By Dominic Jones | Published: January 8, 2008 | 
Printer version
| Comment |
More on cookies and proxy sites
SORRY to bore you with this arcane discussion about cookies, but I’m continuing to hear from vendors who claim companies cannot use any cookies on websites hosting their proxy materials.
This is nonsense and the people pushing this line of thinking — and I’m talking about a lot of different people — either aren’t paying attention or they’re deliberately trying to confuse companies for their own ends. Perhaps both.
You might recall that this issue came up after I saw a presentation in which a representative of Broadridge Financial Solutions tells the audience they have to post their proxy materials on a “cookie free” website. (Others are telling firms the same thing.)
That might sound right, but if it was — and it’s most definitely not — then Broadridge itself is currently breaching the SEC’s rules. That’s because they themselves are using cookies on the websites they use to host their clients’ proxy materials for eproxy.
Look at the screenshot below. It shows you information about the cookie that was set to my browser when I visited www.investorEconnect.com, the domain Broadridge uses to host its clients’ proxy materials.
 |
| Broadridge’s own domains provided for eproxy services use cookies, even while the company’s sales people are telling their clients their websites must be “cookie free.” |
So are Broadridge and its clients breaching the SEC’s rules around cookies?
No they are not, and here’s why:
The SEC’s rules state you cannot “infringe on the anonymity” of people who access the website hosting your proxy materials. In other words, you cannot use any method to learn the identities of users on the website hosting your proxy materials. That includes, but is not limited to, using cookies that contain identifying information.
However, there is no universal ban on cookies. Anonymous cookies, those that do not contain information that would enable you to identify a user, do not infringe on shareholders’ anonymity and therefore are not a problem.
And that is why Broadridge can use cookies on its Investor E-connect website and other proxy related sites; because they are using cookies to ensure that users can use the website and get the information they need, not to infringe on shareholders’ anonymity.
This is similar to how most companies uses cookies on their websites, the same websites that some service providers now want companies to believe are not fit to host proxy materials. Why are service providers telling companies this? In part it’s a consequence of selective reading of the SEC’s statements, but it’s also because vendors would like companies to rent server space from them at exorbitant rates.
 |
| Broadridge is also using cookies on its StreetLink domain. This hosts some companies’ annual meeting materials. |
Now, to be sure, some companies do need to be careful because their websites do use impermissible cookies that contain personally identifiable information. Clients of Shareholder.com, for instance, should pay attention.
But most firms don’t have a cookie problem and don’t need to rent server space from a proxy service provider. And they don’t need to purge their sites of anonymous cookies or set up separate cookie-free sites.
It’s an unnecessary expense, and ultimately counterproductive because permissible anonymous cookies actually help companies to provide better user experiences for investors in a number of ways, some of which I mentioned in the earlier post.
One more thing to think about: If you work for a public company, you really have to be on your guard for the BS and misinformation that service providers dish out. You also need to read the rules closely and ask questions. If more people did this, we’d have better, clearer rules.
In that vein, I recommend you pay careful attention to what the SEC has said about the formatting requirements for online versions of proxy statements and annual reports. None of the big vendors seem to have read this properly either.
Please Support Our Work
Email your friends about us. Subscribe to our paid publication Online IR Trends Quarterly. Get us to recommend improvements to your IR website (we're really good at it).
January 17th, 2008 at 11:11 am
[...] Dispelling the “cookie myth” around e-proxy (January08, 2008) Participation plummets in e-proxy votes (October 23, 2007) Microsoft reverts to snail mail in e-proxy (October 18, 2007) AMERCO’s shareholder forum, e-proxy (July 11, 2007) Is Shareholder.com client breaching SEC privacy rules? (July 10, 2007) My bad experience with first e-proxy notice (July 04, 2007) E-proxy: do it for love, not money (June 14, 2007) 10 reasons to avoid image-based reports (February 2003) Usability guru weighs in on image-based reports (February 2003) [...]
April 15th, 2008 at 12:03 am
Dominic, this is reckless writing. It’s one thing if you base this article on anything other than your opinion; it’s another if your opinion is all that supports this article. As noted in other forums, the language of Rule 14a-16 supports your view, but the interpretive guidance on the topic (i.e., the adopting release for Rule 14a-16 does not). If this article is based on a staff statement that supports your theory, then please say so. Otherwise, you may be leading people astray by making these conclusory declarations without support.
By the way, its worth noting that I agree that cookies that do not allow for the identification of visitors are probably fine. Nevertheless I think companies should follow the adopting release until such point that the SEC provides guidance on the issue and confirms that our intuition is correct.
April 15th, 2008 at 12:41 am
Keir,
Do we really need the SEC to explain or clarify something whenever people want to read too much into a statement for their own ends? It’s obvious in the release that the issue is ensuring investors’ anonymity. There’s some sloppy language, but it’s clear that the issue is anonymity. When it talks about the prohibition on cookies, the issue is anonymity, nothing else. I don’t understand why lawyers can’t use their common sense and good judgment here.
And I think companies should be checking with their counsel if they think they might have a problem. But I’d hope they’d get someone like you and you’d be able to determine whether they’re infringing on the anonymity of people or not. And if they’re not, that you’d give them the go ahead to use their own websites to host their proxy materials, which is important for a number of reasons, including being able to improve the user experience (as per Section II.A.3 of Release 34-55146).
This issue arose because someone from the ICI wrote a comment wondering how the rule would affect investment companies who use cookies to provide access to online accounts. That’s not something the vast majority of corporate issuers have to worry about because they don’t collect personally identifiable information in this way. I’ve pointed out in the story that there are some corporations that do use cookies in ways that are problematic. I’ve named the vendor, so those companies can easily identify themselves.
As for evidence to support my view, I thought I provided it in no uncertain terms. Broadridge, which I think you will agree has a pretty good line on the SEC’s thinking on these things, is using cookies on the websites hosting companies’ proxy materials and on the proxy voting site. Indeed, they say publicly that their documents meet the SEC’s approval, yet the pages hosting those documents are using cookies. How is that possible? Has Broadridge put all of its clients at risk? Are they telling lies? Would they continue to do so even after this story has been circulating for weeks?
That seems highly unlikely to me. So rather than just putting out my opinion, I’m providing evidence that cookies per se are not prohibited, just the ones that infringe on users’ anonymity. That’s what the adopting release says if you don’t try to read too much into it or take statements out of context, and that’s what Broadridge — and Computershare and probably others — are doing.
It is nonsensical if you understand technology to even entertain the idea of the SEC banning cookies outright. The web as we know it would not work. Whole companies that rely on the web for their businesses would not be able to operate because they rely on cookies for important features on their sites, and those same sites host their proxy materials. People would not be able to vote their proxies online. Online proxy statements and annual reports would be less usable than they already are. Some of the best and most important usability improvements in the past few years all require the use of cookies, but not ones that infringe on the anonymity of the user.
There are much bigger problems for companies and their lawyers to be concerned about. How about footnote 35 in the adopting release? Now there’s something worth focusing attention on. There are lots of expert witnesses who would testify that what companies are currently providing comes nowhere near the “convenient” standard required in the rules.
Finally, this is the second post on this topic. In a comment on the first one, we provided a complete quote from the adopting release you’re referred to along with additional information.
June 3rd, 2008 at 4:20 am
[...] In some cases, companies that provide usable HTML reports on their own websites have paid to have duplicate, less usable image-based documents created on a vendor’s website because they have been told by vendors that they must provide their materials on a “cookie-free” website, even though that term is not used anywhere in the SEC’s rules. Ironically, the websites on which the duplicate reports are hosted are using cookies themselves. [...]