Live From Toronto: DMA Board OKs Guidelines
The Direct Marketing Association’s executive board focused almost exclusively on privacy during its meeting here yesterday, coming to two important decisions.
In one, it approved guidelines for the collection and transfer of health-related data. In the other, it elected to expel a member that has failed to comply with the association’s Privacy Promise. The measures were taken as producers from “60 Minutes” planned to visit the DMA’s 82nd annual Fall Conference and Exhibition, reportedly to lay groundwork for a program on e-commerce and privacy. The board meeting took place prior to the conference.
The new rules on health-related data state that information cannot be transferred to a third party without the individual’s prior consent, a clear departure from the DMA’s usual preference for opt-out. However, in an interview, DMA president H. Robert Wientzen said that patient-doctor information deserves “a higher degree of protection. It cannot be transferred without the express permission of the consumer.”
But notification and opt-out are sufficient when a healthcare provider is using its own customer data for marketing purposes, or using data gathered or inferred outside the customer relationship, according to the new guidelines.
The DMA hopes to head off stringent regulation, although it is likely Congress has said it will take up the issue if industry can’t find a solution. “We’re trying to be ahead of the curve,” Wientzen said. But the guidelines do “not end the discussion,” he continued.
“Congress still has to deal with it. Second, the president expects to promulgate additional information about medical privacy rights.” Wientzen added, “These guidelines were rewritten more times than anything we’ve done since I’ve been the head of the DMA. It was more complicated than we imagined.”
The DMA board has voted to expel at least one member company that has failed to comply with the Privacy Promise program. The DMA will make its decision public in mid-November, after “additional due process procedures have been completed,” according to a DMA statement.
Wientzen would not elaborate on the action, nor say how many companies will be affected. But sources said it is a single small firm that refuses to certify Privacy Promise compliance.
Only 50 or so DMA members have not yet complied, Wientzen noted. “The real story is what a success it is,” he said. “Of the total membership, we’re netting way below 1% without any difficulty.”
