Advocacy group releases privacy principles

The Personalization Consortium, a year-old North American advocacy group made up of companies involved in direct online marketing, has released a new set of privacy principles and introduced a framework for third-party privacy audits that it hopes will encourage consumers to...

The Personalization Consortium, a year-old North American advocacy group made up of companies involved in direct online marketing, has released a new set of privacy principles and introduced a framework for third-party privacy audits that it hopes will encourage consumers to do business with its members.

The Consortium, whose founding members include DoubleClick, 24/7 Media, American Airlines and PricewaterhouseCoopers, says its auditing framework will establish a standard by which member businesses can have their privacy initiatives tested against the ‘best practices’ upon which its principles are based.

According to the Consortium, the privacy principles, which relate specifically to personal consumer data collected for marketing purposes, were formulated to provide companies with a ‘template’ from which to develop their own privacy policies.

Scott Martin, CEO of Calgary-based online marketing agency NextClick and the president and founder of the Wakefield, Mass.-based Personalization Consortium, says, ‘This groundbreaking effort is clearly a model that will help to change the direction of consumer skepticism around industry’s ability to manage information responsibly. This new initiative helps to level the playing field for both businesses and consumers.’

The key elements covered by the privacy principles include a promise by each participating company to provide consumers with ‘clear and conspicuous’ notice of the nature of the information that is being collected about them and how it will be used; a pledge that only relevant information will be collected; a guarantee that any information collected will be safeguarded in a secure environment; a commitment to obtain consent from the consumer to ‘collect, hold, use or share’ their personal information; and an assurance that the consumer will be offered ‘reasonable’ access to the information that has been collected about them and that they will be given a ‘reasonable opportunity’ to have any inaccurate information about them either corrected or deleted.

As for the audit framework, the Consortium says it will require all its member organizations to submit to a privacy audit by a certified third-party accounting firm, which will use the Consortium’s privacy principles as the benchmark for its determination. The Consortium says it will announce a set of privacy enforcement procedures this spring.

Amanda Maltby, director of communications with the Canadian Marketing Association (CMA), which developed its own Privacy Code more than five years ago, says much of what is contained in the Personalization Consortium’s privacy principles is already required of Canadian companies under Bill C-6, the new federal privacy legislation which came into effect Jan. 1.

She points out, too, that some of the items contained within the Consortium’s principles are somewhat vague: specifically, the areas dealing with consumer consent and the purpose for which personal consumer information can and will be used.

‘It’s important that any kind of [privacy] code for the private sector, both online and off-line, is reflective and descriptive of how third parties are going to use personal information from consumers,’ she says. ‘These guidelines set out a different lexicon for marketers, which could potentially cause a bit of confusion.’