Dominic Jones

Dominic is a web strategy consultant to investor relations departments around the world and the founder of IRWebReport.com. More

5 responses to “More on cookies and proxy sites”

  1. Dispelling the “cookie myth” around e-proxy - IRWebReport.com

    [...] Dispelling the “cookie myth” around e-proxy (January08, 2008) Participation plummets in e-proxy votes (October 23, 2007) Microsoft reverts to snail mail in e-proxy (October 18, 2007) AMERCO’s shareholder forum, e-proxy (July 11, 2007) Is Shareholder.com client breaching SEC privacy rules? (July 10, 2007) My bad experience with first e-proxy notice (July 04, 2007) E-proxy: do it for love, not money (June 14, 2007) 10 reasons to avoid image-based reports (February 2003) Usability guru weighs in on image-based reports (February 2003) [...]

  2. Reflections on 2008 annual report season | IR Web Report

    [...] In some cases, companies that provide usable HTML reports on their own websites have paid to have duplicate, less usable image-based documents created on a vendor’s website because they have been told by vendors that they must provide their materials on a “cookie-free” website, even though that term is not used anywhere in the SEC’s rules. Ironically, the websites on which the duplicate reports are hosted are using cookies themselves. [...]

  3. 7 fixes for the SEC’s notice-and-access proxy process | IR Web Report

    [...] on Broadridge’s servers. Companies think Broadridge’s servers are cookie-free, but they actually are not. But that’s not the [...]

  4. Dave Ahl

    From SEC doc in quotes PLUS questions??
    “We do not believe that this requirement will impose any undue burden on companies. Under the rule, a company must refrain from installing cookies and other tracking features on the Web site on which the proxy materials are posted. This may require segregating those pages from the rest of the company’s regular Web site or creating a new Web site.”
    This looks like the source of the no cookies info? I agree there are different types of cookies it this specific cookie information in footnotes?
    Could the “new web site” be a sub domain?
    proxy.company.com
    “However, the rule does not require the company to turn off the Web site’s connection log, which automatically tracks numerical IP addresses that connect to that Web site. Although in most cases, this IP address does not provide companies with sufficient information to identify the accessing shareholder, companies may not use these numbers to attempt to find out more information about persons accessing the Web site.”
    Is it ok to place Google Analytics tracking code on Proxy pages? As you know code based web tracking is technically different from a log connection file.

  5. Dominic Jones

    @Dave

    Yes, that’s one of the paragraphs. The writer did not understand that there are cookies that do not infringe on investors’ anonymity. As your second quote illustrates, the issue is about companies identifying who is using their sites. Cookies are not always used to identify users by name or affiliation.

    I don’t see any problem with a subdomain.

    Google Analytics uses cookies and would be fine, as long as you do not use IP “numbers to attempt to find out more information about persons accessing the Web site.”

    HOWEVER, as you know, Google Analytics does not provide IP addresses, but it automatically uses the IP address to show the domain associated with it. For example, it takes an IP number and translates it to an organization name, e.g. Citigroup.

    Therefore, the IP number is being used to “find out more about the persons accessing the Web site.” There are situations where knowing that someone from Citigroup has visited the proxy materials may be useful to a company and could be abused. Say, for example, there’s a proxy contest and you see the votes for the proponent go up dramatically after Citigroup visits the proxy materials. You could extrapolate from this that Citigroup has voted against the board. If you have time, you could then get on the phone to Citigroup to try to persuade them to change their vote. That’s an abuse of the system.

    However, when it comes to retail investors, the IP information is much less useful and really can’t be abused. Knowing that someone is using Comcast to access the web isn’t useful and you cannot easily find out which customer at Comcast is using the site.

    Also, if I was at a big institutional investor or a regulator like the SEC, I’d be masking my IP so as not to leak any information. This is particularly important for investigations. Big funds that are researching a company prior to an investment should also mask their IPs if they don’t want to tip off anyone one about what they’re doing.

Leave a Reply