Privacy

How companies use information we might consider personal is a concern for all of us. Here you will find information to help you as a direct marketer protect the privacy of your customers and meet the ethical and regulatory obligations regarding privacy.

DMA Issue Brief: Privacy: Current Legislation and DMA Action

DMA Seeks Balance in Legislation to Protect Use of Social Security Numbers for Legitimate Business Purposes
Washington, DC, July 18, 2007 — As Congress continues to seek ways to protect Americans from fraud and identity theft, the Direct Marketing Association (DMA) is asking legislators to adopt a balanced proposal that prohibits the open purchase, sale, and display of Social Security numbers (SSNs), but protects the use of this critical information for legitimate business purposes.

Business Groups Oppose Spyware Legislation
June 5, 2007 - DMA joins 30 other associations and companies in opposing the Securely Protect Yourself Against Cyber Trespass Act (H.R. 964)

DMA Praises House for Passing Spyware Legislation
May 24, 2007 - I-SPY Act is an important step in protecting Americans from fraud and identity theft.

DMA Guidance: Screening Offers Before List Rental
The DMA on October 28, 2004, released guidance for list professionals and marketers regarding the FTC's settlement actions in August 2004 pertaining to marketing lists. The DMA urges all marketers and list professionals to review this guidance, which was based on a DMA staff meeting with the FTC in October 2004.

FTC CAN-SPAM Act "Primary Purpose" Final Rule

Addressing California S.B. 27 Obligations

Privacy Promise Compliance Guide
The DMA's Privacy Promise to American Consumers took effect for all DMA member companies that market to consumers on July 1, 1999. The Privacy Promise seeks to "raise the bar" for privacy practices by ensuring that DMA members adhere to certain privacy practices, and by challenging all non-DMA industry members to meet this high standard as well. You can learn more about the Privacy Promise by reviewing the Privacy Promise Compliance Guide.

The Privacy Provisions of the Health Insurance Portability and Accountability Act (HIPAA) FAQs
Frequently asked questions by those who collect health-related data for marketing purposes.

Create Privacy Policies Online
Consumer notification of information policies is a basic element of a direct and interactive marketer's information practices. We have created three online privacy policy generators: The standard, the childeren's, and the Gramm-Leach-Bliley Act generator.

Preference Subscription Services
MPS, TPS and E-mps are effective means of purging your mailing, telephone and e-mail lists of consumers who want to receive less advertising at home. DMA members are required to use these services.

Information Security, Safeguarding Personal Data in Your Care.
A Checklist of Information Security Procedures Based on Guidelines of the DMA. (1.6MB .pdf file)

The Electronic Communications Privacy Act, A Guide for Internet Service Providers (member only)
This guidebook suggests appropriate scenarios under which to release customer information to law enforcement agencies during a criminal investigation.

The DMA Safe Harbor Program
The Safe Harbor framework was negotiated by the European Commission and the U.S. Department of Commerce to enable American companies to continue to be able to bring personal information from Europe to the U.S. As part of the Safe Harbor framework companies must subscribe to an outside, third-party dispute resolution mechanism that will address any unresolved European data privacy complaints. The DMA Safe Harbor Program fulfills this requirement by providing interested companies with an independent third-party dispute resolution mechanism.

The US Direct Marketer's Guide to Compliance With The Safe Harbor Program For European Data (members only)
The European Union Data Protection Directive, which became effective in Europe on October 25, 1998, places numerous controls on the collection, use, and transfer of personal information. Significantly for non-European businesses, it forbids transfer of personal information from an EU Member State to a non-EU country (Third Country) unless that country provides an "adequate" level of privacy protection, or the transfer involves one of several limited exceptions ("derogations"), or arrangements for such protection can be made.

Data Protection and Privacy Practice Marketing (members only)
Chris Pounder, a recognized expert on the UK Data Protection Act, was inspired by his attendance at the DMA's International Council Conference in May 2000 to write a guidance paper for direct marketers that specifically addresses their issues and concerns about the UK's data protection law. This is a very detailed resource that will prove invaluable for anyone doing direct marketing in the UK.

European Data Protection Law & the Internet (members only)
A briefing on the Opinions and Recommendations of the Working Party established under Art. 29 of the EC Directive on data protection [Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data], relevant to the collecting, storing, dissemination and use of personal data on the Internet.

First Thoughts on the Commission's Draft Contract Clauses for the Transfer of Personal Data (members only)
Some initial thoughts on the European Commission's Draft Contract Clauses for the Transfer of Personal Data as approved by the Article 31 Committee on March 27. The focus is on major substantive points which need clarification in the proposed FAQs or in the Explanatory Memorandum.

Poland Data Protection Law (members only)
The Polish DMA has generously contributed this unofficial translation of Poland's Data Protection Law of 1997. We can not guarantee its accuracy. If you are relying on this document for decision-making, we urge you to seek legal advice from a qualified lawyer in Poland who will be familiar both with the law and the regulatory environment. If you are doing business in Poland, you would profit from contacting the Polish DMA, whose details you can find at http://www.the-dma.org/subsidiaries/dmintl.shtml#poland

Argentine Privacy Law (members only)
This law affects companies that engage in direct marketing, relationship marketing or promotional marketing off-line and/or on-line.

Consent-How And For What? (members only)
The new Habeas Data Law adopted in Argentina bears some strong resemblance to the European Data Protection Directive, but it has many elements that show development of thinking on some of the rights and responsibilities of individuals and companies holding data. Some of these revolve around the concept of when consent is needed from an individual to process their data, especially for its use in direct marketing. Interestingly, the Argentine law is surprisingly friendly to the direct marketing industry, and this industry may not be touched by the law's strict prohibition on export of data except under stringent circumstances. Written by Charles Prescott, the DMA's Vice President of International Business Development and Government Affairs, it shows the DMA's expanding knowledge of data protection laws around the world, and the DMA's ability to work with other DMA's abroad in protecting and developing the industry. Special thanks to the Argentine DMA, AMDIA, and its President Mary Teahan, who provided valuable information and input.

State Telemarketing Law Summary (members only)
A general list of the telemarketing laws, by subject, in the 50 States. This is a one page summary of the detailed book The DMA used to publish up until 1993 called The Telemarketer's Guide to State Laws.

Understandingprivacy.org
This Web site, sponsored by the Privacy Leadership Initiative, will provide you with additional information about privacy. The PLI has developed several tools and resources to help you in meeting your organizations privacy goals.

Other Privacy Resources (members only)
A bibliography of useful online resources concerning privacy and data protection.