Promise privacy and security

Because my wife is a teacher, September has always been back-to-school time in my household. It is a month of new beginnings and new challenges, a time for getting back to basics and sharpening one’s skills after the slow summer months. This summer, I often thought about what the new school year means to multichannel merchants. After all, education is one of the five pillars of the Direct Marketing Association’s new strategic plan. It’s fairly easy to stay apprised of new trends, products, and practices throughout the year. But in a world of new technologies and evolving market conditions, it’s much harder to take time from the day-to-day grind to reexamine the ABCs.

Perhaps the best example of this is customer service. I think anyone would agree that good customer service is a hallmark of direct marketing. But in this multichannel world, customers’ wants and needs have greatly evolved from just a few years ago. Have we done enough to ensure that our customer service has advanced with them? For the most part, we have. But I believe that there is always room to improve.

One area that may not have been fully addressed is the hot-button issue of data security. Several recent high-profile breaches in data security have focused the attention of policymakers and the general public on what marketers are doing to protect consumers and companies from fraud and identity theft.

That’s why I don’t think that we should observe the actions we take to protect consumers’ data and privacy exclusively as a matter of security compliance. They should be viewed as a fundamental component of good customer service — and we all know that customer service is what will build long-lasting relationships in our competitive multichannel world.

As the debate on data security gains momentum in Washington, I’m proud that the DMA is working to promote balanced and informed decisions on and off Capitol Hill and to help educate businesses and consumers about steps that can be taken to make sensitive data more secure. In fact, long before data security was the headline du jour, the DMA worked with the Federal Trade Commission to develop a checklist of security procedures for marketers. You can check it out at www.the-dma.org/privacy/informationsecurity.shtml.

Protecting customers’ data and privacy must remain a vital part of customer service. A recent study from consulting firm The Customer Respect Group reinforces this point, highlighting some distressing trends:

  • 24% of firms studied provided no obvious way for customers to remove themselves from mailing lists on their Websites;

  • 32% of sites provide no means to edit personal data after they are collected; and

  • only 34% of firms consistently use Secure Socket Layer (SSL) or HTTPS forms to provide security when collecting personal data.

While the bulk of marketers are doing the right thing, such statistics are still alarming. Not only are they detrimental to customer relationships, but they also tarnish the image of the overall direct marketing community. As a result, they are a threat to our collective future unless we do something about them.

You may know that the DMA has taken a stand on consumer privacy and notice, encouraging all members of our industry — whether they belong to the DMA or not — to do the same. Direct marketers must recognize and respect consumers’ wishes and rights if they expect to create trust and beneficial relationships, which of course are the holy grail of marketing.

As customers’ needs change, marketers want to deliver different yet relevant messages. Direct marketing’s ability to establish and track secure, trusted, and mutually beneficial relationships is perfectly positioned to achieve this goal.

That said, as you begin your planning for 2006, I urge you to reevaluate your policies and procedures in regard to privacy and security. If you haven’t done so already, consider making a “privacy promise” to your customers similar to the one the DMA and its members first made in 1999.

Our privacy promise is a public assurance that all members of the DMA will observe, at the very least, the following four basic practices to protect consumer privacy:

  • to provide customers with annual offline notice of their ability to opt out of information exchanges and to provide opt-out notices to customers and prospects in every online solicitation;
  • to honor customer opt-out requests not to have contact information transferred to third parties for marketing purposes;
  • to accept and maintain consumer requests to be on an in-house suppression file; and,
  • to use the DMA Preference Service suppression files.

In addition, your privacy policy should abide by the rule of “three easies”: easy to find, easy to understand, and easy to use. For instance, in your catalogs and other mail pieces, include a notice of your information exchange policy and an opportunity for customers to say no to it. Providing a “frequently asked questions” document in plain English can strengthen your relationship with customers and establish your company as a valued source of information. Also, offer a way for customers to ask questions, to update their preferences and information on file, and to provide feedback about your privacy policy and how information is being used.

Finally, be secure. Recent security breaches show that no one is safe from data theft, whether it happens online, off-line, or through simple physical theft and loss. Now is the time to examine and reexamine your systems and procedures related to collecting and storing customer data, and to educate your customers about the measures you take to protect them.

Not only is this ethically the way to proceed, it’s also good business. Fostering corporate practices and policies that reflect customers’ concerns and needs will, ultimately, serve direct marketing’s bottom line. It is, simply, a win-win for everyone.

Regardless of what we do as an industry now, we will see some regulatory changes in the future. As I write, legislators at the state and federal levels are aggressively pursuing a wide range of bills that require increased data protection and full disclosure of security breaches. Not far behind will be a greater focus on consumer choice when it comes to the collection, warehousing, and sharing of consumer information.

There are millions of customers who enjoy the convenience and choice that direct marketing provides, and thousands of great and small brands that we are proud to consider part of our community.

And in this multichannel world, our overarching goal is to increase excellence among current and new direct marketers. That all begins with consumer trust.


Jerry Cerasale is senior vice president for government affairs for the Direct Marketing Association in Washington.