Compliance Is Everybody’s Business

Live From List Vision 2005: List Industry Regulation
By Jim Emerson - Direct Newsline Aug 2005

Self-regulation through good business practices and compliance with existing list regulations are the best mitigation defense the list industry against more drastic direct marketing data restrictions, according to speakers at the List Vision 2005 conference in New York.

Federal legislation appears imminent that would authorize the Federal Trade Commission to write list industry regulations, a process likely to take another year to complete after approval of such a bill. Several variations of bills to regulate data brokerage are being discussed in Congress, although none have been formerly proposed, yet.

"We'll see a bill by the end of this year. There's no doubt about it. Several data broker laws are in the hopper," said Harriet Heyman, vice president and senior strategic consultant at Harte-Hanks Direct Marketing. Heyman who is also the chairwoman of the Direct Marketing Association's ethnics committee led a session on privacy issues at List Vision. The session was titled "Suicide Prevention: Let's Not Kill the List Industry."

Whatever bill emerges will likely require companies to maintain data securely and notify consumers of any breaches in security, according to Heyman. Privacy laws in California are spurring federal and other state legislation related data privacy, she said, adding that it was California's law that led to the ChoicePoint disclosure of breaches in security that brought the issue to national attention.

On the federal level there appears not to be support for establishing an e-mail opt-out list registry like the one imposed on telemarketers now required to use the FTC's do-not-call list. However, New York, Massachusetts, Hawaii and Missouri do have state bills pending that if approved by lawmakers would establish do not e-mail regulations.

Utah already has an e-mail law that requires e-mail addresses be purged from lists if marketer is offering products that are illegal for a minor to purchase, such as tobacco, alcohol or gambling-related e-mail advertising. Heyman said under Utah's law, e-mail lists must be purged when a minor has access to an e-mail account, regardless of whether it's the minor's or someone else's e-mail account.

Just how much more regulation is imposed on the list industry may depend largely whether those in the list business can do a better job at self-regulation and alleviate the consumers' privacy concerns.

"If we keep our heads in the sand, we'll just keep getting more and more of these laws," Heyman said.

Just as access to driver's license data was eliminated a few years ago, commented Chicca D'Agostino, president of Focus USA, direct marketers could lose access to mortgage data and use of data indicating the presence of children, in part because written copy and telemarketing scripts are often too blatant in announcing information that's known about consumers. That in turn fuels consumers' privacy fears.

Mortgage refinancing offers that identify current lenders and other mortgage data such as payment amount and telemarketing scripts that include verification requests related to the presence of children are simply too over-the-top for many consumers. D'Agostino suggested it would be better business practice for marketers to be more subtle and creative--and not throw in the consumer's face what they know about them. A better practice might be to casually ask if someone has young child, rather than simply state it as fact as part of the marketing message.

Further regulation of data distribution would potentially place list owners, brokers and managers in increasing legal jeopardy, unless formal written processes and procedures are established to comply with list-related regulations. Ideally, this should include making the use of list rental agreements an industry-wide practice through self-regulation, instead of allowing contracts to be optional depending on the companies and clients involved.

Companies dealing with list data, if they haven't already, need to enact formal policies and train employees to show an intent to comply with current and future list regulations in event the FTC or another legal entity questions whether data was used improperly, Stacey Girt, vice president of MKTG

"My attorney said we need to have a defensible position in court that we have guidelines and procedures that follow the law," Girt said.

In deciding whether to release data or not, companies should not overlook "gut feelings" and intuition if there is reason to believe data may be used improperly or in way that strays from the DMA's self-regulatory guidelines, she said.