Tech Group Announces Privacy Principles

January 31, 2001 – A group of technical advertising firms, including Double-Click, today issued privacy principles designed to self-regulate "personalization." Personalization is the ability to "recognize" customers online and target advertising based on past purchases, surfing behavior or stated preferences.

The principles are to be "best practices" that businesses can follow to ensure consumer confidence in their privacy policies. An auditing framework will establish an industry-wide standard for testing businesses’ actual privacy practices against these principles.

"Our intent with these principles and the auditing guidelines is two-fold: first, to provide an instructional template to help companies devise and communicate their own privacy policies, and second, to enable them to follow a set of verifiable auditing guidelines when commissioning a third-party audit." said Don Peppers of Peppers and Rogers Group, Co-Chair of the Personalization Consortium, the group issuing the principles.

Privacy Principles
These privacy principles pertain to data about individuals and households that is collected, held, used or shared for the purpose of marketing. The Consortium may modify these principles over time, as needed, to keep them at the forefront of the personalization industry.

1. Notice. We will provide you with clear and conspicuous notice of our information practices, including what information we collect about you, how we collect it, hold it, if and how we share it, and how we use it. This notice may include, among other things:
   • the transparency of data collection
   • our methods for collecting individual and household information both directly from you and from third parties
   • what individual or household information we retain and how long we keep it
   • whether or not we combine information about you from multiple sources
   • whether or not we disclose information about you to other parties
2. Relevance. We will collect only the amount of individual and household information necessary to perform a specified set of tasks, consistent with notice.
3. Security. All information we have about you will be safeguarded with appropriate security methods and technologies. We will maintain internal measures designed to limit access to your personally identifiable information to only those employees or contractors who require access in order to do their jobs. All of our employees will be trained regarding our privacy policies as well as the sensitivity of your personal information.
4. Choice. When we collect, hold, use or share individual or household information, we will seek your consent through notice and an opportunity to opt-out, explicit permission obtained in advance, or some other reasonable means.
5. Sensitive Information. We recognize the sensitive nature of certain individual and household information. We will not share this sensitive information without your express and informed consent, and will measure its compliance with existing legislation and regulation.
6. Access & Accuracy. When we collect, use, hold, share individual and household information about you, we will offer you reasonable access to that information subject to legal, technological or security constraints. We will make reasonable efforts to provide you with the opportunity to correct or delete individual and household information about you and that we will make a good faith effort to ensure our information about you is, and remains, accurate.

Key Elements of Audit Framework
The Personalization Consortium Board of Directors has agreed to require that all Consortium member organizations submit to this privacy auditing process. In the course of conducting the audit, a third-party practitioner will use the Consortium’s audit criteria as the basis for assessing whether the member company is complying with the privacy principles. In addition, the Consortium will announce a process for enforcement and recognition later this spring.

1. Upon applying for membership, organizations agree to comply with the Consortium’s privacy principles.
2. As part of the application process, organizations agree to undergo an audit that measures their compliance with the privacy principles. Organizations that have applied for membership are required to pass an audit and submit a report to the Consortium within 12 months of applying to become a member. A Safe Harbor window will be granted to current members.
3. To maintain membership in the Consortium, member organizations must turn in a passing audit report to the Consortium each year.
4. The Consortium will create a standard audit report for verification. The Consortium will define "substantial compliance," which shall be required for an audit report to be considered "passing."
5. Initially, qualified auditors must be CPAs or CAs.
6. Comprehensive audit guidelines with redress and recognition procedures will be announced in the spring of 2001.
7. The cost of the audit will be set by the auditors. Based on conversations with auditing firms, the cost is anticipated to be dependent on the amount of individual or household information actually collected by the member organization. An organization that collects very little information will incur a correspondingly lower cost.

About the Personalization Consortium
Founded in April 2000, the Personalization Consortium is an advocacy group of companies formed to promote the responsible and beneficial use of technology for personalizing consumer and business relationships.

Personalization is the use of technology to tailor content to the needs of individual consumers. Personalization allows businesses to market to customers on a one-to-one basis. The benefit to customers is better, more relevant and effective products and or services; the benefit to providers is increased loyalty and a greater share of each customer’s business.

Go to TOP