Privacy and Marketing

PRIVACY AND MARKETING

In today’s increasingly complex and electronic landscape, we as direct marketers are caught in a sort of catch 22 – we want as much information as we can access and yet we must be very careful that we respect people’s right to privacy and do not share data that people do not want shared. Our direct marketing community has experienced privacy legislation for the past 10 years concerning email, faxing and telemarketing. Direct mail is currently the only direct communication channel which is not subject to such laws. However, there are those among our elected officials who would like to change that and they appear to be gaining momentum.

Most recently, in a major policy address on the challenges of privacy in 2007, Senator Hillary Rodham Clinton called for a comprehensive privacy agenda; a Privacy Bill of Rights, Oversight for the electronic and Commercial Transactions Act of 2006 and the PROTECT Act.

This legislation would include the protection of phone records, credit reports and other personal information. The Right to Know requires every state to: (1) immediately notify an individual whose identity or credit has been compromised; (2) notify an individual when their personal information leaves the country and give them the opportunity to opt-out; and (3) receive a free credit report once a year.

Additional personal data privacy legislation before the Senate this year is The Data and Security Act of 2007, introduced on May 1 by Senator Tom Carper (D-DE) and Bob Bennett (R-UT). The bill’s objective aims to mitigate and prevent identity theft, ensure privacy, provide notice of security breaches and increase penalties for security breaches.

On May 3rd two overlapping U.S. Senate proposals aimed at controlling personal data use by the government and private sector were approved by a key committee. The Senate Judiciary Committee passed The Personal Data Privacy and Security Act of 2007, S.495, introduced by Chairman Patrick Lehy (D-VT) and Senator Arlen Specter (R-PA), along with the Notification of Risk to Personal Data Act, S. 1350 introduced by Senator Dianne Feinstein, (D-CA). The bill deals with the underlying problem of lax security and a lack of accountability to help prevent data breaches and advises victims promptly once a breach has occurred.

Each of these bills will restrict access to data which have been at the heart of our marketing efforts, from addresses to purchase information to demographics—information which allows us to created targeted and more efficient marketing programs.

To date, as an industry, we have relied on self regulation to decrease the likelihood of outside regulation.
The DMA’s Senior Vice President for Ethics and Consumer Affairs, Pat Kuchera, asserted, “We currently have 18 states with Do Not Mail Lists. We want to make sure this is not an area that needs to be legislated. We are redoubling our compliance efforts to make sure our members are following the very basic guidelines of information handling as dictated by the [DMA] Privacy Promise and notice and choice and use of the preference services and telling people the source of their names of they ask. It really is getting back to basics. We really need to increase our self regulatory program or we are going to lose the right to mail, which is terrifying.”
The DMA’s Privacy Promise has been mandatory operating procedure for those member organizations performing functions as list users, list compilers, list brokers, list owners, service bureaus and suppliers since July 1999. The four basic privacy protection practices it addresses are:

1. Provision of annual notices to customers of their ability to opt out of information exchanges. For online marketing, notice must be provided to both customer and prospects in each solicitation.
2. Customer opt-out requests must be honored. Their contact information must not be transferred to others for marketing purposes.
3. Accept and maintain consumer requests to be on an in-house suppress file for prospective customers to stop receiving solicitations from the company.
4. Marketers must use DMA’s Preference Service suppression files.

As thought leaders in this technologically-driven marketplace, our ability to leverage data while protecting the privacy of each name in our database is de rigueur. Along with ethical and proper business, Federal regulations demand it and the future of our industry requires it. We also experienced USPS rate hikes, the likes of which reached a fever pitch this spring creating significant setbacks for mailers of all sizes. Although we operate in a multichannel arena, our primary contact vehicle is mail. It is in this channel that no legislation has been introduced and should be exhaustively championed by the DMA to ensure our ability to mail will not be further encumbered.

In addition to the looming legislation, there are consumer advocacy groups and media outlets which focus on sensationalizing misuse of private information. And there are direct marketers who are not as diligent in adhering to both the self regulation and actual legislation.

Consumer privacy advocates such as online civil groups, The Electronic Privacy Information Center, Center for Digital Democracy, the U.S. Public Interest Group and the Privacy Coalition champion issues and keep their website up do date with matters germane to privacy protection such as the Google/Double Click merger. These advocacy groups are appealing to the FTC to block the merger to prevent a monopoly of data on internet users that will result due to the merger.

Despite the well publicized legislation, articles concerning sensational privacy violations, and best efforts by conscientious marketers, data show that many of our less observant peers are not as diligent in their practices. In a December 27, 2006 study by Shar Van Boskirk of Forrester Research, we learned that 14 out of 63 emails reviewed did not have the physical address or unsubscribe link required to comply with the CAN-SPAM Act of 2003.

We are all familiar with the CAN-SPAM Act, which is an acronym for Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2004 and the Telemarketing Sales Rule of 1995 which stipulates that each company establish and maintain its own Do Not Call List and keep whoever requests to be on it there for 10 years. The time limit has since been reduced to 5 years. Additionally the FTC also has a Do Not Call registry which has been in place since 2003. The registry requires all direct marketers to access it and charges high fees for its use.

The Direct Marketing community employs more than 17 million professionals, about 13% of the U.S. workforce, and according to 2004 statistics, generates over $2.3 trillion in sales revenue ($1.2 trillion by consumers alone). We represent a sizable portion of the working population and GNP.

The DMA’s Sr. Vice President for Ethics and Consumer Affairs talked about specific consumer concerns regarding mail: (1) volume- consumers are irritated by the amount of mail they receive (2) identity theft and (3) environmental issues. All 3,600 member organizations of the DMA must audit and regulate their operations such that we will not face mail legislation, ensuring a healthy future for our community and the significant sector of the economy represented by direct mail commerce.

We may be feeling a little burned by the recent postal rate hikes. As we learned, our association is no match for the regulators. Therefore it is critical we as individual catalogers, retailers, nonprofits, and other direct marketers remain diligent in adhering to our current self-regulatory practices and be obsessed about keeping historical records of compliance to ward off future encroachments and be prepared for unexpected audits.

Tags: CAN-SPAM, CAN-SPAM Act, direct mail marketing, direct marketing, e-mail marketing, email marketing, marketing privacy, privacy, telemarketing Category: News, Newsletter Articles. Responses are currently closed, but you can trackback from your own site.