Before the

United States Department of Commerce

Washington, D.C.

 

 

 

COMMENTS

OF

THE DIRECT MARKETING ASSOCIATION

ON

ELEMENTS OF EFFECTIVE SELF REGULATION
FOR THE PROTECTION OF PRIVACY
AND QUESTIONS RELATED TO ONLINE PRIVACY

 

 

 

 

 

 

 

Counsel:

Gerald Cerasale Robert Sherman Ronald Plesser

Senior Vice President, Government Affairs Paul, Hastings, Janofsky Emilio Cividanes

Patricia Faley & Walker L.L.P. Stuart Ingis

Vice President, Consumer Affairs 399 Park Avenue Piper & Marbury L.L.P.

Direct Marketing Association, Inc. New York, NY 10022 1200 19th Street, N.W.

1111 19th Street, N.W., Suite 1100 212/318-6000 Washington, D.C. 20036

Washington, D.C. 20036 202/861-3900

202/955-5030

 

 

July 6, 1998

INTRODUCTION

The Direct Marketing Association, Inc. ("The DMA"), the largest trade association for businesses and organizations interested in direct, database and interactive marketing, is pleased to comment to the Department of Commerce on "Elements of Effective Self Regulation for the Protection of Privacy and Questions Related to Online Privacy."

As a long-time champion of self-regulation, peer review and consumer choice, The DMA has been an active participant in working with the administration in adopting its approach to information practices in the global information infrastructure. The association concurs with the Clinton Administration position that the Internet and the Information Age hold great promise for consumers and business.

The DMA in the past several years has participated in Administration privacy initiatives including the Draft and the Revised Draft Principles for Providing and Using Personal Information; the publicly released draft of "Options for Promoting Privacy on the National Information Infrastructure"; the principles and positions set forth in "A Framework For Global Electronic Commerce"; Consumer Empowerment and the NII: Self-Regulation and Technology as submitted to the White House Task Force; efforts to demonstrate the adequacy of United States information practices for compliance with the European Union Data Directive, as well as various other government-sponsored round tables, summits, and conferences on privacy.

The DMA recently established mandatory compliance programs requiring its members, as a condition of membership, to provide their customers with notice and opt-out in the use of customer information for marketing purposes, and to subscribe to DMA's established consumer services that give consumers the ability to remove their names from lists so that they will not receive unsolicited promotions from national marketers (the Mail Preference Service and Telephone Preference Service).

We submit these comments to reassert our conviction that self-regulation is the most effective method for establishing effective privacy protection on the Internet, and must be the cornerstone of any domestic or global approach for assuring privacy online. The DMA and its members have made significant progress in the implementation of the Framework for Global Electronic Commerce since its announcement one year ago. Although this progress has gone generally unrecognized, the fact remains that industry guidelines, consumer choice technologies, and an extensive educational campaign are now in place to create a privacy regime that is both flexible and effective, requirements for the Information Age. The U.S. Government and the Department of Commerce should continue to support the development of an industry-led self-regulatory regime to ensure that this progress will continue.

The DMA's comments:

• summarize advances that The DMA and others have made toward meeting the Elements of Effective Self-Regulation for Protection of Privacy;

assess the current state of information practices on the Internet; and

• suggest important concepts that should be added to the Draft Elements and encouraged by the Department of Commerce.

I. INDUSTRY'S SELF-REGULATORY EFFORTS FOR ONLINE PRIVACY

Industry has taken significant action toward all of the "Essential Elements of Privacy" outlined in the Department of Commerce's staff discussion paper (Exhibit A).

A. Education

The DMA has a vital interest in educating its members and the general public about the responsibilities of persons who collect and use data, as well as educating consumers about the process. The DMA has developed numerous materials to promote responsible information practices in broadcast, telephone, print and interactive media nationwide and now has done so for the online arena. The DMA has also developed a Web page devoted to privacy and launched its Privacy Action Now and Privacy Promise initiatives. The DMA has taken extra steps toward ensuring responsible information practices for children, including its http://www.cybersavvy.org Web page aimed at children, parents, educators, and librarians, and providing them with tools, information, and resources to ensure safe Web surfing. The "hard copy" version of the Web site, Get CyberSavvy!, was recently featured in a mailing to more than 100,000 principals across the country by Net Day, a nonprofit group whose objective is to hook the nation’s schools up to the Internet. Get CyberSavvy has the distinction of being awarded first place honors for excellence in consumer education by the National Association of Consumer Affairs Administrators.

One aspect of The DMA's educational effort aimed at companies is its Privacy Policy Generator (http://www.the-dma.org/policy.html). This tool enables companies to create customized privacy policies for posting on their web sites based on the companies' policies regarding the collection, use, and sharing of personal information. The utility of this tool and the ease with which it is used is demonstrated by the more than 700 companies that have used it and have sent policies to The DMA for review.

B. Technical Solutions

Technology, too, is playing a leading role, helping users determine and enforce the ways that information about them is used and collected in light of the unique characteristics of the Internet. Here again, The DMA and marketers are playing a pivotal role. Industry encourages and supports, indeed helps to develop and promote, such software. Under this model, it will be the individual user, rather than industry or government, who will determine the uses of information.

An initiative that supports this concept, the Platform for Privacy Principles "P3P," will be soon available. This initiative, undertaken by the World Wide Web Consortium, is developing a "negotiation" approach for the protection of privacy. A broad coalition of information providers, advertising and marketing specialists, software developers, credit services, telecommunications companies, and consumer and online advocates are working together on this effort to develop a technological solution that will protect privacy in a manner that does not hinder the development of the Internet as a civic and commercial channel. It allows a user to agree to, modify, or reject the privacy practices of a web site and then be fully informed in advance of interacting with or disclosing information to a site.

This approach will use "negotiation" or "handshake" technology to cater to an individual's privacy preferences with specificity and effectiveness not available in other media. It will enable Webmasters to classify information practices on their sites according to a uniform classification system, and enable consumers to "set" personal privacy preferences within their Web browsers. When a consumer visits a Web site that collects information from visitors, the Web site will collect and use personal information of the consumer according to the consumer's pre-set preferences.

C. Online Privacy Principles

In recognition of the emerging importance of the Internet to DMA members, The DMA developed Privacy Principles and Guidance for Marketing Online. The DMA's Guidelines for Ethical Business Practice, which incorporates these online principles, apply to marketing in all media and are intended to highlight issues that are unique to online and Internet marketing (Exhibit B).

Additionally, The DMA recently developed Online Children's Guidelines in order to address the heightened concern for the manner in which such information is collected and used (Exhibit C).

II. CURRENT INTERNET EXPERIENCE

Industry has made significant progress in developing effective information practices for web sites since the release of the Framework for Global Electronic Commerce one year ago. However, the FTC's June 1998 report to Congress on online privacy ("FTC Report") and the often cited March 1998 Business Week survey discount industry's accomplishments. These surveys have misleading headlines and unjustifiably characterize the current state of information practices on the Internet in a negative manner. A closer and more thoughtful examination of the ways in which most individuals use the Internet reveals that the majority of consumer Internet experiences occur on sites with posted information practices. Never before, in marketing or in other industries, has self-regulation evolved as swiftly, flexibly, comprehensively and in such a multifaceted manner, as it has on the Internet.

A. Progress from Industry Efforts is Significant

A recent DMA initiative demonstrates the impact that industry efforts have had on the development of responsible online information practices. Since January 1998, The DMA has scanned sites on the Web and directly contacted those sites that did not have a privacy policy posted. In order to measure the effectiveness of its initiative, The DMA has tracked the increase in postings of online information practices (Exhibit D). The results are very encouraging. For example, as of May, a majority of sites on the Kids Hot 100, Biz Hot 100, and Shopping Hot 100 post privacy policies, a marked increase since January. This study reflects the progress made as a direct result of efforts to familiarize industry with appropriate online information practices.

The DMA study found the following percentages of targeted sites posting privacy policies:

70 percent of Kids Hot 100 in May 1998 versus 38 percent in January 1998.

64 percent of Biz Hot 100 in May 1998 versus 47 percent in January 1998.

51 percent of Shopping Hot 100 in May 1998 versus 36 percent in January 1998.

The significant improvement demonstrated by the results of this study is further confirmed by an evaluation of the top 25 commerce-related sites as identified by Jupiter Communications just last month. Twenty-one of these sites have privacy policies and notices (Exhibit E).

There are several indirect benefits that also emerge from the existence of privacy policies on the most trafficked Web sites. First, companies with less visited sites begin adopting privacy policies, seeking to imitate the practices of successful commercial sites. Second, consumers begin to expect the posting of these policies at other, less familiar sites, as they see and become accustomed to privacy policies posted at the most trafficked and trusted commercial sites. Thus, consumers themselves will bring market pressure on those less frequented sites to adopt and post privacy policies. A benchmark for competition in ensuring privacy is emerging.

B. The Threat to Consumer Privacy Has Been Overstated

The DMA supports the efforts of both the Federal Trade Commission and the Department of Commerce aimed at furthering self-regulation for ensuring responsible information practices on the Internet. However, The DMA believes that the threat to consumer privacy online has been overstated. For example, the June FTC Report fails to reflect the relationship between the experience of most Web users and the presence or absence of privacy policies at sites. Moreover, the FTC study fails to indicate any harm that has occurred from the fact that information has been obtained by Web sites. This omission could result in the government recommending unnecessary and unduly burdensome regulations that could have the unintended negative effect of inhibiting the development of commerce on the Internet. Certainly, the economic contributions of the Internet -- and specifically its impact on GDP -- have been widely cited and recognized. This growth in consumer and business-to-business online marketing actively could not happen without an implicit demonstration of trust.

Without discounting the need to continue encouraging Web sites to post their information practices, The DMA believes that it is a faulty assumption to believe that users are harmed by existing information practices. At very least, an assessment of those practices and a determination of whether they result in any adverse effect on consumers must be made.

The FTC counted the number of sites that had privacy policies, regardless of whether or not the sites are visited by consumers, frequently or at all. The manner in which individuals use the Web indicates that the majority of consumer Internet experiences and transactions occur on the most popular Internet sites, most of which have posted privacy policies. When considered in light of the fact that the experiences of a majority of Internet users are dominated by visits to the more popular sites, the results of The DMA study, the survey of Jupiter Communication's top sites, and the FTC Most Popular sites survey all demonstrate that meaningful and effective privacy practices do currently exist online for consumers.

Even if the preferred method for evaluating the effectiveness of online privacy practices is one that focuses on a mere numerical count, the FTC Report's survey does not support the conclusion that "effective industry self-regulation with respect to the online collection, use, and dissemination of personal information has not yet taken hold." We agree with the news magazine that stated: "A closer look at the FTC's methodology shows the threat to consumer privacy was grossly overstated by both the FTC and the media that covered the story."

The FTC survey over-represented the practices that raise "significant consumer concerns regarding privacy online" because it included at least one unobjectionable practice within this category, which inflated the number of sites it deemed to be "collecting" information. This methodological decision in turn reduced the percentage of sites considered to have privacy policies posted. Specifically, under the FTC's criteria, it was sufficient for a site to enable consumers to "Contact Us" or "Send Us Your Comments" by means of an e-mail address link for it to fall within the category of sites that "collect information."

Although an individual e-mail address and name is likely to be included when an individual sends an e-mail message, this is hardly the type of information practice that consumers who regularly use the Internet are concerned with. This is far different from sites that ask users to fill out application forms, surveys, questionnaires, or merchandise order forms, or who surreptitiously collect personally identifiable information. Indeed, presumably because providing the site's contact information is a practice favored by consumers, consumer advocates encourage sites to provide such a mechanism. For example, Georgetown University Professor Mary Culnan has characterized the provision of an e-mail address by an organization as a mechanism for "consumer education." A mechanism for consumer education is not normally characterized as a practice that threatens privacy.

When one removes from the FTC study those sites where the only means of collecting personal information is the receipt of an e-mail message from a consumer, far fewer sites qualify as "collecting" information from consumers. For example, of the first 35 of the top 100 commercial sites surveyed for the FTC study, less than half collect information in any manner other than providing the ability to contact the company via e-mail (Exhibit G).

Consequently, even using the FTC's approach of making a numerical count of sites that have privacy policies regardless of whether the sites are visited by consumers, the FTC's survey appears to have, in effect, substantially understated the percentage of sites that post privacy policies (by overstating the number that collect information).

If the government concludes that legislation is needed to protect Americans in their online experience, it should be based on evidence of actual or threatened harm to individuals. This is the precedent for privacy legislation in the United States that governs the private sector. Instead, the government is spending far too much of its resources studying practices that pose no harm to consumers and, to the contrary, help consumers by increasing purchasing information and convenience through electronic commerce. In our opinion, government would better allocate its resources on education efforts to assist businesses with the reasons for and resources available to assist in posting privacy policies.

C. Electronic Commerce Is Growing Rapidly

All evidence indicates that Internet usage is growing at a rapid rate. A recent Business Week study conducted by Forrester Research forecasts that electronic commerce will account for $349 billion by 2002, resulting in a $10 billion to $20 billion increase in domestic economic output. Erroneous and alarming statements about privacy practices on the Internet, by our government, may themselves reduce consumer confidence and comfort in engaging in electronic commerce. The DMA beleives that the Department of Commerce should publicly acknowledge the significant progress that is occurring in online privacy practices, and should oppose the adoption of government regulation that would disrupt the exponential growth of the Internet as seen in the statistics set forth in The Emerging Digital Economy. Such positive statements will further the Department's mission of promoting economic growth and U.S. competitiveness in the global marketplace.

The facts make clear that consumers are not reluctant to engage in Internet commerce or to use the Internet. The Emerging Digital Economy cites one estimate that up to 101 million people were online worldwide in 1997. This same survey indicates that 10.1 million people had made purchases online by the fall of 1997, an increase of over 35 percent from the 7.4 million consumers six months earlier. America Online has shown a growth in customers during the past year of more than sixty percent, from under 8 million to almost 13 million members. If concerns of lack of information privacy were widespread, consumers would have a reluctance to engage in commerce at Internet sites. In fact, this is not the case. Internet commerce is growing at extraordinary rates on many sites. Amazon.com is a perfect example of a company that is demonstrating that consumers are embracing Internet commerce. Amazon.com in the period from March 31, 1997 to March 31, 1998 had a 564 percent increase in customers and is now the third largest bookseller in the United States. Consumer acceptance of online marketing activity is exceeding all forecasts.

D. Adequate Security Exists for the Transmission of Information Over the Internet

Any reluctance of consumers to engage in commercial Internet transactions is likely attributable to unfamiliarity with the new medium and a concern that an individual's information is insecure. This security fear is distinctly different from the information privacy fear that has been put forward, and it, too, is far overstated.

The experiences of customers and merchants who engage in commercial transactions over the Internet show that sufficient security mechanisms exist to ensure that information transferred during the transaction is secure. As of June 16, 1998, Amazon.com reports that none of its 2.2 million customers has reported fraudulent use of a credit card as a result of purchases made using its Internet site. Not one case of fraud on this, the leading online shopping site, has been reported. Users are becoming more familiar with the "unbroken key" that appears on the Netscape browser indicating that a more secure channel for transmission of information exists and, as a result, are increasingly engaging in commercial transactions.

If the Department of Commerce's goal is to promote commerce, it should not be a participant in the effort of those who raise consumer fears, which can only inhibit commerce.

III. ELEMENTS OF EFFECTIVE SELF-REGULATION

Several concepts are important considerations for self-governance that should be reflected in the NTIA elements paper.

A. Proportionality

The first concept is that of proportionality. Privacy protection mechanisms should be commensurate with the harm that can arise from use of that information. As Professor Peter Swire has observed in a slightly different context: "Where the likely harm to [consumers] is greatest, the argument for government regulation becomes stronger."

Thus, government must employ a sectoral approach in its evaluation of information protection online. The DMA does not consider information collected for marketing purposes to constitute information that "harms" consumers. With any scrutiny, no one should disagree. The direct marketing industry collects and uses marketing information to serve existing customers and to acquire new customers. It is in the business of building positive, long-term relationships with consumers.

Information about individuals is a valued resource for the industry, allowing direct marketers to reach and serve those consumers that are more likely to have an interest in their products or services. The use of information by marketers enables both large and small businesses to acquire new customers in a cost-efficient manner. Direct marketing results in no demonstrable harm and in no restriction of opportunities. The worst "harm" that normally results is the receipt of an unsolicited marketing communication, that somehow missed its mark.

An example of the concept of proportionality can also be seen in determining whether to require record keepers to provide individuals with access to information about them. The provision of access can be a very complicated and expensive undertaking and may raise and increase security concerns. In many cases, providing access would eliminate many valuable uses of information, with virtually no consumer benefit. It is a Fair Credit Reporting Act concept that has little or no value in the context of consumer purchases. For this reason it is important that the U.S. self-regulatory advocates and developers temper the requirement of access when applying it to areas such as direct marketing. A consideration of the potential costs, benefits, the possibility for harm including increased security risks, and the burden of compliance for each practice, when evaluated in the context of transactional data, makes access burdensome and inappropriate.

B. Enforcement Alternatives

Ethics peer review of information practices has been the primary method of enforcement for the direct marketing industry, and has proven to be very effective. It is, however, but one of a variety of methods of enforcement against insufficient data protection practices. In addition to the emerging technological solutions described earlier, existing laws and the need to respond to market forces are among the other factors that generate compliance. They are discussed below.

1. Market Forces

The direct marketing industry's experience demonstrates that the market furnishes the most effective enforcement consequences. When consumers fail to perceive that a company engages in acceptable consumer practices, the company soon will be without customers. As a result, a driving force behind the creation of self-regulatory codes has been market forces as demonstrated by consumer opinion and practices. Consumers vote with their wallets. The market rewards companies that use information in a manner that makes consumers comfortable. For example, as the Boston Consulting Group's 1997 online survey and other polls have shown, online users are more likely to visit and interact with Web sites that display privacy notices than with those that do not. Responsible marketing is good business.

2. Importance of Technological Solution as Internet is International

As the Internet is inherently global and decentralized in nature, self-regulatory mechanisms possess the greatest promise for assuring effective online information practices. A United States government regulated approach to information practices will not result in practices that will be followed globally. An international consensus on privacy, as a practical matter, will not occur soon because of the vast cultural differences and experiences of the various nations of the world. Consumer empowerment technologies like the W3C Platform for Privacy Preferences, where individuals located anywhere can set their own preferences, will lay the foundation for a robust global Internet marketplace that allows for the existence of different cultural practices and still keeps control in the individual consumer.

P3P and the variety of user empowerment software demonstrate that these technologies have considerable promise. The Department of Commerce should continue to encourage these efforts and emphasize the importance of allowing more time for these tools to develop.

3. Governmental Enforcement

In the direct marketing arena it will not be necessary for any new law enforcement mechanisms. They already exist. When a company states that it has adopted specific information practices, and deviates from those practices, the company faces law enforcement action by the FTC or its state counterpart. Section 5(a) of the Federal Trade Commission Act makes unlawful all "deceptive acts or practices in or affecting commerce" and grants the FTC authority to prosecute. Similarly, state laws enable state attorneys general to sue companies for engaging in deceptive trade practices.

IV. OTHER IMPORTANT SELF-REGULATORY INITIATIVES

A. Industry Codes and Oversight

The DMA has been at the forefront of developing effective, responsible self-regulatory codes governing the uses and transfer of information by the direct marketing industry. The cornerstone of the industry's self-regulatory codes is The DMA's Guidelines for Ethical Business Practice, first developed in 1960.

The DMA's Ethics Policy Committee, which is composed of representatives of leading companies in the industry, constantly reviews and updates these guidelines. This committee has proven very effective in its ability to react to technological advances, developing media, and changes in methods of doing business, and in a timely manner. An example of its responsiveness to changes in the industry is The DMA's adoption of Privacy Principles and Guidance for Online Marketing.

The DMA, as a result of its extensive membership, has been very effective in establishing industry-wide compliance with its various codes and guidelines. Through its Committee on Ethical Business Practice, a peer review program, The DMA responds to cases of alleged Guideline violations brought to its attention by an array of sources — business, consumers, public officials, and the media. This peer-review process is effective. Most cases are resolved through cooperation with the Committee and its recommendations. Members that do not resolve complaints cooperatively are also subject to review by The DMA Board of Directors with the potential for suspension, expulsion, or censure. In those instances where violations of law are also found, the Committee refers matters to the appropriate law enforcement agencies.

B. Consumer Empowerment

The DMA has been very active in developing tools and services to educate and empower consumers on how to control information about them. The DMA has an extensive consumer education initiative which continually informs consumers of DMA programs and services and consumers may use them in making choices regarding information practices. The DMA recently established, as a condition of membership, mandatory programs that will require companies to provide notice and opt-out to their customers and to subscribe to the Mail Preference and Telephone Preference Service beginning July , 1999.

The DMA's Mail Preference Service (MPS) and Telephone Preference Service (TPS), free of charge, give consumers the ability to remove their names from the lists of national marketers, substantially reducing their national advertising mail and telephone marketing calls. MPS and TPS currently provide name removal to approximately 3 million and 2 million Americans, respectively. In addition to these U.S. services, a global convention of Mailing Preference Services was signed by The DMA and the direct marketing associations of various other countries to provide for the exchange and extension of MPS service listings in international, cross-border marketing efforts.

V. ABOUT THE DMA

The DMA is the largest trade association for businesses interested in direct, database and interactive marketing and database marketing. The DMA represents more than 3,500 companies in the United States and 49 foreign nations. Founded in 1917, its members include direct mailers and direct marketers from 50 different industry segments, as well as the non-profit sector. Included are catalogers, financial services, book and magazine publishers, retail stores, industrial manufacturers, and a host of other segments, as well as the service industries that support them.

The DMA members use all forms of traditional media to reach their customers and prospects—mail, telephone, direct response TV, radio, home shopping networks and interactive platforms. As a long-time champion of consumer choice and a leading advocate of self-regulation and peer regulation, The DMA continues to examine how best to ensure that consumers are afforded opportunities both to learn about products and services of interest to them and to express their preferences regarding marketers’ collection, use, or dissemination of information about them.

The DMA member companies are among those most likely to benefit immediately from the growth of the Internet for commercial transactions, as many DMA members have existing infrastructure and distribution systems in place with the capabilities necessary to complete Internet transactions. Members of The DMA, including PC Flowers, Omaha Steaks, Fingerhut, Spiegel, AOL, Disney, and L. L. Bean are among the pioneers of Internet retailing. When considered in light of the size of the direct marketing industry in the U.S., the potential Internet market and its effects on the economy are significant. Customers, including businesses, will make about $4 billion in online purchases from direct marketing this year. As a result, The DMA has been working diligently to apply its successful self-regulatory system from the traditional media to the Internet and its World Wide Web.

VI. CONCLUSION

Electronic commerce is growing and substantial progress has been made in the implementation of a privacy regime that is flexible and effective for the Information Age. The Department of Commerce should continue to support the development of an industry-led self-regulatory regime so that this progress can further evolve and flourish, in the United States and globally. The greatest threat to the growth of electronic commerce is a perceived lack of adequate security, not a lack of adequate privacy protection. The Department of Commerce should continue to support Internet growth by supporting self-regulation.

 

 

 

 

 

 

Exhibit A

 

Industry's Self-Regulatory Efforts for Online Privacy

 

DOC Essential Elements

of Privacy

Industry Actions

 

A. Fair Information Practices

2. Awareness

· Privacy Policies

 

 

 

 

 

· Notification

 

 

 

 

 

 

· Consumer Education

 

 

 

 

 

 

 

 

 

 

 

· DMA: Privacy Policy Generator (PPG)

· DMA: Web scan for privacy policies

· Call For Action (CFA): ABCs of Privacy Education Campaign (www.callforaction.org*)

· TrustE: www.truste.org

· US Council for International Business

· Individual Reference Services Group (IRSG)

· DMA: Marketing Online Privacy Principles and Guidance

· Call For Action (CFA): ABCs of Privacy Education Campaign (www.callforaction.org*)

· Privacy Rights Clearinghouse

· EPIC

· IRSG

· DMA: Get CyberSavvy! and www.cybersavvy.org

· DMA: www.the-dma.org (Consumer Resources)

· American Library Association (ALA): www.ala.org

· Interactive Services Association (ISA): Project Open (www.isa.net)

· Call For Action (CFA): ABCs of Privacy Education Campaign (www.callforaction.org*)

· TrustE: www.truste.org

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

*Under Development

 

DOC Essential Elements

of Privacy

Industry Actions

 

 

· Industry Education

 

 

 

 

 

2. Choice

 

 

 

 

 

3. Data Security

 

 

4. Consumer Access

 

 

 

 

 

· DMA: www.the-dma.org (Industry Resources)

· DMA: Privacy Policy Generator (www.the-dma.org/policy.html)

· DMA: Privacy Action Now! (Brochure and Online)

· DMA: Project Positive

· TrustE: www.truste.org

· DMA: Privacy Membership Requirements

· DMA: Privacy Policy Generator (PPG)

· DMA: www.the-dma.org (Consumer Resources)

· DMA: Preference Services (TPS, MPS, EMPS*)

· W3C: P3P

· IRSG

· DMA: Participation in Encryption Coalitions

· W3C: P3P

· IRSG

· DMA: Nature of Information*

· W3C: P3P

· Open Profiling Standard (OPS)

· Medical Information Bureau

· IRSG

· Fair Credit Reporting Act (FCRA)

 

 

*Under Development

 

DOC Essential Elements

of Privacy

Industry Actions

 

 

B. Enforcement

3. Consumer Recourse

 

 

 

 

 

 

2. Verification

 

 

 

3. Consequences

 

 

 

· DMA: Mail Order Action Lines (MOAL)

· DMA: Preference Services (TPS, MPS, EMPS*)

· DMA: Reports to the DMA Committee on Ethical Business Practice

· Children’s Advertising Review Unit (CARU)

· TrustE: www.truste.org

· IRSG

· CBBB

· DMA: Privacy Membership Requirements

· Posted Privacy Policies Enforced Under FTC’s Fair Information Practices Law

· IRSG

CBBB

· DMA: Action by the DMA Committee on Ethical Business Practice

· IRSG

· CBBB

 

*Under Development

 

 

 

 

 

 

Exhibit B

 

 

 

The Direct Marketing Association's

"Marketing Online Privacy Principles and Guidance"

http://www.the-dma.org/busasst6/busasst-onmarkprivpr6a7.shtml

 

 

 

 

 

Exhibit C

 

 

 

Exhibit C-1

Approved 6/25/98 by DMA Board of Directors

Position on Marketing to Children Online

The DMA recognizes that online communications present challenges for families and for companies that are different from, and more complex than, those of communicating in traditional media. Families are understandably concerned about their young children’s experience online and, in response, The DMA has committed resources to educate families, develop and promote technology tools for parents and set a firm course for responsible corporate policy development.

While parents understand their responsibility to set and enforce online rules for their families, The DMA also acknowledges the duty of business to be responsible online marketers in addressing the special needs of young children. The DMA proposes the following guidelines for marketers operating online sites targeted to children under 13:

· Marketers should not collect personally identifiable information online from a child under 13 without prior parental consent or direct parental notification of the nature and intended use of such information online and an opportunity for the parent to prevent such use and participation in the activity. Online contact information shall only be used to directly respond to an activity initiated by a child and not to recontact a child for other purposes without prior parental consent. However, a marketer may contact and get information from a child for the purpose of obtaining parental consent.

· Marketers should not collect, without prior parental permission, personally identifiable information online from children that would permit any off-line contact with the child.

· Marketers should not distribute to third parties, without prior parental permission, information collected from a child that would permit any contact with that child.

· Marketers should take reasonable steps to prevent the online publication or posting of information that would allow a third party to contact a child off-line unless the marketer has prior parental consent.

· Marketers should not entice a child to divulge personally identifiable information by the prospect of a special game, prize or other offer.

· Marketers should not make a child’s access to a Web site contingent on the collection of personally identifiable information. Only online contact information used to enhance the interactivity of the site is permitted.

The following assumptions underlie these online guidelines:

When a marketer directs a site at a certain age group, it can expect that the visitors to that site are in that age range; and

When a marketer asks the age of the child, the marketer can assume the answer to be truthful.

 

 

 

 

 

Exhibit C-2

 

 

 

The Direct Marketing Association's

"Get CyberSavvy! The DMA's Guide to

Parenting Skills for the Digital Age:

Online Basics, Behavior and Privacy"

http://www.cybersavvy.org

 

 

 

 

 

 

Exhibit D

 

 

 

News Article from The Direct Marketing Association's

DirectLine

"DMA Scan Shows Most Web Sites Post Privacy Policies"

http://www.the-dma.org/texis/scripts/news/newspaper/+SwwBmXeh9m2wwwr/displayArticle.html

 

 

 

 

 

 

 

Exhibit E

 

 

Top 25 Commerce-Related Sites

 

 

 

 

List of Top 25 Commerce-Related Sites, Jupiter Communications (March 1998)

Source: Relevant Knowledge

 

 

 

 

 

Exhibit F

 

 

 

The Industry Standard

"Privacy Double Standard"

http://www.thestandard.net/articles/article_print/1,1454,631,00.html

 

 

 

 

 

 

 

Exhibit G

 

 

Survey of Retail Web Site Information Collection Practices

(6/98 FTC Online Privacy Report Appendix C)

As of 6/16/98

 


Site Name

E-Mail
Contact Link

Other Way(s)
to Submit Info

www.1forthearts.com

Yes

Yes: become member

www.72marketst.com

Yes

No

www.aaasunglass.com

BAD URL

 

www.abyssbooks.com

Yes

No (points to amazon.com)

www.adfarrow.com

Yes

No

www.aeon.com

Yes

No

www.akronmusic.com

Yes

Yes: appraisal/locator

www.ambercoffee.com

No

No

www.anglersmarine.com

BAD URL

 

www.associatedradio.com

Yes

Yes: ordering

www.audiooptions.com

Yes

No

www.audiounlimited.com

Yes

Yes: obtain quote

www.bartels-hd.com

Yes

No

www.baskinrobbinsicecream.com

Yes

No

www.bass-station.com

Yes

No

www.bethsfarmkitchen

Yes

No: print & fax order

www.bibliofind.com

Yes

Yes: subscribe

www.bigbrand.com

Yes

No

www.bookmans.com

Yes

Yes: guest book

www.brashop.com

Yes

Yes: comment; request info.

www.broadwaycafe.com

No

No

www.broncobelle.com

Site Not Working

 

www.bronzeart.com

Yes

Yes: ordering

www.brunoscipioni.com

Yes

No

www.caccess.com

Closed -- Renovating

 

www.cafedumonde.com

Yes

Yes: ordering

www.camerashopinc.com

Yes

Yes: subscribe; order

www.campbelldrugstore.com

Yes

No

www.capetowncorp.com

No

No

www.capitaltoyota.com

Yes

Yes: order; get quote

www.car-quote.com

Yes

No

www.cartron.com

Yes

Yes: refer friends

www.cdnow.com

Yes

Yes: create account; order

www.cherrys.com

Yes

No