Update: Privacy Promise Goes Into EffectThe Direct Marketing Association has evolved from educator to enforcer.
After nearly two years of prodding its members toward compliance with the guidelines of its Privacy Promise, the organization formally announced the program to the public last week and said it had commenced action against the 17 companies that have refused to endorse the rules of consumer data protection. The DMA has not released the names of those companies.
"This has not been taken lightly by our members at all," said Pat Faley, vice president of ethics and consumer affairs at the DMA. "They have taken it very seriously and have really restructured their thinking and their processes to comply with this."
The announcement was endorsed by privacy advocates and government regulators alike.
"We're glad to see that self-regulatory efforts are moving forward," said Ari Schwartz, privacy analyst at the Center for Democracy & Technology, Washington, a civil liberties advocacy group. "What we've been saying throughout this debate is that self-regulatory efforts are necessary to institute privacy globally."
The DMA also issued a press release containing endorsements from U.S. Secretary of Commerce William M. Daley and Federal Trade Commission chairman Robert Pitofsky.
To ensure that its members adhere to the new rules, the DMA appointed William Shepherd as compliance coordinator. Shepherd will oversee the organization's efforts to monitor member activities by conducting mystery shopper programs and other means. Members who refuse to comply will be expelled from the association and publicly identified. The DMA also has started a consumer complaint line to handle privacy violations.
The 17 members who have opposed the rules were sent letters this week notifying them that they are in violation of the association's rules. They have the right to appeal to the DMA board, which will meet at the fall conference in October.
"That's when we expect to see the first people expelled," Faley said. "I think some people think it's inappropriate for trade associations to do this sort of thing, but we think it's absolutely critical in this environment that we make a strong statement on the privacy issue."
The Privacy Promise rules, which went into effect July 1, require that all DMA members who market to consumers must:
* Notify customers if their names will be made available to other companies.
* Provide those customers the opportunity to opt out of having their names shared with other companies.
* Have a means of suppressing names internally when customers ask to be removed from marketing lists.
* Use the DMA's Mail Preference Service and Telephone Preference Service to delete from their marketing lists those consumers who have asked not to be contacted by direct marketers.