In a move that is sure to spark debate, the Direct Marketing Association last week mailed its members copies of a document outlining how to comply with its privacy principles.
The release of the draft, “Practices for Satisfying the DMA Privacy Promise,” is the second stage of a process that began when DMA president and CEO H. Robert Wientzen announced in October that compliance with DMA privacy principles will be mandatory for membership as of July 1, 1999. Members have until July 1 to comment on the draft.
According to the draft, keys to compliance are:
* Giving customers notice of information practices.
* Offering customers an opportunity to opt out of having information about them transferred for the purpose of being contacted by others.
* Maintaining and using an in-house suppression file.
* Using the DMA's Mail and Telephone Preference Service (MPS/TPS) files.
Among the document's more detailed guidelines:
* Consumers should get notice of information practices when they become customers and follow-up notices every year thereafter.
* Marketers should not contact customers for at least five years after they make an opt-out request.
* The most recent release of the MPS/TPS file should be run within three months in advance of contacting customers.
According to Wientzen, the draft's guidelines don't contain any big surprises.
“This is consistent with where we've been heading,” he said. “We think we've got a fairly simple and easy-to-understand policy that should not inhibit our members' ability to conduct business, but which will deal with the fundamental issues that we think are important to consumers and the government.”
Wientzen said compliance will probably have little effect on a “vast majority” of direct marketers' business practices. According to Robert Gellman, a Washington-based privacy and information privacy consultant, that is exactly the problem.
“This is a highly incomplete policy,” Gellman said, noting a variety of areas of concern. For instance, the document says that notice need not be given in the medium originally used to contact the customer. “If they contact me by mail, they don't have to give me notice by mail? Well, when are they going to give me notice? This is business as usual from the DMA on the privacy front.”
However, Becky Burr, associate administrator of the National Telecommunications and Information Administration for the U.S. Commerce Department, commended the DMA for “wrestling honestly, actively and aggressively with these issues.”
“The fact that the DMA is going to require adherence [to its privacy principles] for membership is not business as usual,” Burr said. “It's a real step forward.”
Deb Goldstein, president of hi-tech list management firm IDG List Services, Framingham, MA, voiced mixed feelings about the effects compliance would have on her list-owner clients and marketers in general.
“This is saying that you will inform your customer file or anybody that you're prospecting to what your policy is on making their name and data available. It kind of mucks up the sales message now, doesn't it,” she said.
Notifying consumers that they can opt out of having their names put up for rent may spur some to take action where they otherwise wouldn't have bothered, she said.
“[However,] the big picture here is that if the industry doesn't regulate itself, government will, so what the DMA is doing is very noble,” Goldstein said. “On the other hand, it will require a lot of work and cut list-rental revenue.”
Wientzen said that from July 1 until the July 1, 1999, compliance deadline, DMA staff members will be available to answer members' questions by telephone. The DMA also is planning “a dozen or so road shows” across the country to educate members about various compliance practices.
“There will be plenty of opportunity for people to ask questions,” he said.
As for those who don't meet the 1999 deadline, Wientzen was short on details.
“We will provide notice to them with due process that they're not in compliance,” he said. “They will be given a short period of time to indicate that they are going to be in compliance. If that doesn't happen, they will be removed from the rolls of the DMA.”
Practices for Satisfying the DMA Privacy Promise makes no mention of enforcement beyond the loss of membership.