Responsible Data Stewardship Is Key to Consumer Trust and Loyalty, Regardless of Marketing Channel

Washington, DC, February 18, 2014 The Direct Marketing Association (DMA) today announced the 2014 updated version of its Guidelines for Ethical Business Practices.  Updated topics include Data Security; Child-Protection; Health Information; Mobile Apps; and the prevention of unwanted Robo-calling.  The new Guidelines will be implemented into DMA’s ethics process beginning in July 2014.

Self-Regulation Is Core to DMA’s Mission.

“DMA members, and those they work with, should immediately review the DMA Guidelines to ensure they are in compliance,” said Senny Boone, Esq., DMA’s senior vice president, compliance services and general counsel.  “DMA believes self-regulation is the most effective tool to stave off unnecessary regulation and to keep innovative marketing moving forward to provide relevant, customer-centric marketing for consumers and ensure consumers have choices about their marketing.  We ask members to review the guidelines now.”

DMA is the largest and oldest trade association for commercial and nonprofit organizations using responsible data-driven marketing practices.  Included in its membership are multi-channel marketers in all industries from financial services to B2B to retail to publishers to travel, hospitality and entertainment to technology; as well as suppliers to marketers in the areas of digital, social, ad:tech, CRM, database and analytics, list management and marketing information solutions providers.

The Ethics Policy Committee is comprised of marketing practitioners who review and revise the Ethical Guidelines to ensure marketers follow the current best practices, rules, and ethical standards. Its sister committee, the Committee on Ethical Business Practice (the Committee) investigates and examines marketing promotions and practices made throughout the direct marketing community based on complaints and inquiries, and uses the DMA Guidelines as the basis of good and ethical marketing practices.  This is done in an effort to increase good business practices and to increase consumer protection in the marketplace.

Highlights of the Changes to the Guidelines:

Data Security Article #37:

Data security sections were updated due to concerns over data security breaches and protecting against criminal hackers who target companies.  The updated sections require that marketers:

  • Provide protection of personally identifiable information (pii) across the organization.
  • Establish a written data security policy.
  • Train staff, monitor & assess periodically.
  • Include protections within contracts to ensure all contractors are held to the same standards to protect pii.
  • Data-loss prevention technology should be used, as well as a data minimization plan for data destruction and purge processes…
  • Have a data security breach plan and be ready to inform law enforcement and customers.
  • Use email authentication protocols to reduce spoofed emails.
  • Implement added protections for sensitive data.

Legal Changes:

Due to an intense regulatory period this past year, three major sections have been updated:

  1. 1.    Protecting Children:

First, since the Children’s Online Privacy Protection Act regulations were issued, DMA made the following changes to Articles #13, 14, 15 and 16:

  • Increased scope of application for covered entities including mobile applications.
  • Personal information is now defined broadly (such as the online persistent identifier, video of a child or their voice).
  • Direct notice is required for parents (not a link).
  • Parental controls for children’s information is strengthened; verifiable parental consent is required.

2.    Protecting Health Information:

Next, the Health Insurance Portability and Accountability Act” (HIPAA)  regulations issued by the Health and Human Services Administration led to changes to Article #33 with regards to ensuring that covered marketers are protecting health information.

Reflecting these changes, Article #33:

  • Is not meant to prevent data for research or aggregated data that is not personally identifiable.
  • Defines protected health information
  • Now includes business associates and their subcontractors—expands scope over marketers, requiring “prior written authorization” for use of protected health information.
  • Includes new rules for fundraising allowing a limited fundraising exception to apply for limited health information (demographics and dates of care.) but with opt-out requirements.

3.    Preventing Unwanted “RoboCalling”

Finally, the Telephone Consumer Protection Act administered by the Federal Communications Commission was amended due to pressure to combat automated “robo-calls” and also impacts texting, mobile and cell phones. This led to changes to Articles #49, 50, 54.

  • The main concern is to obtain a “prior express written agreement,” prior to using any type of auto-dialing equipment, the highest threshold for permission. (EBR no longer applies.)

Self-Regulation for Mobile Apps:

·         Due to concerns that additional privacy protections are needed on mobile devices as mobile marketing techniques include practices that require consumer choices and transparency, the Committee has added notice and choice requirements to Article #55 to ensure such notices are easy to find, read, and understand on mobile screens.

·         Article #38, a “catch-all” article for online privacy protection and online behavioral marketing, has been updated to specifically reference mobile apps and devices and adds a new notice regarding network advertisers that some organizations allow to collect information for themselves or their clients.

For Assistance:

For questions or comments, please contact the DMA at

A free online webinar for DMA members will be offered on February 26, at 1:30 p.m.  To sign up for the free webinar, please click here.

About Direct Marketing Association (DMA)

The Direct Marketing Association ( is the world’s largest trade association dedicated to advancing and protecting responsible data-driven marketing.  Founded in 1917, DMA represents thousands of companies and nonprofit organizations that use and support data-driven marketing practices and techniques. DMA provides the Voice to shape policy and public opinion, the Connections to grow members’ businesses and the Tools to ensure full compliance with ethical and best practices as well as professional development.

In 2012, the Data-Driven Marketing Economy (DDME) added $156 billion in revenue to the U.S. economy and fueled more than 675,000 jobs.  The real value of data is in its exchange across the DDME:  70 percent of the value of the DDME – $110 billion in revenue and 478,000 jobs – depends on the ability of firms to exchange data across the DDME.

# # #