Openness, (9) Individual access, (10) Challenging compliance

Accuracy

The second 5 principles of PIPEDA are (6) Accuracy, (7) Safeguards, (8) Openness, (9) ____, (10) Challenging compliance

Individual access

The second 5 principles of PIPEDA are (6) Accuracy, (7) Safeguards, (8) Openness, (9) Individual access, (10) _____

Challenging compliance

The ____ principle of PIPEDA means you have to provide easy access to the PIPEDA compliance officer at your organization to address any challenges.

Challenging Compliance

Six PIPEDA best practices are (1) _____ (2) opt-outs (3) education (4) never share data (5) use of voice (6) be sure you know who you're talking to.

Six PIPEDA best practices are (1) privacy policy (2) ____ (3) education (4) never share data (5) use of voice (6) be sure you know who you're talking to.

opt-outs

Six PIPEDA best practices are (1) privacy policy (2) opt-outs (3) _____ (4) never share data (5) use of voice (6) be sure you know who you're talking to.

education

Six PIPEDA best practices are (1) privacy policy (2) opt-outs (3) education (4) _____ (5) use of voice (6) be sure you know who you're talking to.

never share data

Six PIPEDA best practices are (1) privacy policy (2) opt-outs (3) education (4) never share data (5) _____ (6) be sure you know who you're talking to.

use of voice

Six PIPEDA best practices are (1) privacy policy (2) opt-outs (3) education (4) never share data (5) use of voice (6) ____

be sure you know who you're talking to.

The ______ PIPEDA best practice means to use the data you've gathered intelligently and discreetly.

Use of Voice

"Not Joe, click here" is an example of what PIPEDA best practice?

Be sure you know who you're talking to.

In the EU, what kind of consent must you obtain before installing cookies on a person's computer

explicit opt-in consent.

EU's protection applies when data is collected or processed in or through...

an establishment located in any EU member state.

If the data is processed through ______ located in the EU, the EU protection requirement applies

equipment, in particular a server

Some EU member states have national data protection laws that are...

stricter than the EU data protection law.

EU: Which law always overrides? The stricter or the weaker?

The stricter

EU: Who is responsible for compliance - Eloqua or the customer?

The customer.

EU: To draft and obtain consent, you should use _____ language.

Plain language.

EU: To obtain consent, the ____ has to be identified

data controller

EU: To obtain consent, you must disclose the ___ of data collected, ____, and why ____

type of data collected, how it is done, and why it is being collected and processed.

EU: What needs to be in place to prevent giving of consent by mistake?

Safeguards.

What's an example of a safeguard?

Not providing pre-checked boxes.

EU: You must provide information on the consequences of:

not consenting.

EU: you must give a brief explanation of the users'

rights.

EU: When does the user need to give consent?

Prior to the collection of personal data.

An essential certification for transferring data from the EU to the US for processing is....

Safe Harbor

Is Eloqua Safe Harbor certified?

Yes

Is it a good idea to obtain your own Safe Harbor certification?

Yes

A third party privacy monitoring and auditing service is...

TRUSTe

TRUSTe ensures compliance with...

Safe Harbor certification and related marketing practices.

Eloqua works directly with TRUSTe. This enables customers to (1) and (2)

(1) enjoy one-click access to TRUSTe data management solutions and auditing (2) attach the TRUSTe symbol to emails, forms, and landing pages.

Eloqua supports EU privacy compliance with: (1) ______ (2) Visitor tracking opt-outs (3) Confirmed opt-in process (4) Subscription management (5) Master Exclude list (6) Form layouts with tracking opt-in options (7) Notification and Data Protection Official

Tracking and cookies enablement

Eloqua supports EU privacy compliance with: (1) Tracking and cookies enablement (2) _______ (3) Confirmed opt-in process (4) Subscription management (5) Master Exclude list (6) Form layouts with tracking opt-in options (7) Notification and Data Protection Official

Visitor tracking opt-outs

Eloqua supports EU privacy compliance with: (1) Tracking and cookies enablement (2) Visitor tracking opt-outs (3) ______ (4) Subscription management (5) Master Exclude list (6) Form layouts with tracking opt-in options (7) Notification and Data Protection Official

Confirmed opt-in process

Eloqua supports EU privacy compliance with: (1) Tracking and cookies enablement (2) Visitor tracking opt-outs (3) Confirmed opt-in process (4) _______ (5) Master Exclude list (6) Form layouts with tracking opt-in options (7) Notification and Data Protection Official

Subscription management

Eloqua supports EU privacy compliance with: (1) Tracking and cookies enablement (2) Visitor tracking opt-outs (3) Confirmed opt-in process (4) Subscription management (5) _______ (6) Form layouts with tracking opt-in options (7) Notification and Data Protection Official

Master Exclude list

Eloqua supports EU privacy compliance with: (1) Tracking and cookies enablement (2) Visitor tracking opt-outs (3) Confirmed opt-in process (4) Subscription management (5) Master Exclude list (6) ________ (7) Notification and Data Protection Official

Form layouts with tracking opt-in options

Eloqua supports EU privacy compliance with: (1) Tracking and cookies enablement (2) Visitor tracking opt-outs (3) Confirmed opt-in process (4) Subscription management (5) Master Exclude list (6) Form layouts with tracking opt-in options (7) ________

Notification and Data Protection Official

Name the three Strict Mode tracking options.

(1) Track all visitors (2) Track visitors that are not on the Country by IP restriction list and track visitors from restricted countries that have opted-in to tracking (3) Do not track any visitor unless he has opted-in to tracking

Which Strict Mode tracking option is the most commonly used?

Dynamically tracking visitors based on the country they're in.

Does Eloqua maintain a list of countries that require opt-ins?

Yes.

Whose responsibility is it to make sure the list of IP restrictions is complete and that you comply with the privacy laws?

Yours. Eloqua provides guidelines to create a list of IP restrictions.

How do you enable Strict Mode settings?

Contact Eloqua Support using My Oracle Support.

Once you enable Strict Mode, can it be enabled only for some websites you track?

No, it's enabled for your entire Eloqua install.

Things to check today: (1) ________ (2) are you tracking EU prospects? (3) Do you offer tracking opt-out? (4) Do you have a mixed install? (5) Does your privacy policy state you are dropping a cookie?

do you have an EU presence?

Things to check today: (1) do you have an EU presence? (2) _______ (3) Do you offer tracking opt-out? (4) Do you have a mixed install? (5) Does your privacy policy state you are dropping a cookie?

are you tracking EU prospects?

Things to check today: (1) do you have an EU presence? (2) are you tracking EU prospects? (3) ______ (4) Do you have a mixed install? (5) Does your privacy policy state you are dropping a cookie?

Do you offer tracking opt-out?

Things to check today: (1) do you have an EU presence? (2) are you tracking EU prospects? (3) Do you offer tracking opt-out? (4) _______ (5) Does your privacy policy state you are dropping a cookie?

Do you have a mixed install?

Things to check today: (1) do you have an EU presence? (2) are you tracking EU prospects? (3) Do you offer tracking opt-out? (4) Do you have a mixed install? (5) _____

Does your privacy policy state you are dropping a cookie?

What is meant by a mixed install?

You have a global marketing team sharing the same Eloqua database

True/False: C-28 is a private right of action available only to businesses.

False

True/False: There is no implied consent for referrals.

True.

True/False: C-28 accepts implied opt-in consent when the recipients have provided their email address directly to the sender.

True.

What does ESPC stand for?

Canada's Email Sender and Provider Coalition.

In Canada, how long is implied consent valid for in most cases?

Two years.

Under the EU Data Reform, the __________ requires organizations to completely delete someone's personal data if they request it.

Right to be Forgotten

The ________ proposes to create one universal set of guidelines and laws on data protection that will apply to all of the EU

EU Data Reform

Under the EU Data Reform, the ______ notification requirement would be removed

regional

Under the EU data reform, when must data breaches be reported?

Within 24 hours.

The EU Data Reform has increased stringency around ___ advertising.

behavioral advertising

Under the EU Data Reform, companies must share data on an individual on request in a _______ format.

portable

In 2012, the ________ put together a Data Breach Investigations report that was released in 2013

Verizon Enterprise RISK team

True or false: Data storage companies are more susceptible to data breach from within, and therefore they are the only ones who need to take preventative steps against data breach.

False.

According to Verizon's 2013 Data Breach Investigations report, who was responsible for data breaches?

92% of breaches stemmed from external agents.

What types of external agents committed data breaches?

55% organized crime, 21% state-affiliated, 21% unknown, 2% Hactivists, 1% former employees

What was the motivation for state-affiliated data breaches?

Usually espionage.

We are getting better at protecting against _____ and ____.

Hackers and malware.

In 2012 there were large upticks in ____, _____, and ____ types of data breaches.

physical, social, and misuse

Physical data breach attacks encompass ____ and increased by ____ in 2012.

actual physical theft, increased by 25%

____ is the main source of social data breaches and includes tactics such as ____ and _____

Email; phishing and pretexting

When an individual lies to obtain privileged data, this is called _____

pretexting.

To prevent data breaches, smaller organizations should (1) _____, (2) change default credentials of POS systems and other Internet-facing devices (3) Use two-step verification (4) Check third-party IT vendors' security measures

use a firewall

To prevent data breaches, smaller organizations should (1) use a firewall, (2) ______ (3) Use two-step verification (4) Check third-party IT vendors' security measures

change default credentials of POS systems and other Internet-facing devices

To prevent data breaches, smaller organizations should (1) use a firewall, (2) change default credentials of POS systems and other Internet-facing devices (3) ______ (4) Check third-party IT vendors' security measures

Use two-step verification

To prevent data breaches, smaller organizations should (1) use a firewall, (2) change default credentials of POS systems and other Internet-facing devices (3) Use two-step verification (4) _______

Check third-party IT vendors' security measures

To prevent data breaches, larger organizations should (1) _____ (2) ensure all essential controls are met and regulated (3) monitor event logs (4) evaluate current threats in your industry space

eliminate unnecessary data

To prevent data breaches, larger organizations should (1) eliminate unnecessary data (2) _____ (3) monitor event logs (4) evaluate current threats in your industry space

ensure all essential controls are met and regulated

To prevent data breaches, larger organizations should (1) eliminate unnecessary data (2) ensure all essential controls are met and regulated (3) _____ (4) evaluate current threats in your industry space

monitor event logs

To prevent data breaches, larger organizations should (1) eliminate unnecessary data (2) ensure all essential controls are met and regulated (3) monitor event logs (4) ___

evaluate current threats in your industry space

By February 2014, the cost of the December 2013 retail store data breach was:

$61 million

The April 2014 ___________ took advantage of a weakness in the OpenSSL and allowed hackers to gather data from supposedly secure sites.

HeartBleed Bug

How many secure web servers were vulnerable to the HeartBleed Bug attack?

17%, or a half million

What was the worst intelligence data breach of all time?

The Snowden affair

Why did Edward Snowden have access to so much information?

Through lack of compartmentalization and security access levels

Eloqua's ______ allow you to manage the IP addresses that are allowed to access your database.

IP address restrictions

Data Breach Law - best practices: (1) ______ (2) protect cardholder data (3) maintain Vulnerability Management program (4) access control measures (5) monitor and test networks (6) maintain information security policy

safe internal network

Data Breach Law - best practices: (1) safe internal network (2) ______ (3) maintain Vulnerability Management program (4) access control measures (5) monitor and test networks (6) maintain information security policy

protect cardholder data

Data Breach Law - best practices: (1) safe internal network (2) protect cardholder data (3) maintain a ______ (4) access control measures (5) monitor and test networks (6) maintain information security policy

Vulnerability Management program

Data Breach Law - best practices: (1) safe internal network (2) protect cardholder data (3) maintain Vulnerability Management program (4) _____ (5) monitor and test networks (6) maintain information security policy

access control measures

Data Breach Law - best practices: (1) safe internal network (2) protect cardholder data (3) maintain Vulnerability Management program (4) access control measures (5) ____ (6) maintain information security policy

monitor and test networks

Data Breach Law - best practices: (1) safe internal network (2) protect cardholder data (3) maintain Vulnerability Management program (4) access control measures (5) monitor and test networks (6) maintain _____

an information security policy