Privacy Compliance in a Changing World: Ensure Your Organization is Compliance-Aware, Part 1

While in-depth knowledge of your customers or prospects may be a great advantage to your marketing and customer service departments, it also poses significant liability in a world increasingly focused on individuals’ rights to privacy.

This liability ranges from damage to your brand or reputation in the eyes of your customers or shareholders, to fines, penalties and even class-action lawsuits.

The fundamentals of customer relationship management and target marketing aren’t new, but the legislation and regulation surrounding them are constantly changing. There seems to be a never-ending flow of new or updated guidelines and mandates to take into account when planning your marketing. To remain compliant now requires advanced data security measures and a detailed understanding of your customer data sources — and how you use or share this data. In addition, becoming and remaining compliant demand an active and deliberate effort on the part of nearly every person in your organization.

The following are five measures to take to become and remain compliance-aware:

1. Review the Federal Trade Commission‘s (FTC) new Online Behavioral Advertising Principles. Four leading media and marketing trade associations — the Direct Marketing Association, the American Association of Advertising Agencies, the Association of National Advertisers and the Interactive Advertising Bureau — recently issued principles on fair and transparent practices related to the collection and use of online behavioral data. While the principles are voluntary, the FTC has indicated its strong support of this self-regulatory movement in the industry. As an e-marketer, you’d be wise to take these principles into serious consideration; violating them could be damaging to your company.

2. Know your regulations. In addition to the self-regulatory efforts noted above, your general counsel should certainly identify the privacy regulations and legislation that apply to your business. It’s impossible to be compliant if you don’t know the applicable legislation. For businesses operating on the internet, compliance is required for where your business — and customers — is located. Since the internet has no boundaries, this can take significant time and effort.

3. Keep ahead of the compliance bar. Once you know the privacy standards pertinent to your business, the next thing you can be sure of is that they’ll change. And the changes almost always raise the compliance bar. Someone in your organization, or a knowledgeable partner, must keep up with the trends in this area and periodically brief your team on what’s coming.

4. Discuss privacy. Maintaining consumer privacy requires open and active communication at all levels and areas of your organization. Compliance isn’t an easy topic to address in a tough economy due to business pressures, but it must be considered regardless.

5. Review your privacy policy. The privacy policy on your website may not be frequently read by your customers, but the FTC considers it a contract between you and them. Your policy must be easily understood and explicit about the data your company collects, stores and how it’s used. Being intentionally vague or ambiguous can lead to serious trouble.

In addition, if your privacy policy has changed over time, some customer data may need to be treated differently based on the policy you had in place when the information was collected. You can imagine the burden that such policy changes might place on your IT department, so careful planning and data management are important here.

As a marketer, you engage with your customers on a variety of levels. To earn and retain their trust, handle their personally identifiable information with the utmost responsibility and respect. Making privacy policies a top priority in your organization is the first step. The potential downside of a lax focus in this area can be significant.

This is the first installment of a two-part series on the evolving area of privacy compliance. The second part, which will be published in the Oct. 29 edition of eM+C Weekly, will examine how to ensure your company is prepared in the event of a privacy data breach.

Kendall C. Walsh is the director, strategic product development, of the Compliance & Critical Communications Unit at Direct Group, a Pennington, N.J.-based integrated direct marketing services provider. Reach Kendall at

Target Marketing covers all direct response media, including direct mail, e-mail, telemarketing, space advertising, the Web and direct response TV, and gives readers insight into such subjects as using databases and lists effectively, acquiring new customers, upselling and cross-selling existing customers, fulfillment strategies and more. The publication was acquired by Adweek in September 2020.
Publish date: October 22, 2009 © 2020 Adweek, LLC. - All Rights Reserved and NOT FOR REPRINT