KDnuggets : News : 2001 : n03 : item2    (previous | next)


Subject: Personalization Consortium Privacy Principles
Feb 1, 2001. "Walk the Talk" - Initiative Seeks To Establish Verifiable
Privacy Standards

Speaking on behalf of the rapidly expanding personalization industry,
the Personalization Consortium today issued privacy principles and a
framework for developing comprehensive guidelines for conducting
independent, third-party privacy audits. While the principles (see
below) provide best practices that businesses can follow to ensure
consumer confidence in their privacy policies, the auditing framework
will establish an industry-wide standard for testing businesses'
actual privacy practices against these principles. The Personalization
Consortium is an advocacy group formed to promote the responsible and
beneficial use of technology for personalizing consumer and business

"Our intent with these principles and the auditing guidelines is
two-fold: first, to provide an instructional template to help
companies devise and communicate their own privacy policies, and
second, to enable them to follow a set of verifiable auditing
guidelines when commissioning a third-party audit. The model will be
analogous to how businesses today follow General Accepted Accounting
Principles when reporting their financial statements, which are then
subject to independent audit," said Don Peppers of Peppers and Rogers
Group, Co-Chair of the Consortium.

Privacy Principles Foster Trust

These privacy principles pertain to data about individuals and
households that is collected, held, used or shared for the purpose of
marketing. The Consortium may modify these principles over time, as
needed, to keep them at the forefront of the personalization industry.

1. Notice. We will provide you with clear and conspicuous notice of
   our information practices, including what information we collect
   about you, how we collect it, hold it, if and how we share it, and
   how we use it. This notice may include, among other things:

--the transparency of data collection

--our methods for collecting individual and household information
      both directly from you and from third parties

--what individual or household information we retain and how long we keep it

--whether or not we combine information about you from multiple sources

--whether or not we disclose information about you to other parties

2. Relevance. We will collect only the amount of individual and
   household information necessary to perform a specified set of
   tasks, consistent with notice.

3. Security. All information we have about you will be safeguarded
   with appropriate security methods and technologies. We will
   maintain internal measures designed to limit access to your
   personally identifiable information to only those employees or
   contractors who require access in order to do their jobs. All of
   our employees will be trained regarding our privacy policies as
   well as the sensitivity of your personal information.

4. Choice. When we collect, hold, use or share individual or household
   information, we will seek your consent through notice and an
   opportunity to opt-out, explicit permission obtained in advance, or
   some other reasonable means.

5. Sensitive Information. We recognize the sensitive nature of certain
   individual and household information. We will not share this
   sensitive information without your express and informed consent,
   and will measure its compliance with existing legislation and

6. Access  & amp; Accuracy. When we collect, use, hold, share individual and
   household information about you, we will offer you reasonable
   access to that information subject to legal, technological or
   security constraints. We will make reasonable efforts to provide
   you with the opportunity to correct or delete individual and
   household information about you and that we will make a good faith
   effort to ensure our information about you is, and remains,

Key Elements of Audit Framework

The Personalization Consortium Board of Directors has agreed to
require that all Consortium member organizations submit to this
privacy auditing process. In the course of conducting the audit, a
third-party practitioner will use the Consortium's audit criteria as
the basis for assessing whether the member company is complying with
the privacy principles. In addition, the Consortium will announce a
process for enforcement and recognition later this spring.

1. Upon applying for membership, organizations agree to comply with
   the Consortium's privacy principles.

2. As part of the application process, organizations agree to undergo
   an audit that measures their compliance with the privacy
   principles. Organizations that have applied for membership are
   required to pass an audit and submit a report to the Consortium
   within 12 months of applying to become a member. A Safe Harbor
   window will be granted to current members.

3. To maintain membership in the Consortium, member organizations must
   turn in a passing audit report to the Consortium each year.

4. The Consortium will create a standard audit report for
   verification. The Consortium will define "substantial compliance,"
   which shall be required for an audit report to be considered

5. Initially, qualified auditors must be CPAs or CAs.

6. Comprehensive audit guidelines with redress and recognition
   procedures will be announced in the spring of 2001.

7. The cost of the audit will be set by the auditors. Based on
   conversations with auditing firms, the cost is anticipated to be
   dependent on the amount of individual or household information
   actually collected by the member organization. An organization that
   collects very little information will incur a correspondingly lower

About the Personalization Consortium

Founded in April 2000, the Personalization Consortium is an advocacy
group of companies formed to promote the responsible and beneficial
use of technology for personalizing consumer and business

Founding members include 24/7 Media, American Airlines (NYSE: AMR),
BroadVision (NASDAQ: BVSN), Chell Merchant Capital Group (NASDAQ:
CHEL), DoubleClick (NASDAQ: DCLK), eCustomers, Inc., Elity Systems,
E.piphany (NASDAQ: EPNY), eSupplies.com, Frequency Marketing, !hey
inc., I-Behavior, Individualize.com, Magnify, Nexgenix, NextClick,
Peppers and Rogers Group, PricewaterhouseCoopers, Persona,
Servicesoft, u1.Net, Wheelhouse and YOUpowered.

Personalization is the use of technology to tailor content to the
needs of individual consumers. Personalization allows businesses to
market to customers on a one-to-one basis. The benefit to customers is
better, more relevant and effective products and or services; the
benefit to providers is increased loyalty and a greater share of each
customer's business.

Information on the Personalization Consortium is available on the
World Wide Web at www.personalization.org; by contacting Consortium
headquarters at 401 Edgewater Place, Suite 500, Wakefield, MA 01880;
Tel: 781-245-4280; or by sending email to info@personalization.org.

CONTACT: Personalization Consortium | Adam Rosenbaum, 781-245-4280 |

KDnuggets : News : 2001 : n03 : item2    (previous | next)

Copyright © 2001 KDnuggets.   Subscribe to KDnuggets News!