educational

Working With a Third-Party Record Keeper

Of all the recent revisions to the 18 USC '2257 federal record-keeping statute, none was so welcome to amateur adult website and other small-scale/home-based operators as the allowance of third-party record keeping — a move which can dramatically increase the personal safety and privacy of these operators. Larger organizations can also benefit from these outsourced business services, so their appeal is becoming increasingly widespread.

But many questions remain about these new services and how they'll operate. Obviously, cost is a concern in today's economy, especially for the smaller sites and solo girls who may be most likely to use these services, but what about other considerations?

To date, there has been a small handful of companies announcing their entry into the record-keeping field, but two stand out due to their support by adult industry attorneys — the services offered by Dan Pepper of Pepper Law Group (www.adultwebsitelawyer.com), and those of Michael Fattorosi of 2257Safe.com.

I recently asked these two attorneys about their new record-keeping services. Here's what they had to say:

XBIZ: What are the pros and cons of using a third-party record keeper?

Fattorosi: Obviously, the pros are that your name, identity and overall personal safety will be protected. With the changes to 18 USC '2257, there is much less intrusion by the government into a primary or secondary producer's privacy. The other pro is that the clients of 2257Safe.com will know that an attorney is handling their inspection process. As lawyers, we are adept at interacting with law enforcement, as well as investigative personnel. Often clients do not understand that they should not make certain statements to the DOJ/FBI during the inspection. We anticipate that an inspection of 2257Safe.com will be smooth and a less complicated situation for all parties.

Pepper: A primary advantage for many smaller producers is the privacy benefit; by having a third-party record keeper, the producer need not use his or her own name as the custodian of records on their publicly available '2257 compliance statement. Other strong benefits are having the peace of mind that the third-party record keeper is maintaining the producer's records in conformance with the regulations, and will be the party working with any justice department audit of the producers' records. Potential drawbacks of using a third-party record keeper involve trusting a third party to effectively manage a complicated record-keeping obligation, with the producer ultimately responsible for any non-compliance. Choosing a custodian who doesn't fully understand the regulations places the producer at risk of fines or jail time.

XBIZ: How much does your recordkeeping service cost? Do you charge a monthly fee, a per-record fee, database access and update fees? Is there a sliding scale that will help smaller operators who need this service?

Pepper: We have three levels of monthly maintenance fees, depending on the size of the producer. For smaller producers with fewer than 100 records, the program costs $12.95 [per] month. Our mid-tier program for up to 500 records is $19.95 [per] month. For larger producers, an unlimited number of records is $99.95 [per] month. A one-time $99 set-up fee applies to each program.

Fattorosi: The price structure for 2257Safe.com is actually based upon the amount of content we are hosting for each client. One of the provisions of 28 CFR 75 is that a copy of the depiction must be held with the corresponding records. Since 2257Safe.com is a web-based solution, all the content must also be housed on our servers for true compliance. However, we have developed compression software that will achieve a 90 percent compression rate for all videos and photographs, ensuring compliance, but also assuring our clients that their content will not be of a quality necessary for commercial purposes. All of our accounts are billed monthly to a credit card on file with our billing company. The basic service is $9.99 for up to one gig, the next level is $29.99 for up to 10 gigs, and then $49.99 for 15 gigs, $99.99 for 25 gigs and over 25 gigs is $149.99 per month. Custom packages and competitive prices can be negotiated for sites larger than 100 gigs. There are no fees to update or access the site, and each company can keep as many records as their storage will permit.

XBIZ: What do you need from new clients in order to begin custodianship of their records? Is there a service contract or a minimum time commitment or a month-to-month agreement? And what about confidentiality, liability or other contracts between you and your clients?

Fattorosi: There is a basic service contract that is required, and that is a month-to-month contract. A customer can cancel his or her membership prior to the next month's billing cycle. There is no minimum time agreement. As for liability, all liability rests with the client. We are not organizing or reviewing their records. We are simply providing off-site digital storage. All responsibility for the maintenance of the records remains with the client. Of course all records are held with full confidentiality, except for the fact that the compliance notice will indicate that 2257Safe.com is their custodian of records.

Pepper: All new clients sign a service agreement, which describes the various obligations we undertake for our client producers. Confidentiality is paramount, and the identities of our clients are never disclosed unless required as part of a justice department audit. The service is month-to-month, and the client can cancel at any time.

XBIZ: How do clients transfer a copy of their records to you? Is it by an online upload utility or FTP, shipped hard drive or other means?

Pepper: Records are sent via a SSL-secured browser, or at the client's option, by shipped hard drive or DVD.

Fattorosi: We have two [ways] they can transfer their records. For smaller to midsized producers, upload will be the easiest. For the very largest of clients, we can have them ship hard drives via registered and insured U.S. Mail directly to our hosting company, Fortress ITX, so they can up load them directly into their account.

XBIZ: Are clients required to keep a copy of the documents that they send to you and if so, for how long? Do you provide database dumps to make these client backups easy?

Fattorosi: We recommend that all of our clients retain hard copies of all their records, as well as digital copies of all their content. 2257Safe.com servers are PCI-DSS compliant and are well shielded against hack or threat; however, nothing is guaranteed when it comes to a server. Also, the client's account is backed up more than 100 times per day by our hosting company, Fortress ITX.

Pepper: We ask that clients keep duplicate copies of all documents they send to us for so long as we are maintaining the records for them. Clients can remotely and securely access their records at any time from our service if they wish to make additional backups.

XBIZ: Do you review the documents sent to you in order to verify their apparent completeness? If this is not a part of your standard service, do you offer such reviews as an additional service and if so, what does that process involve/cost?

Pepper: We review the documents to ensure the necessary documents have been provided to us. Our standard service does not include reviewing the documents for completeness or for conformance with the federal regulations. We do provide this optional service at rates tailored to the individual client.

Fattorosi: No, we do not provide a review service. However, the software powering 2257Safe.com does walk a user through each step so that they will know whether they are missing anything that may cause them to be non-compliant.

XBIZ: If a client's records are inspected, what will your involvement be with that process, and will a separate representation agreement be required?

Fattorosi: All inspections will be directed to and handled by me, Michael Fattorosi, at our offices in Los Angeles. [I am] an attorney with more than 12 years experience including six years within the industry. While not a First Amendment expert, I have experience with 18 USC '2257 and 28 CFR 75 in regards to compliance counsel and actual litigation.

Pepper: As part of our standard record-keeping services, our records are open for inspection by the U.S. Attorney General's office and/or its designated agents during normal business hours. In the event of discovery of a client's non-compliance with the federal regulations as a result of an audit, a separate representation agreement would be required of the client.

XBIZ: How often should a client update their records?

Pepper: Updates depend upon when the producers add or modify their content.

Fattorosi: Every time a client adds content to their site or publishes a depiction that would fall under the requirements of 18 USC '2257 and 28 CFR 75. With 2257Safe.com, records can be updated in real time so there is never a worry as to a delay. Unlike other third-party record keepers, our clients maintain their own records and have access to those records 24 hours a day, 7 days a week, and 365 days of the year. Updating should never be an issue.

XBIZ: And finally, what do you see as the unique competitive advantages of your service over similar offerings?

Fattorosi: With 2257Safe.com you have the power of the operating software. 2257Safe.com is based upon the Y-Tracker software, which has been commercially marketed since 2005. Y-tracker had hundreds of users, and their feedback helped design 2257Safe.com. First developed by Dan Underhill, it has now been reworked to be web-enabled. Dan has done a tremendous job taking a great piece of software and making it that much better. Since the software has been in use for five years, it is already field tested and has already been refined several times. Also, with 2257Safe.com, our clients have the security of knowing that an attorney is handling all inspection issues. Our clients also know that they have the ability to access their own documents so that they can be assured they are compliant. Finally, 2257Safe.com is hosted on PCI-DSS servers. Our level of server security is the same as banks and credit card companies use for their hosting. No other company can match that at this time.

Pepper: Our third party record-keeping services are overseen and managed by lawyers well-versed with the complexities of 18 USC '2257 and its attendant regulations, with fees at or below our competitors, who don't offer such legal oversight. Records are transferred to us quickly and securely, with easy-to-follow instructions. Unlike other services, we do not use FTP, which transfers files and passwords in clear text for anyone to see, and files are sent unencrypted across the Internet. All records are backed up in dual off-site locations, in a data center featuring the following computer network security measures: a ballistic-proof exterior (including doors and windows); fingerprint scanners and ID checking for all entry and exit of the facility; double man traps that force double verification and provide extra secure data center entry; redundant off-site monitoring of all security systems; plus locked cabinets and cages. We also offer unlimited email and telephone customer service during normal business hours at no additional charge to our clients.

While both of these attorney-backed record-keeping companies offer similar services, there are differences within the details of their implementation of these services that may make one more suitable than another for a particular operator. Talk to both of them to see which one is the right fit for you and your record-keeping needs, and then help protect yourself and your privacy by signing up with the service that will suit you best. It'll help keep over-zealous fans at bay and help you sleep better at night.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Navigating Age-Related Regulations in Europe

Age verification measures are rapidly gaining momentum across Europe, with regulators stepping up efforts to protect children online. Recently, the U.K.’s communications regulator, Ofcom, updated its timeline for implementing the Online Safety Act, while France’s ARCOM has released technical guidance detailing age verification standards.

Gavin Worrall ·
opinion

Why Cyber Insurance Is Crucial for Adult Businesses

From streaming services and interactive platforms to ecommerce and virtual reality experiences, the adult industry has long stood at the forefront of online innovation. However, the same technology-forward approach that has enabled adult businesses to deliver unique and personalized content to consumers worldwide also exposes them to myriad risks.

Corey D. Silverstein ·
opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
Show More