The Issue That Can be Ignored No Longer

“Do-not-call lists are here. Do-not-spam regulations are being introduced. Do-not-mail legislation may not be far behind. The privacy issue may be the biggest concern the direct-to-consumer industry has as it moves forward.”

These were the sobering words of Ben Perez, president of the Millard Group and chairman of The Direct Marketing Association’s (DMA) 11th Annual Catalog-on-the-Road Conference, which was held in Boston last month. “The direct marketing industry is on the government’s radar screen regarding privacy,” he continued, “and the attention is at a level that shouldn’t be ignored.”

In related news, The DMA last month announced new initiatives to help direct and interactive marketers protect consumers’ personally identifiable information (the acronym is PII — best to memorize it, because you’ll probably see more of it from now on). PII includes a customer’s name, credit card number, social security number, address and other pertinent data.

The DMA’s new information-security guidelines, established in cooperation with the Federal Trade Commission, are meant to help marketers provide secure transactions for consumers’ purchases and to protect databases in which consumers’ PII is stored against unauthorized access, alteration or dissemination.

In short, the guidelines are meant to elicit direct marketers’ help in thwarting, among other crimes, consumer identity theft — which, in case you didn’t know, is the fastest-growing crime in America. At present, the U.S. Justice Department reports that up to 700,000 people a year are victimized.

As a direct marketer, you are the repository for your customers’ PII, so it’s imperative that you take precautions to safeguard the information in your database. The following are among the DMA’s new guidelines:

Train and supervise your staff to maintain security. Do you conduct regular security audits and response exercises? Do you rank data by level of sensitivity and assign security clearances accordingly?

Devise a security checklist. Do you have liability insurance to cover possible security breaches of your customer database?

Use technology to guard personal data. Do you employ the latest virus-protection software and firewalls? Do you review audit logs for evidence of intrusions? Do you “shred” electronic data before dumping it?

Solicit help from your data suppliers and business partners. Ask potential business partners about their security practices before you share data with them. Avoid unusual or suspicious list requests.

The DMA offers more helpful steps at its Web site: www.the-dma.org/privacy/informationsecurity.shtml.