Subject: Personalization Consortium Privacy Principles
Feb 1, 2001. "Walk the Talk" - Initiative Seeks To Establish Verifiable Privacy Standards Speaking on behalf of the rapidly expanding personalization industry, the Personalization Consortium today issued privacy principles and a framework for developing comprehensive guidelines for conducting independent, third-party privacy audits. While the principles (see below) provide best practices that businesses can follow to ensure consumer confidence in their privacy policies, the auditing framework will establish an industry-wide standard for testing businesses' actual privacy practices against these principles. The Personalization Consortium is an advocacy group formed to promote the responsible and beneficial use of technology for personalizing consumer and business relationships. "Our intent with these principles and the auditing guidelines is two-fold: first, to provide an instructional template to help companies devise and communicate their own privacy policies, and second, to enable them to follow a set of verifiable auditing guidelines when commissioning a third-party audit. The model will be analogous to how businesses today follow General Accepted Accounting Principles when reporting their financial statements, which are then subject to independent audit," said Don Peppers of Peppers and Rogers Group, Co-Chair of the Consortium. Privacy Principles Foster Trust These privacy principles pertain to data about individuals and households that is collected, held, used or shared for the purpose of marketing. The Consortium may modify these principles over time, as needed, to keep them at the forefront of the personalization industry. 1. Notice. We will provide you with clear and conspicuous notice of our information practices, including what information we collect about you, how we collect it, hold it, if and how we share it, and how we use it. This notice may include, among other things: --the transparency of data collection --our methods for collecting individual and household information both directly from you and from third parties --what individual or household information we retain and how long we keep it --whether or not we combine information about you from multiple sources --whether or not we disclose information about you to other parties 2. Relevance. We will collect only the amount of individual and household information necessary to perform a specified set of tasks, consistent with notice. 3. Security. All information we have about you will be safeguarded with appropriate security methods and technologies. We will maintain internal measures designed to limit access to your personally identifiable information to only those employees or contractors who require access in order to do their jobs. All of our employees will be trained regarding our privacy policies as well as the sensitivity of your personal information. 4. Choice. When we collect, hold, use or share individual or household information, we will seek your consent through notice and an opportunity to opt-out, explicit permission obtained in advance, or some other reasonable means. 5. Sensitive Information. We recognize the sensitive nature of certain individual and household information. We will not share this sensitive information without your express and informed consent, and will measure its compliance with existing legislation and regulation. 6. Access & amp; Accuracy. When we collect, use, hold, share individual and household information about you, we will offer you reasonable access to that information subject to legal, technological or security constraints. We will make reasonable efforts to provide you with the opportunity to correct or delete individual and household information about you and that we will make a good faith effort to ensure our information about you is, and remains, accurate. Key Elements of Audit Framework The Personalization Consortium Board of Directors has agreed to require that all Consortium member organizations submit to this privacy auditing process. In the course of conducting the audit, a third-party practitioner will use the Consortium's audit criteria as the basis for assessing whether the member company is complying with the privacy principles. In addition, the Consortium will announce a process for enforcement and recognition later this spring. 1. Upon applying for membership, organizations agree to comply with the Consortium's privacy principles. 2. As part of the application process, organizations agree to undergo an audit that measures their compliance with the privacy principles. Organizations that have applied for membership are required to pass an audit and submit a report to the Consortium within 12 months of applying to become a member. A Safe Harbor window will be granted to current members. 3. To maintain membership in the Consortium, member organizations must turn in a passing audit report to the Consortium each year. 4. The Consortium will create a standard audit report for verification. The Consortium will define "substantial compliance," which shall be required for an audit report to be considered "passing." 5. Initially, qualified auditors must be CPAs or CAs. 6. Comprehensive audit guidelines with redress and recognition procedures will be announced in the spring of 2001. 7. The cost of the audit will be set by the auditors. Based on conversations with auditing firms, the cost is anticipated to be dependent on the amount of individual or household information actually collected by the member organization. An organization that collects very little information will incur a correspondingly lower cost. About the Personalization Consortium Founded in April 2000, the Personalization Consortium is an advocacy group of companies formed to promote the responsible and beneficial use of technology for personalizing consumer and business relationships. Founding members include 24/7 Media, American Airlines (NYSE: AMR), BroadVision (NASDAQ: BVSN), Chell Merchant Capital Group (NASDAQ: CHEL), DoubleClick (NASDAQ: DCLK), eCustomers, Inc., Elity Systems, E.piphany (NASDAQ: EPNY), eSupplies.com, Frequency Marketing, !hey inc., I-Behavior, Individualize.com, Magnify, Nexgenix, NextClick, Peppers and Rogers Group, PricewaterhouseCoopers, Persona, Servicesoft, u1.Net, Wheelhouse and YOUpowered. Personalization is the use of technology to tailor content to the needs of individual consumers. Personalization allows businesses to market to customers on a one-to-one basis. The benefit to customers is better, more relevant and effective products and or services; the benefit to providers is increased loyalty and a greater share of each customer's business. Information on the Personalization Consortium is available on the World Wide Web at www.personalization.org; by contacting Consortium headquarters at 401 Edgewater Place, Suite 500, Wakefield, MA 01880; Tel: 781-245-4280; or by sending email to email@example.com. CONTACT: Personalization Consortium | Adam Rosenbaum, 781-245-4280 | firstname.lastname@example.org
Copyright © 2001 KDnuggets. Subscribe to KDnuggets News!