Chapter 6: Corporate Experiences in Privacy Self-regulation

America Online, Inc.'s Perspective On Protecting Personal Privacy In the Interactive World

Jill Lesser
Deputy Director, Law and Public Policy
America Online, Inc.

David W. Phillips
Associate General Counsel
America Online, Inc.

INTRODUCTION

America Online, Inc. (AOL) welcomes the opportunity to submit this paper to the National Telecommunications & Information Administration of the Department of Commerce. As the largest Internet online service provider, AOL is keenly aware of both the benefits and risks of the online environment. Internet and online services offer consumers and businesses mutually beneficial opportunities for commerce, while enabling truly seamless communications. Consumers in the online environment can control the information they receive and avoid material in which they have no interest by seeking out information about products and services they want or need. At the same time, however, the online environment presents unique consumer privacy issues, as personal information about consumers is easily collected and transferred online. AOL believes that it is critical for companies operating in the online world to address consumer privacy concerns as a pre-requisite for developing online commerce.

In particular, AOL has a unique relationship with its subscribers that enables the company to modify its services to make each member's online experience as personally relevant, enjoyable, and affordable as possible. In doing so, AOL has spent considerable time balancing consumer privacy and the careful, appropriate use of consumer information continually to improve each member's online experience.

This paper outlines: The Privacy Policy that AOL has currently put in place as a company; the company's efforts to address issues related to consumer privacy in the online industry generally; and AOL's efforts to educate consumers about user privacy.

AOL'S CURRENT PRIVACY PROTECTIONS

Background on AOL's Privacy Policy

The road to the information superhighway is littered with the carcasses of companies that attempted to furnish online services to the American consumer. To name just one illustration, Times Mirror and others collectively spent hundreds of millions of dollars in the 1980s and early 1990s in failed attempts to bring the information age to America's living room. Even success is elusive: Only two years ago America Online and two other pioneers were principal competitors in the consumer online market; now AOL stands alone in its market. Experience shows that the only way to succeed is to understand the needs and interests of online customers. To accomplish this, online service providers need to collect and study data about customers' online experience. Yet, the customers' online experience can reveal personal information that they do not wish to have indiscriminately collected, used, or distributed to others.

By way of illustration, AOL for years has been the leading provider of chat and other new forms of interactive communication like instant messages. Because of the sensitive nature of these communications, members have long demanded that AOL respect the privacy and confidentiality of their communications and usage records. AOL has responded to its customers' demands by ensuring the privacy of these communications and records.

AOL's sensitivity to the public's concern about the company's collecting information about online usage and using it for internal purposes was heightened well before several publicized incidents. In October of 1994, for example, there were erroneous reports that AOL was selling information about subscribers' online usage patterns. In fact, AOL was only following the traditional practice of publishers and cable TV companies of renting subscriber lists (i.e., names and addresses of members) and had not disclosed any information about members' online usage. Regardless of their accuracy, such reports led to an informal inquiry from Congressman Edward Markey (D-MA.) about the protection of personal privacy in the online world. AOL clarified its practices and the industry, through its trade association, the Interactive Services Association (ISA), responded to the confusion about industry practices by promptly issuing its "Guidelines on Online Solicitation." These guidelines were the precursor of more comprehensive industry guidelines on data practices, electronic solicitation, and children's marketing. See "The Interactive Services Association and the Direct Marketing Association" under the Industry Initiatives section below.

During the summer of 1995, the FBI publicized its "innocent images" investigation into the online distribution of child pornography. In connection with this investigation, AOL cooperated with law enforcement agencies in providing limited records that were specifically identified in validly-issued, probable-cause search warrants. Nevertheless, rumors spread about the lack of privacy on AOL and in cyberspace.

Growing privacy concerns of AOL members and the general public and a changing business model that would increasingly rely on online commerce and advertising provided the impetus for AOL to develop a more detailed and comprehensive set of privacy and data use principles as described below. AOL issued its new and more comprehensive set of policies protecting the personal privacy of its members ("Privacy Policy") in April of 1996. Previously, AOL's subscriber agreement (i.e., Terms of Service) contained a number of privacy related provisions, including provisions protecting the confidentiality of private electronic communications, or email, and governing the disclosure of information relating to AOL's subscriber identities. AOL's current Privacy Policy not only clarifies and consolidates these various provisions into a comprehensive body of privacy rules, but also expands its privacy protections to cover "navigational" and "transactional" information (i.e., what members do and buy on the AOL Service). It also presents a clear, segregated explanation of the Privacy Policy for easy reference by members whenever they use the service.

The Privacy Policy is divided by types of data practices, including the collection, storage, use (internal), and disclosure of "individual information." "Individual Information" is defined as any information, data or records that relate to an AOL member's use of AOL and identify an individual member or a member's account. AOL's Privacy Policy does not cover the use or disclosure of aggregate information, as the company does not believe that aggregate information implicates personal privacy. AOL's Privacy Policy also distinguishes different types of Individual Information, separating this information into three principal categories: (1) "Member Identity and Billing Information," such as a member's name, street address, telephone number, and billing information, as well as any screen names associated with a member's account; (2) "Navigational and Transactional Information," such as information about where a member goes on the service or what a member buys through AOL; and (3) "Private Communications Content," meaning the contents of email, private chat room or instant message communications.

AOL believes that these distinctions help the company address its members' privacy interests by treating different kinds of information separately. The distinctions are based, in part, on the types of information articulated by the framework of the Electronic Communications Privacy Act (ECPA) governing electronic communications and records. Because AOL believes that disclosure of Individual Information to third parties is of greatest concern to its members, the most important aspect of AOL's Privacy Policy is AOL's pledge that it will not disclose any Individual Information to third parties except in very limited circumstances (e.g., where required by legal process) as specifically detailed in the Privacy Policy. The Privacy Policy also reflects the premise, consistent with ECPA, that a user's privacy interest is most acute in the confidentiality of Private Communications Content and less so, though still critical, in the confidentiality of Member Identity Information. Navigational and Transactional Information occupies a middle tier in this hierarchy of privacy concerns.

In developing the Privacy Policy, in-house counsel spent months meeting with various representatives of numerous company departments, as well as with outside counsel. After holding discussions, AOL's senior officers approved the Privacy Policy prior to its implementation.

Collection and Storage of Individual Information¹

Member Identity and Billing Information. AOL maintains the following types of Member Identity and Billing Information: a member's name, street address, telephone numbers, length of membership, and payment information. The company also keeps information on members' communications with its Customer Service or Community Action Team departments, and general account history, such as accumulated usage credits, or written complaints relating to a member's account.

Navigational and Transactional Information. From time to time, AOL collects and stores on a sample basis certain Navigational and Transactional Information, such as data on the choices members make among the range of available services or merchandise and the times and ways members use AOL. This information is collected only for the purposes articulated in this Privacy Policy and discussed at Section C. below.

Private Communications Content. Despite rumors to the contrary, the AOL email system retains the contents of private email communications only for a limited time period. Furthermore, the AOL computer system does not record or retain any communications that members have in chat rooms or through instant messages. Instant messages on AOL work like email but take place in real-time between members who are simultaneously connected to the service. In the case of email, such communications are permanently deleted from the system after they have been read by the intended recipient(s) after about five days. In cases where email has been sent but remains unread, such communications are permanently deleted from the AOL system after about thirty days.

In addition to retaining only those records that AOL believes are necessary to provide the best possible services to its subscribers, AOL safeguards its members' Individual Information from unauthorized access. Under these safeguards, only authorized employees or agents² who need to carry out legitimate business functions are permitted access to members' Individual Information. These strict confidentiality policies are reinforced in AOL's Employee Manual, which is given to every AOL employee, and in its contracts with any authorized vendors. Employees or vendors who violate AOL's privacy policies and confidentiality provisions are subject to severe disciplinary actions, including termination.

Internal Use of Individual Information

Member Identity and Billing. AOL uses Member Identity and Billing Information to administer its business generally, such as to ensure that members are properly billed. AOL also uses identity information on a selective basis to offer its members marketing information on goods and services that may be of interest. Such offerings are made most often through the use of customized pop-up screens. In part because of privacy considerations, in October of this year, AOL granted its members the option of opting out of all marketing pop-ups through an easy online process. AOL does not disclose any Member Identity Information except as specifically detailed in Section D.1. below.

Navigational and Transactional Information. AOL currently uses Navigational and Transactional Information on a sample basis for programming and editorial research. For example, AOL uses such information to better understand how members react to various content, service and merchandise offerings, and interfaces provided on the service. The company also aggregates such data to study how its members use the AOL services. Much of the content on AOL's service is provided by third-party partners. In order to enable these partners to improve their content offerings and develop advertising revenue, AOL provides them with aggregate information on usage patterns. Because the online environment in general is moving quickly towards information customization, AOL intends to use both Individual Information and aggregate data to customize the service to an increasing degree. While such customization is currently occurring on a limited basis, in the future AOL will increasingly seek to personalize interfaces and content offerings for its members' varying interests. AOL believes that one of its greatest comparative strengths is its ability to rationalize the overabundance of information and choices available on the burgeoning information highway.

Private Communications Content. AOL believes that private communications between the company's members deserve the greatest privacy protection. Therefore, the company treats private communications on or through AOL's service as strictly confidential and does not access, use or disclose the contents of private communications. The only exception to this basic rule is outlined in Section D.3. below.

Disclosure of Individual Information

While privacy concerns have been expressed with respect to use and collection of Individual Information, clearly the greatest concern consumers have with respect to privacy online is related to the transfer of Individual Information beyond the person or entity with whom a transaction was entered into. This basic notion of confidentiality of Individual Information forms the basis for AOL's policies regarding disclosure of personal information. The company's policy is to not disclose Individual Information to third parties without a member's prior consent or unless specifically provided in the Privacy Policy. These exceptions to the general rule of non-disclosure are as follows:

Member Identity and Billing Information. Just like traditional publishers in the print environment, AOL licenses certain limited Member Identity Information to select companies that offer products and services that may be of interest to AOL members. Before licensing any such information, AOL carefully screens all licensees to ensure that they intend to use such information for appropriate purposes. AOL never licenses certain Member Identity Information such as member screen names, telephone numbers, payment information (e.g., credit card or checking account), or other Navigational or Transactional Information. In addition, because AOL recognizes that all consumers may not be comfortable with such disclosures, the company has granted its members the option of opting out of its mailing list rentals.³

The company believes that screen name confidentiality is an important feature of the AOL service. However, AOL also realizes that individuals must ultimately be accountable for their online conduct and, therefore, does not grant members absolute anonymity. AOL does not disclose to third parties Member Identity Information that links a Member's screen name(s) with a Member's actual name, unless required to do so by law or legal process served on AOL Inc. (e.g., subpoena). AOL deviates from this policy only in exceptional circumstances (such as a bomb or suicide threat, or instances of suspected illegal activity) on a case-by-case basis.

Like other online and Internet providers, AOL's release of Member Identity Information is subject to applicable laws (e.g., ECPA). When responding to legal process served on AOL by non-government entities, unless otherwise ordered, AOL's current policy is to make reasonable efforts to notify the affected member prior to releasing the information to provide that member an opportunity to pursue any available legal recourse. AOL believes that this process is the best way of balancing its members' interests in the confidentiality of their screen names with the interest of potentially aggrieved parties. In addition, it would be impossible for AOL to assert adequately its members' confidentiality interests without having knowledge of the specific basis for a member's assertion of confidentiality (e.g., legal privilege).

Navigational and Transactional Information. AOL will not disclose to third parties Navigational or Transactional Information except to comply with applicable law or valid legal process (e.g., search warrant or court order).

Private Communications Content. AOL does not access or disclose the contents of private communications (e.g., email, instant messages, member-created private rooms), unless it in good faith believes that such action is necessary (a) to comply with applicable law or valid legal process (e.g., search warrant or court order), (b) to protect the rights or property of AOL Inc., or (c) in emergencies when AOL Inc. believes that physical safety is at risk.⁴ These exceptions are minor modifications of the default provisions of the Electronic Communications Privacy Act, 18 U.S.C. §§ 2701 et seq., and provide AOL with the flexibility it needs to deal with emergency situations.

Additional Issues within AOL's Privacy Policy

Notice.

In establishing its Privacy Policy, AOL needed to determine how best to notify subscribers of its existence. AOL chose to segregate the Privacy Policy in an area dealing generally with all of the rules for participation in its service, believing that it is the best way to ensure that such notice will be useful to consumers. In addition, AOL's registration process for new members prominently highlights its Privacy Policy and encourages users to take the time to read and understand it.

Third-Party Agreements. Because third-party content providers and vendors interact directly witih AOL members, the company has implemented policies to ensure that such third parties comply with AOL's privacy policies to the extent they are relevant. Therefore, the company's current agreements with its content providers and merchants place restrictions on their ability to collect and use individual information about AOL members. For instance, AOL's agreements with its Independent Content Providers (ICPs) require that AOL members are given conspicuous notice about the ICPs' information practices. AOL is in the process of finalizing a more comprehensive set of privacy guidelines for its various partners which will clarify these data protection principles for changing circumstances.

Mail Control Tools. AOL has also become the industry leader in combating the problem of bulk email solicitations, sometimes referred to as "spam" or "junk email." Bulk email has become the number-one complaint voiced by AOL members, generating, at times, thousands of complaints each week. Members have been angered by the fact that bulk emailers are able to shift the cost of sending the emails to them as they pay for online time. In response to its members' complaints and the increasingly damaging load placed on its email servers by bulk emailers, AOL introduced two user empowerment mail tools: Mail Control and PreferredMail.⁵ The Mail Control tools enable members to choose from whom they wish or do not wish to receive email. This tool helps members protect themselves from bulk emailers as well as allowing members to expand their privacy preferences to block email from any address.

Because Mail Control requires that the user affirmatively input the specific addresses from which they wish to block or receive email and could be easily circumvented by bulk emailers who constantly alter and forge their domain addresses, AOL introduced the PreferredMail tool. PreferredMail automatically shields AOL members from email sent from certain sites which have been responsible for sending mass email solicitations to AOL members, thereby generating numerous complaints. The list of such sites is updated regularly. Members who wish to receive mail from these sites, can easily do so by deselecting the tool with one click. The Mail Control and PreferredMail tools have significantly reduced, but not eliminated, the bulk email problem.

INDUSTRY INITIATIVES

The Interactive Services Association and the Direct Marketing Association

As part of AOL's effort to ensure that electronic commerce can develop and coexist with an environment that protects consumer privacy, AOL has undertaken to lead the way in the development of industry guidelines regarding the collection, use and disclosure of personal information online. We have engaged in this endeavor through two trade associations of which AOL is a member--the Interactive Services Association (ISA) and the Direct Marketing Association (DMA).

The Interactive Services Association is made up of a diverse array of companies that participate in the online world. They range from those providing connections to the Internet to those that provide the Internet's content. As such, the ISA is particularly well-suited to develop self-regulatory privacy guidelines that apply to the Internet. The ISA has been working to establish privacy guidelines for more than one year and has already adopted guidelines relating to the collection, use and disclosure of personal information online, unsolicited email, and marketing to children. These guidelines have been adopted by the ISA board of directors and its members. ISA's principles relating to children's marketing and unsolicited email have been issued jointly by ISA and DMA.

Because the online environment has continued to change so rapidly over the past several months, ISA is continuing to review and revise its guidelines to address privacy issues as they arise. Currently, a subcommittee of the ISA online policy committee is working to further clarify the principles articulated in those guidelines. The version already adopted by the ISA board of directors is attached at Attachment B.

Similarly, the Direct Marketing Association, the principal organization of companies marketing directly to consumers, has been working to adopt privacy guidelines for its members that operate in whole or in part in the online world. The DMA has long addressed issues of privacy in the traditional print world and has been working to translate those guidelines to the extent necessary to fit the online model. Because DMA and ISA bring different memberships and expertise to the issue of online consumer privacy, AOL has worked with the two associations separately and has encouraged their cooperation in this area.

Internet Privacy Working Group

Beyond the development of industry guidelines, AOL believes that the best way to address the concerns of online privacy is through tools that empower users to make their own informed choices about the maintenance of their personal privacy. Therefore, as discussed, AOL has devoted considerable resources to providing our members with the technology necessary to make choices about their personal information and identity online. Beyond the tools that AOL has developed for its own members, the company is committed to helping develop tools that can help all users of the Internet protect their personal information online. Because the Internet is built upon a system of common technical standards that enable people all over the world to access and provide content on the Internet, AOL believes that similar standards should be developed in the area of online privacy.

This model was successfully adopted in the area of content filters to protect children from inappropriate content, in the form of the development of the Platform for Internet Content Selection (PICS) standards by the World Wide Web Consortium at the Massachusetts Institute of Technology. Under such a model, the user chooses content preferences based on rating systems that can be put in place by any number of parties, independent of governmental mandate. The advantages of such a model to manage access to content are numerous, including, perhaps most importantly, the ability of consumers to apply their own personal standards to content decisions, free of government censorship.

These same advantages apply in the area of online privacy. Since each user has his or her own privacy preferences and since each Internet content provider has its own information practices, users should be empowered to exercise preferences individually, thus, for example, visiting those Internet sites where information practices are consistent with their preferences. Under this type of model, users will have the notice they need to make informed decisions and will be able to avoid areas on the Internet which fail to meet their privacy standards.

In order to help ensure the development of common standards for online privacy, AOL is a member of the steering committee of the Internet Privacy Working Group (IPWG). IPWG was formed this Fall to bring together interested parties to work with the World Wide Web Consortium in the development of a PICS-like system for privacy. In addition to AOL, the steering committee includes privacy advocates like The Center for Democracy & Technology and the Electronic Frontier Foundation, consumer advocates like Consumers' Union, commercial entities like Microsoft, and trade associations including ISA, DMA, and the American Association of Advertising Agencies.

The purpose of the steering committee is to develop a vocabulary around which technical standards can be configured. The primary challenge in the development of such a vocabulary is to make it flexible enough to support privacy preferences in a medium that is inherently without borders. In other words, because the privacy expectations that are generally held by citizens of the United States are not necessarily consistent with those held by citizens of European or other countries, it is impossible to develop standards around a limited vocabulary while simultaneously addressing the needs of all online users around the world. In order to establish the most flexible vocabulary, the IPWG steering committee is in the process of developing a set of scenarios that attempt to define the parameters of the vocabulary needed for the technical development process.⁶

EDUCATIONAL EFFORTS--PROJECT OPEN

Consumer education is critical. For instance, user empowerment tools can be effective only if users are adequately informed of their existence and how to use them. Also, many of the problems that arise in the area of privacy, both online and off, result from consumer ignorance about the use of their personal information. Consequently, AOL believes that the preservation of privacy in the online environment depends largely on a public that is informed about the collection and use of personal information online, and about the ways consumers can exercise choices about such activities.

In order to improve consumer awareness and understanding of privacy and other considerations online, AOL has posted clear information about our privacy practices to all AOL subscribers (as discussed above). In addition, the company has taken a leadership role in the development of Project OPEN--the Online Public Education Network--a joint effort of ISA, the National Consumers League, and leading online/Internet service companies, including AOL, AT&T, CompuServe, The Microsoft Network, and NETCOM On-Line Communication Services.

Since its inception in late 1995, Project OPEN has developed and distributed educational materials about issues such as online content controls for the protection of children, intellectual property, and privacy. Currently, Project OPEN is in the process of developing a privacy handbook to be widely distributed to consumers.

CONCLUSION

This paper is intended to help NTIA in its examination of corporate privacy practices and procedures in the online environment. Since 1985, AOL has evolved from a tiny start-up company to the world's leading Internet-online provider. AOL's success in a ruthlessly competitive and changing market has depended on paying close attention to its members needs and delivering a superior interactive experience. AOL members entrust the company with protecting their confidential and personal information and AOL is committed to honoring that trust. At the same time, AOL members increasingly rely on the service to sort through the maze of content and service offerings and provide them with the most compelling and personally relevant online experience at the most affordable price. Balancing the sometimes conflicting interests in privacy, personalization, and affordability is a challenge that AOL will continue to meet. AOL believes that through individual company, industry and consumer cooperation, the interactive services can meet diverse and at times conflicting consumer and business interests, and fulfill the tremendous potential of this developing medium. AOL is committed to leading the industry towards fulfilling this promise.

______________________________

ENDNOTES

1 This section describes the types of Individual Information that AOL collects and stores. For the reasons why AOL collects these types of Individual Information, see the section on "Internal Use of Individual Information" below.

2 AOL's Privacy Policy reserves the right to use agents, who are bound by strict confidentiality guidelines, to perform storage and processing functions on the company's behalf.

3 Members can exercise this option on the service by entering the "Marketing Preferences" area on AOL and clicking on "Tell Us What Your Preferences Are."

4 AOL does reserve the right to treat as public any private chat room whose directory or room name is published or becomes generally known or available.

5 AOL has also initiated litigation against one of the most notorious of bulk emailers who, among other things, has ignored repeated requests from AOL members to be deleted from their mailing lists.

6 For a complete discussion of the Internet Privacy Working Group, see the paper submitted in this proceeding by the Center for Democracy and Technology.

Case Study of American Express' Privacy Principles: Why and How They Were Adopted, the Choices Involved and a Cost-Benefit Analysis

Peggy H. Haney
Vice President, Consumer Affairs
American Express Government Affairs Office

INTRODUCTION

American Express Company (AXP) has prepared this case study at the invitation of the National Telecommunications and Information Administration (NTIA)--as a submission to NTIA's examination of methods to ensure consumer privacy protection in the telecommunications and online environments. This text addresses the issues raised in connection with the development, administration, and maintenance of consumer privacy protection in a complex financial services business. The study will make three major points:

For more than 25 years, American Express has been an active leader in promoting voluntary privacy policies consistent with the attributes our customers associate with the American Express brand--security, integrity, commitment to customers, service excellence, recognition, and global presence.

American Express has adopted and complied with the data protection laws where we conduct business. Implementation of the Consumer Privacy Principles has been adapted globally to embrace the differences in legal and political cultures throughout the world.

The goal of ensuring proper privacy protection for consumers in the highly dynamic environment of information-technology development, especially in relationship to online services and to new financial instruments such as stored-value products, is best served by voluntary adoption of privacy principles and policies by businesses and industry.

AMERICAN EXPRESS TODAY

American Express Company, a global travel, financial, and network services provider founded in 1850, provides customers with a variety of products and services consistent with its brand. The Company provides individuals with charge and credit cards, travelers cheques and other stored-value products. It also offers financial planning, brokerage services, mutual funds, insurance, and other investment products.

Through its family of Corporate Card services, American Express helps companies and institutions manage their travel, entertainment, and purchasing expenses. It provides investment management services and administers pension and other employee benefit plans. The Company also offers accounting and tax preparation to small businesses, and financial education services to employees at their places of work.

As the world's largest travel agency, American Express offers travel and related consulting services to individuals and corporations around the globe. The Company also provides services to corporations, wealthy entrepreneurs, financial institutions, and retail customers outside the United States.

American Express employs more than 70,000 employees on a worldwide basis and, in 1995, generated $15.8 billion in net revenues.

AMERICAN EXPRESS AND PRIVACY: AN OVERVIEW

From the early days as a travel and entertainment card business, AXP recognized that Cardmembers associated "trust" with its brand name.

Since privacy protection is a component of consumer trust, ensuring privacy through internal policies and providing leadership to the industry were--and are--seen as important business efforts. Following are the major privacy initiatives undertaken in response to changes in the Company's structure, business, product mix, and technology, as well as consumer expectations.

1958-1980

AXP launched its travel and entertainment charge card in 1958 and moved into computerization from 1962 to 1968. During this era, AXP adopted formal guidelines covering the release of Cardmember data to third parties and, in 1974, became the first U.S. charge card firm to provide its Cardmembers with an annual form to opt out of marketing offers. Over time, a consistently small percentage of Cardmembers have elected to remove their names from marketing lists. Accommodating this segment of the Cardmember base was, and is, good business: it demonstrates a respect for customer choices; it lowers mailing and telemarketing expenses; and it improves response rates. (A copy of the current opt-out communication is available from the author.)

AXP also supported privacy protection policies in testimony before the U.S. Privacy Protection Study Commission, in 1975. In 1978, AXP issued to employees its own comprehensive Privacy Code of Conduct for handling customer and employee information--believed to be a first in the American financial services industry. It was based on U.S. fair information practices concepts and on the Organization for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. In 1979, AXP was one of the first U.S. multinational companies to endorse the OECD Guidelines.

1981-1988

AXP expanded into a multibusiness financial and information-services enterprise. It pioneered the first Cable Subscriber Privacy Code (issued by Warner-Amex in 1981); asked that its newly acquired companies adopt and apply the 1978 AXP Privacy Code of Conduct; and became a founding member of the Direct Marketing Association's privacy task force.

1989-1995

During the late 1980s, the mass media focused on uncontrolled uses of personal consumer information, including uses of charge and credit card information. Consumer privacy bills proliferated in the state legislatures and there were calls in Congress to protect privacy by strengthening the Fair Credit Reporting Act's rules for both handling consumer credit reporting and uses of credit bureau information.

In 1988, Jon Linen, then president of the Direct Marketing Group of American Express Travel Related Services (and now vice chairman of AXP), spoke about the need to protect consumer information at the Direct Marketing Association's national conference. He warned that American consumers were getting "fed up" with the direct marketing industry's "inattention to individual privacy." He called on companies to adopt strong voluntary privacy rules, in order to restore consumer faith and avoid harsh government intervention.

AXP co-sponsored a national consumer privacy conference in 1990 with the National Consumers League to better understand emerging public and consumer advocacy opinion. To test opinions, AXP conducted surveys--one of the general public in 1988 and another of its Cardmembers in 1989. Respondents identified privacy matters as very important to them and noted that they were looking for new guidelines to govern consumer information uses by businesses.

Developing the 1991 Consumer Privacy Principles. Against this backdrop, AXP formed an internal privacy task force led by its Consumer Affairs Office. The task force included representatives from each of AXP's businesses and engaged the services of an independent privacy expert. After studying the few privacy codes in existence at that time from other companies and the positions of privacy groups and government officials, the task force decided to develop a new framework--privacy principles rather than a code--to serve the needs of this growing global company.

In a massive undertaking, the Company also developed a comprehensive privacy-reporting template in order to conduct a personal - information audit. The results of the audit identified issues that led to the development of eight principles, which protected consumer privacy while allowing for legitimate and fair uses of consumer information.

Approving and Enforcing the Privacy Principles. The Principles were presented to the AXP Planning and Policy Committee, and to the Public Responsibility Committee of the Board of Directors. In January 1991, the Principles were adopted. Over the next year, each business unit developed specific policies to meet the requirements of the new Principles.

The 1991 Principles stated that employees are responsible for knowing and following the Principles. For example, employees are not allowed to review customer account information unless they can provide a business reason to do so. A first infraction results in a warning and probation. An additional infraction can be cause for termination. The Company also developed a plan for employee communication and training as well as a program for compliance review. (The text of the 1991 Consumer Privacy Principles is available from the author.)

Communicating the Privacy Principles. The Principles were printed in a brochure entitled Protecting the Trust: The American Express Consumer Privacy Principles, which began with a strong letter of endorsement from the Company's chairman. The brochure was published in seven languages, for use by all AXP employees worldwide. Briefings for corporate and business unit senior management were held and an extensive Privacy Resource Kit was created and sent to managers and trainers at all AXP units around the world.

Privacy initiatives and participation with consumer opinion leaders at privacy advocacy events supported the announcement of the 1991 Consumer Privacy Principles. The AXP Consumer Affairs office co-sponsored a "summit conference" of business and privacy groups to explore areas of consensus for new privacy policies. The summit was conducted in conjunction with the Consumer Federation of America and the Society of Consumer Affairs Professionals (SOCAP)--an organization of 3,000 members from all sectors of American business, who represent consumer interests within their companies. AXP urged the industry groups to actively develop new privacy protections.

Reactions from consumer and other public-interest groups were favorable, particularly on the Company's willingness to speak out on the need to institutionalize consumer privacy rights. AXP and the U.S. Office of Consumer Affairs developed a brochure for consumers on privacy rights called, Protecting Your Privacy. The brochure has been widely distributed via the U.S. Consumer Information Center and was made available on the center's web site. Later, AXP produced an educational resource kit for high school and college teachers. More than 20,000 copies have been distributed. The kit--titled Who Knows? Your Privacy in the Age of Information --contains a resource guide and a poster, as well as discussion and student-activity materials. The Canadian government is adapting the kit to correspond to Canadian laws and is making it available to all schools across Canada via the school's intranet. In 1992, American Express received an achievement award for its privacy project from SOCAP.

UPDATING THE 1991 CONSUMER PRIVACY PRINCIPLES

In mid-1995, the Consumer Affairs Office convened a meeting of line managers, whose responsibilities included the use and protection of customer data. The purpose of this meeting was to review the 1991 Privacy Principles. An internal audit of compliance was conducted, and external privacy advocates were consulted for their perspectives on consumer privacy issues.

The audit results found compliance to be satisfactory. However, given the many changes at AXP since 1991, Chairman Harvey Golub created a new privacy task force, in late 1995, to review the Principles in light of new products and services; strategic business issues; new technology; and the current privacy expectations of AXP's customers and the public.

The core group of the task force, under the direction of AXP's executive vice president for Corporate Affairs and Communications, consisted of more than 30 senior and midlevel managers and staff experts. Quarterly meetings were held throughout 1996. Six subgroups identified issues, benchmarked against other companies, conducted research and made recommendations for changes. These extensive and broadscale discussions raised awareness within the task force of the growing complexities in the privacy arena.

As a point of reference at the first meeting of the task force, an outside expert reported on his comparison of the AXP Privacy Principles to those of other U.S. companies, and summarized the recommendations of leading government and academic specialists. To gain further insight into consumer expectations, the task force drew on a just-completed proprietary privacy study.

In mid-1996, the subgroups reviewed their recommendations with the privacy task force, as well as with the chairman of the Company and others in senior management. As the work progressed, it became clear that it is difficult to separate privacy from business issues, and that new delivery systems raise questions about how best to apply the Principles. Because privacy is now so ingrained in the culture of AXP, the question was not whether, but how to apply the Principles, for example, when marketing on the Internet.

Since AXP launched its ExpressNet site on America Online nearly two years ago, the Company has greatly increased its presence in cyberspace. AXP recently adopted the following guidelines for online privacy, similar to those adopted by the Direct Marketing Association and the Interactive Services Association: 1) we will not use an e-mail address for marketing purposes without a customer's knowledge; 2) when customers choose to give us their e-mail addresses, they will be given opt-out choices; and 3) for those who merely browse on our web sites, we will not send unsolicited e-mail messages.

THE 1997 CUSTOMER PRIVACY PRINCIPLES

The eight principles articulated in 1991 have withstood the test of time. Based on the work of the new privacy task force, a set of updated American Express Customer Privacy Principles will be issued to employees in early 1997, along with a letter from AXP Chairman Harvey Golub. There are minor changes reflecting both the current company structure and the environments in which we carry out our business, such as marketing via the Internet. In addition, the Principles have been rewritten in "plain language" to make them more understandable to our employees and to customers. The updated Principles will be issued globally in various languages to serve the many markets where AXP does business. In addition to the updated Principles themselves, there are many benefits that have grown out of the review process. It has:

• sensitized over 100 line managers to current privacy issues, and educated them on the application of the Principles to diverse business situations;
• highlighted the relationship of privacy to the issue of trust which is central to protecting the brand reputation;
• reinforced the centrality of privacy in the development of new products and services;
• reminded managers of their accountability for compliance; and
• ensured that the Principles work for the business--and are not just theoretical policies.

The issuance of the updated Privacy Principles will not diminish the Company's attention to privacy protection and consideration of further need for changes. The Consumer Affairs Office has broad responsibility for consumer issues, including privacy, and will continue to provide leadership on this issue by: a) monitoring and analyzing the views of consumer advocates, regulators, and other opinion leaders; b) working with the Company's business units to consider the implications of this analysis for new products, services, and delivery systems, and recommending courses of action; and c) developing consumer education.

AMERICAN EXPRESS PRIVACY ACTIVITIES WORLDWIDE

As already noted, AXP's Privacy Principles and policies have been issued as standards for its worldwide operations. AXP has been involved in privacy matters in other nations and on the international scene, and AXP officials have participated in most of the major data protection legislative efforts of the past two decades in Canada, Europe, and the Far East.

AXP's position supports the privacy principles that were expressed in the OECD Guidelines, the national data protection laws and regulations in Europe in the 1970s and 1980s, and the European Union's 1995 data protection directive (which goes into effect in October 1998).

AXP has worked with officials to explain problems that financial services firms could have with some proposed data protection rules, and to suggest ways that such conflicts might be avoided without compromising fundamental privacy values. AXP's position is that privacy protections can be sensible and that individual choice through informed consent is the best approach to govern the use of data by businesses wherever they operate. The fact that AXP began adopting Privacy Principles and opt-out procedures in the 1970s, and deepened those policies in the 1980s and 1990s, has given data protection advocates and officials a model with a successful history of according consumers a substantial measure of privacy protection.

The same has been true of AXP's participation in private standards efforts in other nations. When the Canadian Standards Association (CSA), a private technical association with business, governmental, privacy-advocate, and academic participation, set out to develop a set of innovative privacy standards for the private sector in 1994/95, AXP was an active member of the CSA drafting committee.

A COST-BENEFIT ANALYSIS OF PRIVACY

How does one calculate the value of privacy and privacy initiatives? It is difficult to quantify the cost of privacy, since it is difficult to separate privacy costs from ongoing business expenses. Trust and protecting the confidentiality of personal customer information are inextricably connected, and most privacy protection efforts are represented by business decisions about how to design systems and processes that result in privacy protection.

The American Express brand is a highly valuable asset. Spending on privacy protection can be seen as an extension of efforts to promote our brand image--which supports our vision: to become the world's most respected service brand. As Vice Chairman Jon Linen asked in his 1996 "Privacy and American Business" speech: "Is privacy protection expensive? No--what's costly are hassled, mistrusting, potentially former customers."

REGULATION AND VOLUNTARY POLICIES

We believe that government regulation of privacy on the Internet and other online areas is very risky given the rapid changes in this new technology. Regulation could promote one technology over another and act as a barrier to the full realization of the benefits of commerce in cyberspace.

NTIA is well positioned to encourage companies to create voluntary privacy-supporting policies and practices, such as those steadily being issued by online companies and associations. Online privacy guidelines were recently published by the Interactive Services Association and the Direct Marketing Association, and the guidelines developed by AXP are being designed into its web sites. There are also promising new technological tools that offer major privacy-enhancing choices by giving individual online users control over who can market to them.

We think that the online marketplace will reward those companies that adopt good privacy policies, and will give them a competitive advantage in the coming decade. To quote AXP Vice Chairman Jon Linen, "If we regulate ourselves . . . if we use consumer information carefully and judiciously, and with the interests of our customers at heart, we will be working not to our detriment, but to our competitive advantage. Conversely, I believe that those who lose this customer focus--who disregard the trust their customers have placed in them--will eventually suffer the consequences in the marketplace. We're betting the marketplace will self-select those companies that, like American Express, protect consumers' privacy while offering relevant and targeted products and services."

Competitive forces will define consumer privacy in the online world. It is this evolutionary process that we urge NTIA to encourage and foster.

The Reader's Digest Association, Inc.: Privacy Policies and Practices, and Views on Self-regulation.

Charles A. Prescott
Vice President, Legal­Pacific and Associate General Counsel
The Readers's Digest Association, Inc.
Pleasantville, New York

INTRODUCTION

This paper has been prepared in response to the November 14, 1996 letter of Larry Irving of the United States Department of Commerce, National Telecommunications and Information Administration. This letter called for papers relating the experience of selected companies with respect to self-regulation and effective implementation of privacy practices.

Since the debut of Reader's Digest magazine in 1922, The Reader's Digest Association, Inc. has become a preeminent global publisher and direct marketer of products that inform, enrich, entertain and inspire people the world over. Total revenues exceeded $3 billion for the first time in fiscal year 1995, roughly 60 percent generated outside the United States by 21 international operating companies. Reader's Digest has operations in over 50 locations throughout the world, located in 36 different countries.

Along with its flagship magazine, Reader's Digest sells quality books, music, home videos, audio books, special interest magazines and a growing line of multimedia products. The company markets its products primarily by direct mail, and is rapidly expanding into other distribution channels, including direct-response television advertising, interactive on-line services and door-to-door sales. The Reader's Digest World Wide Web site was launched on October 28, 1996, and is linked to Reader's Digest Websites operated by its subsidiaries in the UK, Finland, Poland, Canada, and Scandinavia.

Global success is driven by Reader's Digest, the world's best-read and best-selling magazine. Every month, about 100 million people in virtually every country in the world read the magazine, in 48 editions and 19 languages. Global circulation exceeds 27 million. Through the unique global reach of the magazine, Reader's Digest has built databases worldwide containing more than 100 million households. This wealth of customer information helps Reader's Digest to create and market well researched, high-quality products of superior value.

Reader's Digest welcomes the call by the National Telecommunications and Information Administration for these papers and looks forward to the public forum to address these papers. The Company believes this form of leadership is an important element in the development of effective self-regulatory programs in the business community. Moreover, the letter is an excellent example of a pro-active facilitative role for government, as eloquently called for by the Global Information Infrastructure Commission in its several recent publications.

DEVELOPMENT OF READER'S DIGEST'S PRIVACY POLICIES AND PRACTICES

Reader's Digest started business in 1922 as a direct mail marketing company and has been an international direct mail marketer of published products since it opened its first international subsidiary in the United Kingdom in 1938. In all the markets in which it operates through direct marketing, it constructs, maintains and updates a database of its customers and prospects. This database is one of the Company's most valuable assets and its security, accuracy, integrity, proper use and development under a diversity of legal regimes has been a critical factor in the Company's success.

The Company is keenly aware that the accuracy and usefulness of that database can not be assured unless the public and the Company's customers have confidence that the Company will not abuse their trust. Therefore, the Company welcomes any opportunity to improve the climate of data protection in an effective way to assure the public that personal data are and will be properly handled by the direct marketing community and that the consumer has the power to control his or her data.

The main privacy principles on data protection were first clearly articulated by the OECD in 1980, with its Council Recommendation Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data. The principles entered the realm of public international law with the Council of Europe Convention for the Protection of Individuals With Regard to Automatic Processing of Personal Data. This was opened for signature at Strasburg, on 28th January 1981. Shortly thereafter, and based on those principles, Reader's Digest began formulating a set of international policy instructions applicable to all its operations worldwide. This set of policies are under continuous review, but have stood much of the test of time since their adoption in 1984.

In the Company's experience, not only its original policy instruction, but the OECD principles as elaborated upon in the GIIC statement on "Personal Information Privacy Policy--Recommended Actions" are practically undebatable as to their acceptability and desirability, and, if put into practice, they will provide effective consumer protection.

As mentioned, the Company's policy was formulated following the signing of the Convention and adopted in 1984. Reader's Digest has been a proponent of direct marketing self-regulation in the privacy area both before and after adoption of the Council of Europe Convention, the Digest's own internal policy, and the further elaboration of legal regimes governing data protection, primarily in Europe. In the experience of the Company, self-regulation in the privacy area can be a success with or without an overarching legal regime containing enforcement mechanisms, provided a certain critical mass of the following important factors is present.

In addition to the factors discussed below, it may be that privacy and protection of personal data is a subject uniquely suited to self-regulation in ways in which other aspects of a competitive business environment may not be. For example, in direct marketing the benefits of providing to consumers access to their data and the ability to opt-out of the system are compelling from the point of view of both customers and business competitors, and yet assuring such rights to consumers raises few, if any, antitrust concerns, bestows no competitive advantages on those who do not abide (indeed, non-compliance may prove disadvantageous), and thus the issue of "enforcement" may be less compelling. Accuracy of information and transparency of processing of personal data, required by the principles, provide major commercial benefits.

KEY ELEMENTS OF A SELF-REGULATORY PROGRAM IN THE DIRECT MARKETING INDUSTRY

The primary self-regulatory program in the area of customer data in direct marketing is the provision to consumers of the right to "opt out" of the system of direct marketing and to assure that the data which may be in companies' files is not used to market to them further. This is known as the Mail Preference Service.

Reader's Digest has, throughout its history, maintained an in-house suppression program pursuant to which it will mark a consumer's file "do not mail" upon request of that individual. In addition, direct marketing associations throughout the world in which the Reader's Digest is an active sponsor will actively advertise their Mail Preference Services.

Recently, as telemarketing has become more wide-spread, this service has been joined by the Telephone Preference Service. Under either system, a consumer may register with the Direct Marketing Association or other administrative body. This body periodically sends to all members the Mail Preference Service or Telephone Preference Service list and the member uses this list to mark its own files "do not mail/market". In countries where Association membership is not required by law, the Association will also make this list available to non-members.

The development of these programs, both within Reader's Digest and internationally through direct marketing and other trade associations, is the recognition by business of the consumer's right not to receive mail. Moreover, it is a recognition by business that individuals who will expend effort to register with the service are unlikely to make use of the product and service offerings made available thereunder. Thus, these programs promote efficiency, cost-savings, and better consumer relations. In short, the adoption of these services provides a communication channel from consumers to business which empowers consumers.

CRITICAL ELEMENTS FOR SUCCESS.

In the Company's view, the success of these Preference Services in the direct marketing field, and the success of Direct Marketing Associations in encouraging their members to adopt fair information practices depends on a number of interconnected factors. This is not to say that all these factors must be present for these programs to be successful, but all are important to the process.

Leadership on the issue.

It is important that a respected business figure, government official, or trade association official exhibits leadership in raising and addressing the issue of consumer privacy and fair information practices. Consumers' concern for the use of their data in direct marketing must be clearly articulated in ways that business can understand, and to which it can react effectively. In fact, it is only when inspired leadership convinces the industry that there is an unaddressed problem which, in many cases, has not been heard because it was silent, that these programs are put into place and the reputation and credibility of the direct marketing practice improves.

In many respects the subject of privacy and data protection is one of silence as far as the direct marketing industry is concerned, because every consumer has absolute power to throw mail into the waste basket. While consumers clearly continue to have this power even with a Mail Preference or Telephone Preference Service, these services provide consumers power to articulate their views and a mechanism to exert control over their data in a manner not previously known to them. This gives them the significant power to control the use of their personal data even by users of which they are not aware.

Consumer Education.

For a trade association program on data protection and privacy in direct marketing to be successful, consumers must be made aware of the availability of the program and the program must be easily accessible.

In a certain sense the Telephone and Mail Preference Services correct a market failure of communication and knowledge availability. In essence a preference service requires a business to carry out one more step in preparing data before it can begin to contact customers, and thus is in principle an additional cost, although one not easily quantifiable. Asking a rational businessman to incur the cost of an educational program in order to impose another processing cost on his business operation is counter-intuitive. Here, however, the availability of partnerships with government offices and agencies can prove extraordinarily useful. In addition, strong leadership from business leaders, trade associations and government in selling the program as a public benefit for the industry is often critical to success. Business, nevertheless, readily appreciates the economic benefits of avoiding costly mailings to unlikely respondents or hostile opinion leaders.

Partnership with Public Agencies.

Reader's Digest and the Direct Marketing Association have a long history of partnerships with the U.S. Post Office, the Federal Trade Commission, with the South African, Argentine and New Zealand Post Offices, and with many government agencies and offices throughout Europe in consumer education programs, both on promotional devices and on data protection and privacy self-regulatory programs. In Argentina, for example, the Mail Preference Service response cards will soon be available in every post office.

In South Africa, the Post Office recently agreed to manage the not inconsiderable administrative burden of data inputting Mail Preference Service respondents and distributing the data to the members of the Direct Marketing Association.

To the extent that these services become more widely known and available, the consumer is empowered and the business environment improved. In addition, the education of the consumer at the same time educates new entrants to the direct marketing field who build it into their business plans as they commence work.

Internal Compliance and Self-regulation.

Self-regulation is more effective if combined with internal discipline in the companies who pledge to follow a self-regulatory code or practice. Leadership at the very top of the company which has pledged through membership in an association to abide by a set of fair information practices is extremely important.

The institution of an in-house compliance program and the naming of an in-house privacy officer will prove extremely effective in providing a consumer point of contact for problems and an employee point of contact for assurance of compliance. For example, Reader's Digest companies in the United Kingdom, Germany and The Netherlands have appointed data protection officers responsible for assuring compliance with both the laws and self-regulatory programs adopted in those countries. A similar responsible employee will soon be appointed in Hong Kong, and in other countries.

Respect for the Rules.

Important for the success of any self-regulatory program, whether for privacy, advertising standards, product quality or any other matter, is a shared community of respect for these rules and the law in general. Such respect starts with fundamental agreement on the principles at stake.

In the area of privacy and data protection it is Reader's Digest's belief that these principles are generally accepted as they have been formulated in the OECD Principles, the Council of Europe Convention 108, the European Directive on Data Protection, and as recently articulated in the call for action by the Global Information Infrastructure Commission.

Such principles being reasonably universally accepted, the practical application of those principles within the direct marketing business is not particularly complex. As is pointed out in the attached note from Reader's Digest's U.K., list and data base practices are particularly well-suited to self-regulation, being creatures of fast-changing technologies. Moreover, the concerns of consumers in this area lend themselves to expeditious and nearly cost-free resolution through the available self-regulatory dispute resolution mechanisms.

Consequently, the respect is not only to the law, but beyond the law, to the spirit underlying the law and thus more effective and more flexible than statutory formulations. Regimes founded on enlightened self-interest are fully believable to the general public.

CONCLUSION

The experience of Reader's Digest throughout the world, where it has active direct marketing association affiliations or otherwise has an operating entity, is that consumers, when informed of the availability of Mail and Telephone Preference services, do not make significant use of those services, but in fact prefer to receive the information brought to them through direct marketing programs. For example, Reader's Digest Canada inserts a notice in all of its promotional materials inviting consumers to contact the company directly to have their names removed from its list. The average response from consumers taking up this offer is less than for 3 each 10,000 pieces of mail.

Based on this and many similar experiences, Reader's Digest is convinced that direct mail is perceived by consumers as an important information source. Therefore, the Company believes that offering consumers the opportunity to object to receiving direct mail, that is, "opt out", as opposed to requiring consumers to "opt in", most closely accords with consumer needs and wishes. Why should 9,997 persons be required to assert a right to receive information, when a very simple mechanism, a powerful mechanism, is in place to enable the 3 to relinquish that right?

Finally, it should be noted that in many European countries the success of self-regulatory programs within industry has been significantly impacted by the government's willingness to participate cooperatively in formulating such programs and codes of practice. In those countries which require or encourage industry to adopt codes of practice for submission to data protection authorities, the regulatory bodies have proved enormously helpful and cooperative in fulfilling an educational, facilitative and advisory role. This has greatly enhanced the operation of self-regulatory regimes. This has been especially true in the United Kingdom, France, and the Netherlands.

Reader's Digest is currently in dialogue with the Data Protection Commissioner in Hong Kong on the development of a Code of Practice and has had successful and useful experiences in this area in Canada, Australia, and New Zealand. If there is a model to be emulated, it is this model of involved and interested governmental authorities facilitating and assisting business in this important consumer protection area, rather than assuming an adversarial enforcement posture and providing business no assurance of a safe haven in its drawing up of Codes of Practice.

DATA PROTECTION AND SELF-REGULATION IN THE UK

The UK's Data Protection Act ("the 1984 Act"), implementing the Council of Europe's Convention 108 of 1981, was adopted in 1984. Well before this the UK's Advertising Association ("the AA") charged its Data Protection Committee with drafting a Code of Practice governing the use of personal data for advertising and direct marketing purposes. Section 36(4) of the 1984 Act places a duty on the Data Protection Registrar (the UK's data protection authority) to encourage, where appropriate, sectoral codes of practice, and the AA's Code was the first to be developed and welcomed by the Registrar.

The number of complaints received by the Registrar is a fair barometer of the successful operation of Codes. Initially, complaints relating to the direct marketing sector formed the single largest group (not surprisingly, as this sector accounts for by far the most visible use of personal data).

In successive years the Registrar has reported sharply declining figures for this sector. They now form a relatively minor part of the Registrar's post bag. Successive Registrars have attributed this improvement as due in large measure to effective self-regulation, of which a mailing preference service forms a substantial part.

In 1988, the industry wished the Code to have wider application, and it persuaded the Committee of Advertising Practice ("CAP") to agree to adapt the AA's Code. CAP is an industry body on which is represented all the major trade associations whose members are involved in consumer advertising, together with media and agencies, and which draws up the Codes administered by the Advertising Standards Authority ("the ASA").¹ The ASA subsequently agreed to adjudicate complaints from consumers and businesses that data users had breached the Code, and CAP published an appropriate Code in December 1988 as Rules for Direct Marketing including List and Database Management. Despite reservations expressed by some members of the ASA's Council, few problems have arisen and an updated version of the rules now forms a section headed List and Database Practice within the current British Codes of Advertising and Sales Promotion, published by CAP in February 1995 (Annex #1). In the course of commenting upon this, the Registrar in his report to Parliament in 1994 wrote that

Over the years since the Data Protection Act came into force, the direct marketing industry has made significant changes to meet standards of practice.The result has been that complaints to my Office about direct marketing have largely faded away.

The operation of self-regulatory rules does involve anti-trust considerations. In the first instance all such sets of rules have to be submitted to the Director General of Fair Trading who determines whether they might operate against the public interest. In relation to such Codes, this has never proved a problem. In any event, the Director General is under a statutory duty (S 124(3) of the Fair Trading Act 1973) to encourage relevant associations to develop codes of practice "for guidance in safeguarding and promoting the interests of consumers in the United Kingdom."

List and database practice is particularly well suited to self-regulation. The practice is very much a "best endeavours" area, where name and address variations can generate problems. Self-regulation is much more flexible than the law, and issues arising out of new technologies can readily be accommodated. From the consumer's point of view, it is much less daunting than the law, is altogether speedy, and is virtually cost-free. While the law is frequently viewed as providing impediments to be circumvented by ingenuity, self-regulation emphasises the spirit as well as the letter of its rules. As these rules have been drawn up by their peers, practitioners are very much less likely to find ways around them.

There is a tendency to want the enforcing body to have a majority of non-industry members. From a public relations standpoint, this is understandable, but our experience on several self-regulatory bodies is that it is the industry members who are toughest on transgressions.

The ultimate sanction is the publication of an adverse adjudication, which may result in major companies declining to do business with businesses which bring the industry into disrepute.

If the UK did not have a Data Protection Act, industry would almost certainly incorporate in its rules a requirement to comply with the data protection principles in the Council of Europe's Convention 108, and now reflected in the European Union's Data Protection Directive. (The principles in the OECD Guidelines do not differ in substance from those in the Convention and the Directive.)

______________________________

ENDNOTES

1 The ASA has an independent Chairman (currently Lord Rodgers of Quarrybank), appointed by the industry body which collects a surcharge on advertisements to fund the self-regulatory system. The Chairman appoints all members of the Council of the Authority, which is required to have a majority of non-industry members.

Case Study for Creating the NYNEX Privacy Principles

Susanne Guyer
Executive Director
Federal Regulatory Policy Issues
NYNEX

EXECUTIVE SUMMARY

It's hardly news that technology is changing the way companies do business and changing the way they collect and use information about customers. Used responsibly, that information can help serve customers better. But with advances in data processing come growing concerns--by customers and policy makers--about maintaining the privacy of individual customer information.

In 1994, charged with upholding the Company's century-old tradition of customer service and trust in an increasingly competitive and multi-player marketplace, the NYNEX Public Policy Council, a team of senior managers responsible for creating NYNEX public policy, addressed the issue of protecting individual customer information.

In 1995, the Council approved nine Privacy Principles which are applicable wherever there is individual subscription to, or use of, a NYNEX service, with the goal of protecting a customer's telecommunications-related personal information. All officers and department heads received the Principles and concomitant guidelines for use with stakeholders including regulators and legislators. Each NYNEX business unit was assigned the responsibility for implementing the Principles on an ongoing basis with customers according to its particular business and its customers' privacy expectations. Customer privacy was also included in employee training materials prepared and distributed to supervisors with the NYNEX Code of Business Conduct, and in early 1996 the Principles were communicated to all NYNEX employees.

The message of the Principles is straightforward: We expect our employees to protect the privacy of our customers and we encourage our partners and suppliers to do the same.

BACKGROUND: CREATING NYNEX PRIVACY PRINCIPLES

In April 1994, the NYNEX Public Policy Council¹ considered its position on the use and disclosure of customer information² in light of several business, and broader industry and regulatory developments. From the business perspective, NYNEX needed to preserve its long history of public trust while competing to maintain its existing customers and attract new ones in a multi-player local exchange market and in its other lines of business. From the regulatory and industry vantage point, the New York State Public Service Commission (PSC) had issued a "Revised Statement of Policy on Privacy in Telecommunications" and, in New York Telephone Company's Performance Regulation Plan, the Company had committed itself to abide by that Statement of Policy and to "continue to review new service offerings with its customers and staff for the purpose of identifying and resolving potential privacy concerns." Additionally, the Federal Communications Commission (FCC) and National Telecommunications and Information Administration (NTIA) had requested comments of industry participants on whether and how the federal government should revise current restrictions on the use of certain customer information. Also, Congress was considering legislation that would impose additional restrictions on the use of customer information, and the European Union was considering requiring express consent or an "opt in" by the consumer prior to information about the customer being disseminated to another entity.

In November 1994, the Council considered its most important stakeholder, that is, the customer. A recent Louis Harris poll³ showed that concerns about threats to personal privacy were growing--82% of the public was concerned in 1994, as opposed to 79% in 1990 and 64% in 1978. Seventy-eight percent of Americans felt that consumers had lost all control over how personal information about them was circulated and used by companies. Seventy-six percent believed that business organizations asked consumers for too much personal information.

On the other hand, half of the American public believed that businesses handling personal information were paying increasingly more attention to privacy policies. Nearly three-quarters of all Americans said they would rather see companies voluntarily provide privacy policies, rather than have the government enact regulations.

As part of the Harris poll, those surveyed heard a description of home interactive services, and the subscriber profiles that companies could compile about a customer's viewing and purchasing patterns. More than half indicated that they would be interested in having advertising presented to them based on their particular interests, as revealed by their subscriber profile. But, the majority (61%) were concerned about the privacy implications of having a subscriber profile created about them.

AN HISTORICAL PERSPECTIVE ­ BUILDING ON EXISTING CORNERSTONES

As noted above, in 1991 the New York PSC promulgated a "Revised Statement of Policy on Privacy in Telecommunications." The Statement included a set of eight "Privacy Principles." These Principles were not promulgated as binding formal regulations, but rather as guidelines that were intended to provide a framework for the Commission's consideration of privacy issues in future proceedings. New York Telephone Company has committed to abide by those Principles, and in particular their emphasis on reviewing the privacy implications of proposed new-service filings. These Principles helped forge the Council's thinking and state that:

Privacy should be recognized explicitly as an issue to be considered in introducing new telecommunications services.

The interest in an open network should be recognized in evaluating alternative means for protecting privacy.

Companies should educate their customers as to the implications for privacy of the services they offer.

People should be permitted to choose among various degrees of privacy protection, with respect to both the outflow of information about themselves and the receipt of incoming intrusions.

A telephone company offering a new service that compromised current privacy expectations would be obligated to offer a means of restoring the lost degree of privacy unless it showed good cause for not doing so.

Considerations of cost, public policy, economics, and technology all bear on the pricing of privacy features, which must be determined case-by-case.

Unless a customer grants informed consent, subscriber-specific information generated by the subscriber's use of a telecommunications service should be used only in connection with rendering or billing for that service or for other goods or services requested by the subscriber.

Privacy expectations may change over time, requiring, in some instances, changes in telecommunications services. At the same time, changes in telecommunications technology services and markets may lead to changes in customers' privacy expectations.

PRIVACY BENCHMARKING

Much good thinking was going on in public policy fora to increase awareness of safeguarding customer privacy, which was useful in formulating NYNEX's Principles. For example, the National Information Infrastructure (NII) Task Force's draft Principles stated that individuals were entitled to a reasonable expectation of information privacy and those using the NII should ensure that information was secure and that it was accurate and relevant for the purpose for which it was given. "Information collectors" should tell individuals why they were collecting information, what they expected it would be used for, what steps they would take to protect its confidentiality, and any rights of redress should the information be used improperly. Additionally, the NII Principles stated that "Information users" should assess the impact on personal privacy of current or planned activities, obtain and keep only information that could support current or planned activities, use the information only for those or compatible purposes, use appropriate controls to protect the confidentiality and integrity of personal information, provide individuals a reasonable means to obtain, review, and correct their own information, and allow individuals to limit the use of their personal information.

LOOKING TO INDUSTRY PARTNERS

NYNEX also examined how other businesses addressed the challenge of safeguarding customer information in a competitive market. American Express was the first company in its industry to offer customers the ability to "opt out" of the sale of their customer information. American Express advised companies to: Tell customers what information they collected and how it would be used; offer the customer some control over how the information would be used; assure the quality of the information collected; protect the data--with other companies, use salted lists and contractual provisions to assure that it was used correctly; internally, use passwords and other means to screen what employees could access; have an internal privacy policy; audit and monitor compliance and discipline violators; and use every opportunity to use technology to enhance privacy.

In the telecommunications industry, Pacific Bell and Bell Atlantic had released privacy principles. Pacific Bell's Customer Privacy Guidelines explained, "Ten Ways We Protect Your Private Information." Among the principles listed were that, whenever possible, Pacific gave customers choices about how to protect their privacy; that Pacific would not use customer information to market to customers if they asked Pacific not to; and that Pacific did not sell customer information unless it was already available to the public through a Pacific Bell directory or directory assistance.

Bell Atlantic had Residential Customer Information Privacy Principles and the Company pledged to provide information to non-Bell Atlantic entities only for business purposes such as billing, to prevent fraud, at the customer's request, and as required by law. Bell Atlantic allowed customers access to the information in their customer records, stating that its service representatives would answer any questions about the information, how it was used, and how to correct inaccuracies. Bell Atlantic stated that its principles would be reevaluated and revised as necessary in light of changing technologies and privacy expectations.

INCORPORATING INPUT AND TAKING ACTION

In developing means of protecting customer privacy, the NYNEX Public Policy Council agreed that a progressive policy that met the privacy expectations of customers would ultimately produce more robust opportunities to compete by offering innovative services to retain existing customers, and to attract new ones. In its deliberations, the members cited three primary goals that should determine NYNEX's policy on the use of customer information: (1) customer service expectations; (2) competitive equity, especially where a telephone company or other enterprise was the dominant provider; and (3) customer privacy expectations.

The Council directed a working group to draft NYNEX principles on the use of customer information. The members offered their view that the public's trust that NYNEX respects the confidentiality of customer information was one of the Company's most important assets and that NYNEX should commit to privacy principles which reinforce this trust. "If the Company must err toward too much or too little protection," they said, "it should err on the side of overprotecting customer information. NYNEX must not vitiate one of its strongest competitive advantages vis-à-vis other companies."

Finally, a distinction between short-term and long-term policy was drawn. In the short-term, NYNEX must act within the framework of a heavily-regulated environment and meet its customers' expectations of privacy. In the long-term, it was expected that NYNEX would be operating in a fiercely competitive environment with less regulation and would compete to offer an array of services to its customers. The issue was how best to preserve public trust without impairing its ability to serve customers more effectively in the long-term.

CLOSURE AND IMPLEMENTATION

In 1995, the Council approved nine Privacy Principles which are applicable wherever there is individual subscription to, or use of a NYNEX service, with the goal of protecting a customer's telecommunications-related personal information. Implementation of the Principles began with communication to NYNEX officers and department heads and was followed by dissemination throughout the organization as well as to regulatory and legislative stakeholders.

Communication with customers is always ongoing and takes place through customer service representatives, customer information brochures, consumer advisory councils, in NYNEX telephone directories and through direct mailings. Employees can contact a subject matter expert for customer privacy questions and also have access to an ethics hotline for privacy concerns they may have. The Privacy Principles have been incorporated into the NYNEX Code of Business Conduct and video and written training materials are available. Employee training is ongoing. Employees who fail to follow the Principles face disciplinary action, which can include dismissal.

Creating the NYNEX Privacy Principles was a process that necessarily took into account the Company's history of public confidence as well as an impending, dynamic, multi-player, competitive market for telecommunications services. The Principles will be reevaluated regularly to meet customer expectations for privacy and service, and in order to ensure compliance with applicable law.

Attached are three NYNEX privacy documents: Attachment 1 is part of a NYNEX newsletter article that communicates the NYNEX Privacy Principles to all employees--this attachment lists the NYNEX Privacy Principles with explanations; Attachment 2 is the remaining text of the NYNEX newsletter article that communicates the NYNEX Privacy Principles to all employees; and Attachment 3 is an excerpt from the NYNEX Code of Business Conduct on safeguarding customer privacy.

_________________________________

ENDNOTES

1 The activities and purpose of the NYNEX Public Policy Council which guided the development and the implementation of the Privacy Principles are as follows: Formed in 1993, the Public Policy Council (PPC) determines NYNEX's position and defines its actions on issues affecting the Corporation that will be resolved by external authorities, or which have a material public policy impact. In the last quarter of each year, the secretary of the PPC and his staff poll PPC members, officers and department heads, and subject matter experts for short-term and long-term issues that they recommend the PPC address in the following year. The PPC selects the highest priority issues for review in the coming year and the issues are adjusted during the year as circumstances warrant. The secretary of the PPC and his staff work with various NYNEX issue owners and departments to create issue papers which assess options and summarize policy recommendations. Issue papers are distributed to the PPC for review prior to each meeting. The Council meets each month to determine the Company's position on four to six issues. The Council communicates the decision to the issue owner, who in turn, initiates implementation or follow-up action, depending on the outcome. Decisions are also communicated through meeting minutes, officer reports, and quarterly reports, which are distributed to a broad base of employees. Recommendations often include the creation of an issue-specific communication plan to support implementation. A small PPC staff supports and tracks implementation by issue owners and departments.

2 Examples of customer information can include the customer's social security number, name and address, the customer's credit history, the numbers called by the customer, the pattern of phone calls made by the customer, and the telecommunications services ordered by the customer.

3 Louis Harris, Interactive Service, Consumers and Privacy, (1994).

ATTACHMENT 1

Communication of Privacy Principles to

NYNEX Employees

Company Newsletter

January 15, 1996

1) NYNEX uses individual customer information for its business purposes only.

NYNEX limits the information it obtains about customers to what's needed in the normal course of providing service. And it follows stringent procedures for protecting customer information.

2) NYNEX informs customers how information it obtains about them is used, as well as their options regarding its use.

NYNEX will distribute a "Privacy Statement" to customers that describes the type of information a NYNEX business unit obtains about customers, how it's used, when it might be disclosed, the measures NYNEX employs to protect it and ways the customer can restrict the use or disclosure of that information.

3) NYNEX gives customers opportunities to control how and if it uses individual information about them to sell them NYNEX products and services.

Customers have a large measure of control over how NYNEX uses their individual information to market new products and services to them. While NYNEX does use customer information to promote products and services that particular customers may find useful, NYNEX won't call customers or send them direct mail for marketing purposes if they ask NYNEX not to.

4) NYNEX enables customers to control how and if it discloses individual information about them to other companies--except as required by law or to protect the safety of customers, employees or property.

Subject to legal and safety exceptions, NYNEX won't share individual information with unaffiliated companies, or with affiliates that haven't agreed to protect customer information--unless NYNEX either obtains customer consent or gives the customer an opportunity to "opt-out" (to choose not to have their information disclosed).

5) NYNEX strives to provide customers with access to information it has obtained about them and allows them to correct errors in that information.

It is NYNEX's responsibility to give customers access to the information it has about them. NYNEX uses sophisticated data processing technology to help ensure that the information is accurate.

6) NYNEX considers privacy when planning and introducing new services and informs customers of the privacy implications of these services.

NYNEX will investigate the privacy implications of new services, build safeguards into services before they're introduced and alert customers about the effect on privacy the new services might have.

7) All NYNEX employees are responsible for safeguarding individual customer information.

NYNEX's Code of Business Conduct clearly states this policy: NYNEX must protect the privacy of all forms of customer communications--whether voice, data or image transmissions. Employees who fail to follow the principles will face disciplinary action, which can include dismissal. (See customer privacy excerpt from NYNEX's Code of Business Conduct in Attachment 3.)

8) NYNEX complies with all applicable privacy laws and regulations wherever it does business.

Customer and policy maker perceptions of privacy can change over time. That's why NYNEX will regularly examine--and update, if necessary--its privacy principles to ensure that they continue to reflect exacting standards for privacy protection.

9) Each NYNEX company is responsible for implementing these principles and informing customers about its privacy practices. NYNEX encourages companies related to, but not wholly owned by NYNEX, to adopt these principles.

Every NYNEX business unit will: evaluate their particular needs and determine how to best implement the principles; develop their own privacy policies and procedures based on the principles; inform their employees of the policies and train them in the proper procedures; and develop a customer statement informing customers how personal customer information is used and how they can control its use and disclosure. The Public Policy Council will ensure that business units comply with the principles.

ATTACHMENT 2

Communication of Privacy Principles to

NYNEX Employees

Company Newsletter

January 15, 1996

Responding to growing consumer interest in the privacy of customer information entrusted to businesses, the NYNEX Public Policy Council has established a set of nine "Privacy Principles" that define the corporation's commitment to protecting customer privacy.

The NYNEX Privacy Principles guide employees in handling customer data so that privacy won't be compromised--and they give customers choices and control over how NYNEX uses that information.

NYNEX business units currently are developing plans and procedures to implement the principles into their operations. These principles balance customer concerns about privacy with their interest in receiving good service and new products from NYNEX, according to Shelley Harms, executive director-Policy in NYNEX Government Affairs.

"At a time when new telecommunications technologies create new business opportunities for us, the personal information we obtain from customers can help us serve them better," said Harms. "But we have to use that information responsibly--and limit it to what's needed in the normal course of providing service."

Simply put, NYNEX places the highest priority on protecting customers' privacy and is taking aggressive steps to protect their private information.

The Privacy Principles are corporate policy that apply to all of NYNEX. "Each NYNEX business unit is responsible for executing the principles, adapting them for their own needs and communicating privacy procedures to their customers and employees," said Harms.

The principles may be implemented in different ways, depending on customer expectations. "Some customers are more concerned than others about the information we collect about them," explained Harms. "Residence phone customers may have different privacy expectations than, say, businesses that advertise in our Yellow Pages directories.

"Not only do we expect our employees to respect the privacy of our customers, but we'll also encourage our business partners and suppliers to do the same," she said.

The principles and key messages about privacy are being communicated to employees in a number of ways, including the revised NYNEX Code of Business Conduct and employee meetings to discuss the Code.

The principles will be strictly enforced, and violations will lead to disciplinary action, which can include dismissal.

Business units will prepare Privacy Statements for customers that describe the type of information they obtain about customers, how it's used, when it might be disclosed, the stringent measures NYNEX employs to protect it and ways the customer can restrict the use of that information.

"NYNEX provides services that reach deep into the personal and business lives of our customers--people who have come to trust us with their account, billing and communications records," says Harms. "We're working hard to uphold their trust."

An outside expert on privacy gives NYNEX's principles high marks. "I'm very impressed with the NYNEX principles--they are consumer friendly, clearly presented and will go a long way toward protecting customer privacy," said Dr. Alan Westin, publisher and editor of "Privacy & American Business." Westin monitors and reports on privacy programs in American businesses.

NYNEX incorporated its guidelines for safeguarding customer privacy into its Code of Business Conduct. Below is the excerpt from the Code pertaining to customer privacy.

ATTACHMENT 3

NYNEX Code of Business Conduct

Safeguarding Customer Privacy

NYNEX provides services that reach deep into the personal and business lives of our customers. Our customers have come to trust us with their account information, records and communications data. Maintaining the privacy of our customers is a serious responsibility. Therefore, we will only use the information we receive about our customers for NYNEX business purposes. We enable customers to control whether and how NYNEX discloses such information to any other company or entity except as required by law or to protect the safety of customers, employees or property. We also give customers opportunities to control whether and how NYNEX uses such information to market additional products and services to them.

Q: I am a customer sales representative. I know that I may not generally release customer information outside the company without obtaining prior authorization from the customer. A telecommunications vendor tells me that a customer has authorized her to obtain information from their telephone service record. May I provide this information?

A: It is common for customers to authorize a vendor to act on their behalf. However, before releasing the information, you should check the customer's record to be sure that the customer has authorized such release to the particular vendor. If there is no such authorization, you should refer the vendor to the customer to obtain written authorization.

In addition, we must protect the privacy of all forms of customer communications--whether voice, data or image transmissions. That means:

We will respect customer privacy, never tampering with or intruding upon any communication or transmission.

We will not listen to or monitor any conversation or transmission, nor will we divulge its existence or contents, except as required in the proper management of the business or as required by law.

We will not gain access to any customer account, records or reports except for authorized business purposes.

We will not gain access to our own customer records and reports, or those of other employees, family and friends, without prior approval by our supervisor.

We will not disclose any information about our customers' communications, transmissions or information processing arrangements, unless required to do so by law, or for the safety and protection of customers, employees or property. Nor may we disclose information concerning the issuance of a subpoena, warrant or court order for communications or records to customers or unauthorized employees. If such information is requested, the request should immediately be referred to the Security department.

Case Study of Dun & Bradstreet's Data Protection Practices

Jean Cantrell
Director, Government Affairs
The Dun & Bradstreet Corporation
One Diamond Hill Road
Murray Hill, NJ 07974

At least one company, Dun & Bradstreet, does maintain significant data protection for the information it collects about business principals in its business reporting activities.¹

INTRODUCTION AND OVERVIEW OF THE DUN & BRADSTREET CORPORATION

The underlying philosophy of The Dun & Bradstreet Corporation, "Man's Trust in Man," is at the heart of the company's activities, especially in its handling of information. A statue bearing the quotation sits in the lobby of the company's headquarters, underscoring a principle of its founding in 1841--created for the purpose of providing accurate, impartial and trusted information about businesses to facilitate commerce. While the companies of the corporation include Dun & Bradstreet, Moody's Investors Service and Reuben H. Donnelley, the focus of this paper will be Dun & Bradstreet.

Dun & Bradstreet collects information on over 40 million business establishments from 217 countries, investing $360 million annually in these data collection activities. Up to 1,500 data items are collected on each business, drawn from sources ranging from the owners or principals of the business itself to public records.

Attachment 1 contains the company's Business Information Report product, which provides an example of the business data collected. While all are business-related, some are specifically identifiable to the individual owners or principals of the business entity. Data that are business-related, such as those collected by Dun & Bradstreet, are limited to information about the business principals deemed relevant and necessary for business credit decisions. Such business uses represent non-personal interests, pertaining to a business enterprise for business-to-business commerce decisions, not the individual personally.

The distinction between personally identifiable information that is of a business nature and information that is of a consumer or personal nature is a meaningful one, as data protection issues are directed typically to the latter. Such data include personally identifiable information about individuals in their personal capacity as opposed to business capacity, if any. Despite the absence of an omnibus regulatory regime in the United States, Dun & Bradstreet is, nonetheless, comprehensive in the application of data protection practices, as noted by the authors quoted in the opening of this paper.

CORE ISSUES FOR SELF-IMPOSED ACTION

Dun & Bradstreet has offices in 37 countries, of which 26 have some level of existing national data protection laws, enacted for the purpose of providing guidelines on the collection, processing and dissemination of information about individuals (see Table 1).The presence of these laws, however, is not the principal reason why Dun & Bradstreet applies data protection practices proactively in all its countries of operations, including the United States.

National laws, while specific in their direction, are not the bases for action. Rather, the bases for action are the benefits to the company, to the businesses it serves and to the individuals upon whom we depend upon for the provision of information.

EXAMPLES OF DUN & BRADSTREET'S

DATA PROTECTION PRACTICES

Through detailed written documents, comprehensive employee training and careful auditing, Dun & Bradstreet aggressively promotes data protection practices throughout its business activities. The commitment carries to shareholders, who see the company's general statement on data privacy in the annual report.

The following highlight several more visible practices in the context of traditional data protection instruments, such as the European Union Data Protection Directive adopted October 1995.

Dissemination Controls

Controlling access benefits Dun & Bradstreet, as a provider of information, and the data subject at issue. Controls are applied over those D&B employees, and within a customer site, who may have access to certain data systems. And, restrictions are imposed on the uses of the attendant data, discussed later in Section III.D.

Dun & Bradstreet protects the confidentiality of the data it collects through strict contractual processes that stipulate valid/authorized uses of the data supplied to users. For example, the company does not provide reports or information to third-parties without a contractual relationship. The standard contract binds customers to relevant US and foreign laws by specifically stating: "Customer agrees to comply with any applicable requirements imposed by US or foreign law, or, if unable to comply, to refuse the Information, Software or other service subject to the foreign law."

Data quality

Data quality is at the heart and soul of any successful information company. Insuring that data are as up-to-date and accurate as practicable benefits the data subject and Dun & Bradstreet. Exhaustive measures are applied to this goal where, in the US alone, there are over 17 million direct business contacts per year, including in-person, telephone and mail interviews that generate 670,000 updates per day.

A Dun & Bradstreet quality review program, as one example, is maintained in the local office where data about a business entity are first collected. Applying this measure at the point of data collection engineers quality into the collection process. The approach is superior to addressing quality exclusively at the end of a process (traditional quality control), whereby more errors can enter a system and, potentially, increase the errors being communicated externally.

Purpose and Notification

The purposes associated with the data Dun & Bradstreet collects bridge to an earlier stated mission--providing accurate, impartial and trusted information about businesses to facilitate commerce. To that end, careful attention is paid to insuring clarity for data providers and employees.

The most "personally identifiable" data captured and reported by Dun & Bradstreet are antecedent information about the principals or owners of a business entity. The stated purposes behind capturing this information, as an example, are that it gives trading partners a sense of who is responsible for the decisions that drive that business, provides the business qualifications of the managers and serves as a resource to assess the likelihood of the business' success. First and foremost, the owners or officers of a company are approached as the best source of such information and, therefore, are immediately aware of its existence.

Notification of the existence of or change in information about a business is addressed proactively elsewhere in Dun & Bradstreet's practices. For example, each time a business report undergoes a full revision, a post card notification is sent to the primary contact at the business entity, alerting him or her to the update and providing a toll-free number to contact to receive a complimentary copy of their Business Information Report.

Rights of Data Subjects--Access, Correction

and Limiting Uses

Dun & Bradstreet provides data subjects specific rights to insure that data are reported fairly, objectively, accurately and completely. Failure to empower a data subject will, in the long-run, temper that individual's or organization's willingness to volunteer information, thereby compromising the completeness of the data sought. Our goal is to have the best data possible for our customers, which is feasible only if data providers support that goal.

We provide a business entity access to the information we capture about it, procedures for initiating a correction process for errors and the ability to limit uses of certain data. For example, when the business owner or principal contacts Dun & Bradstreet with information about a potential error, we "act promptly to correct errors or misleading information, whenever we learn of it."³ Depending upon the matter raised by the business management, a "Stop Distribution" can be applied to the relevant business report until resolved.

Dun & Bradstreet's dedication to reporting facts accurately and fairly necessitate having no hesitation in stopping the distribution of a report and issuing a correction notice. When it is brought to our attention that information issued in a report is erroneous or is asserted to be erroneous, we not only seek to stop the distribution of the report in question, but also the distribution of ancillary products affected by the error. A correction notice is sent to those known to have received the erroneous data. A detailed control sheet for managing corrections contains over 30 steps, each dated, to address distribution stoppage, corrective action, report/product revision and correction notices.

Access to Dun & Bradstreet information is restricted or restrictable from several vantage points. Two examples include restrictions we apply unilaterally and restriction options we make available to data subjects (the business entities). Uses prohibited unilaterally are those uses that conflict with the stated purpose for which information is collected.

Concurrently, a business may have its information removed from business marketing lists published by Dun & Bradstreet. The "de-listing" can be requested orally or in writing by an authorized representative of the business, resulting in its removal from marketing directories, publications and/or mailing lists. Every effort is made to discuss the de-listing process with the business to both understand the reason for their request and to insure that the request may not be misdirected (e.g., business principal, receiving direct marketing material, was selected from a list not belonging directly or indirectly to Dun & Bradstreet).

Documentation and Training

Internally developed documents span volumes exceeding 1,000 pages total and address over 1,000 instruction sets on more than 350 topics, including guidelines for data collection, accuracy, quality control, updating, notification, disclosure and more. Examples of the relevant reference material include:

The Manual and Guide for Dun & Bradstreet Analysts;

Keys to Basic Business Reporting;

Accuracy in Reporting;

Reporting General Instructions;

National Reporting Training Publication;

Manager's Source Book of Policies and Procedures; and

Information Policy Manual.

These documents detail the policies and procedures associated with data collection, quality reviews, responding to inquiries, handling complaints, reporting changes/updates, correcting erroneous files internally and those delivered by third-parties, and excluding certain data. A relevant leading statement in one of the training documents reads "there is a vital need to respect individuals' rights of privacy," and "[employees] will not discuss Business Information Reports or the contents of Business Information Reports with non-business associates or friends."

Five groups of "data handlers" are educated on aspects of the above points--people who provide data, employees in the field who collect data, employees in the operations centers that process and store data, employees who deal with customers, and customers/users of D&B's business data.

The successful training of employees depends upon starting with a core skill set and applying a certification process. The company balances the two issues of experience level and existing training of the employee with the type of report or data for which he or she is responsible. For example, the front-line data collectors--business analysts--are responsible for gathering facts about a business, understanding and properly weighing the significance of those facts and preparing the initial report or updating an existing one about a business. These data collectors typically possess a degree in accounting or finance, and have relevant skills and experience to perform their duties successfully. Within their first-year, the training includes a curriculum of over 70 formal courses, tiered into two phases, which conclude with formal certifications. For other employees, such as support personnel or individuals in tele-centers, the training is tailored to their duties and experiences.

Assignment of Functional Responsibility

Relevant functional responsibility exists in all aspects of Dun & Bradstreet's data collection, processing and dissemination activities. For example, within the General Counsel's office is a designated lawyer with global responsibility for the company's data protection policies. This individual's working knowledge of the business, and of data protection and its importance, are reflected in a broad array of publications, including numerous US and international law journals.

Operationally, each issue covered above is overseen by a senior manager and field team, with audit tools to insure full compliance with the practices.

OPTIONS FOR DATA PROTECTION PRACTICES AND RATIONALE FOR D&B'S APPROACH

Dun & Bradstreet's data protection practices in the US long predate the European Union Data Protection Directive. These practices, as noted previously, exist because "it is good business." We continually evaluate existing and proposed instruments around the world--those from the countries in which we operate and elsewhere. The complexity of the data we collect, the stated purposes for which they are collected and made available, the existing federal and state laws of the US, the expectations and needs of the US business community and economy, and the resources necessary to fulfill a role first established 155 years ago have been well served by comprehensive self-regulation.

Dun & Bradstreet's practices, much as the authors of the EU Directive sought, attempt to draw together provisions that strike a desirable balance between the interests of data subjects and the information needs of society. The data subject here is a business and its owners or principals, and the information user is the business' trading partner.

While reasons of confidentiality preclude discussion of the actual cost-benefit analyses associated with the practices chosen, some of the attendant qualitative reasons are noteworthy:

Strict controls over the access and dissemination of data increase the ability to protect intellectual property rights.

Disclosing to data subjects and other providers of information the purpose for which data are collected maximizes their willingness to provide such data. The cooperation increases data coverage, accuracy and completeness.

Insuring employees are knowledgeable about and accountable to strict confidentiality standards maintain the integrity of the systems and trust by data subjects.

SUMMARY AND CONCLUSIONS

Are data protection practices good for individuals? Yes.

Are they good for business? Yes.

The data protection practices applied by Dun & Bradstreet on a self-regulatory basis closely parallel the measures sought by national instruments. They address dissemination controls; data accuracy, currency and relevance; notification to data subjects; data subject rights for access, correction and distribution restrictions; training; documentation; management responsibility; and employee accountability. The company benefits enormously from these measures as they facilitate the most complete data possible, superior data accuracy and trusted business relations.

We believe it is the private sector's responsibility to take a leadership role in the application of data protection practices and to work with the government in developing solutions that serve the needs of the United States and its trading partners.

__________________________________

ENDNOTES

1 Schwartz, Paul M., and Reidenberg, Joel R., Data Privacy Law: A Study of United States Data Protection, 287 (MICHIE, c.1996).

2 While the United States does not have an omnibus data protection law, it does have a broad portfolio of sectoral laws, including the Fair Credit Reporting Act 15 U.S.C. §1681, which applies to reports on consumers, not reports on businesses such as those produced by Dun & Bradstreet.

3 This quotation and other similarly noted quotations are taken directly from company documentation referenced in the section entitled: "Documentation and Training."

Consumer Empowerment and the NII: Self-regulation and Technology

Patricia Faley
Vice President, Consumer Affairs
Direct Marketing Association, Inc.

INTRODUCTION

The Direct Marketing Association (DMA), the largest trade association for businesses interested in direct marketing and database marketing, is pleased to participate in the National Information and Telecommunications Administration's ongoing effort to study consumer privacy issues in the online world.

The DMA represents more than 3,000 United States corporations as well as 600 corporations from 47 other countries. DMA members use all media to reach their customers and prospects-- mail, telephone, direct response TV, radio, home shopping networks, as well as cyberspace. As a long-time champion of consumer choice and a leading advocate of self-regulation and peer regulation, the DMA continues to examine how best to ensure that consumers in the online environment are afforded opportunities both to learn about products and services of interest to them and to express their preferences regarding marketers' collection, use, or dissemination of information about them.

After brief discussions of consumer endorsement of direct marketing and its important role in the national economy, and the DMA's approach to empowering consumers in traditional media, this paper reviews the use of self-regulation and technology to protect consumer privacy in the National Information Infrastructure (NII). It demonstrates that industry guidelines, coupled with applications of new consumer choice technologies, ensure a self-regulatory regime that is flexible and second to none in protecting consumer privacy in a global medium.

THE CONSUMERS' EMBRACE OF DIRECT RESPONSE MARKETING

More than 68 percent of all American adults depend on the convenience and reliability that shopping from home offers, according to data from Simmons Market Research Bureau. A three-year study conducted by The WEFA Group found that direct marketing in the United States now generates more than $1 trillion per year in sales. The study found that in 1996 American consumers purchased nearly $635 billion in goods and services, and American businesses purchased another $543 billion in goods and services, via direct response (all media). Compound annual growth is forecast to exceed seven percent for consumer direct marketing sales and 10 percent for business-to-business direct marketing sales through 2001. The study also found that nearly 50 separate industries substantially rely on direct marketing techniques. These include the publishing, financial services, retail, catalog, high tech, and transportation industries, among others--as well as non-profit groups, charitable organizations, and political parties.

According to a Gallup study of marketing executives relea