Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
Document 58 of 124.
Copyright 1999
Federal News Service,
Inc.
Federal News Service
View Related Topics
JULY
20, 1999, TUESDAY
SECTION:
IN THE NEWS
LENGTH:
2394 words
HEADLINE:
PREPARED TESTIMONY OF
RICHARD A. BARTON
SENIOR VICE PRESIDENT FOR CONGRESSIONAL RELATIONS
THE DIRECT MARKETING ASSOCIATION
BEFORE THE
HOUSE
BANKING AND FINANCIAL SERVICES COMMITTEE
FINANCIAL SEVICES AND CREDIT SUBCOMMITTEE
SUBJECT - EMERGING FINANCIAL PRIVACY ISSUES
BODY:
I. INTRODUCTION
Mr. Chairman and distinguished members of the Subcommittee, my name is Richard A. Barton, Senior Vice President for Congressional Relations for the Direct Marketing Association. It is an honor to be testifying before you today.
The Direct Marketing Association ("The DMA") appreciates the opportunity to testify before you today. The DMA is an international trade association representing more than 4500 companies engaged in all forms of direct marketing, primarily by mail and telephone, and increasingly by electronic commerce, a marketing tool that we believe will grow exponentially in the next few years. Direct marketing is of enormous importance to the American economy, accounting in 1998 alone for more than $1.3 trillion in sales of goods and services. II. DATA PRACTICES IN THE MARKETING INDUSTRY
Information is essential to this important and highly popular method of purchasing products and services. Information permits marketers to reach the consumers and businesses who are most likely to be interested in the product of service in question. Marketers collect and use information about individuals (e.g. names, addresses, telephone numbers, buying preferences, hobbies, activities, to name just a few) and general demographic information garnered from public sources such as the
U.S. census. This data is used to predict prospective customers' interests or preferences and to contact them with offers likely to be of interest to them. The single and only purpose of information access and use in the marketing process is to provide consumers and businesses with product and service offers that are useful and relevant to their interests and needs. Data used by marketers is collected from a very wide array of sources, including publicly available information such as telephone directories, public record information, census data (used to estimate family income, for example), consumer surveys contained in product packages to which consumers voluntarily respond, and data regarding prior purchases. Many companies make their customer lists available for rental (lists are very rarely "sold") or exchanged. Credit card companies may prepare lists based on customer purchases, for example, lists of potential customers of golfing equipment based on their past golf (or other sports) related purchases.
While the collection and use of these data may be somewhat confusing to the layman, the end result is as benign as the receipt of a solicitation for a product, service, or charitable or political contribution. Lists are compiled in the aggregate for marketing purposes and normally do not reveal specific data about an individual or population upon which they might have been based, such as a list of individual purchases or transactions.
III. SELF-REGULATION AND EXISTING LAW
However, this does not mean that direct marketers are not sensitive to privacy issues. On the contrary, the entire direct marketing process depends on consumer trust, including the protection of consumers' very legitimate privacy concerns.
To that end, The DMA has long promoted the concept of"notice and opt out." In other words, we have long expected companies engaged in direct marketing to inform customers of their policies regarding the use of information about them and, if they in any way transmit that information to third parties in the form of marketing lists, to give the customer a chance to say "no!" and to exercise control over information about them by opting out of such disclosures.
The Direct Marketing Association has also sponsored for many years both the Mail Preference Service and the Telephone Preference Service. These are nationally promoted lists of citizens who do not want to receive mail or telephone solicitations. Historically, those opting out of receiving these types of solicitations is a fraction of the direct marketing customer universe, less than 2-3%. In the last three years, the number of the individuals on the MPS file has risen from 2,949,367 in 1997 to a current 3,357,531. The Telephone Preference Service file has increased from 993,317 in 1997 to 2,358,476 in 1999.
We are currently in the process of developing a similar E-Mail Preference Service.
However, recognizing that we needed to take even stronger measures to ensure the success of selfregulation, we have developed a program known as the Privacy Promise to American Consumers, which went into effect on July 1 of this year -just three weeks ago. The program is really very simple in concept, but sweeping in effect.
From now on, all members of the Direct Marketing Association will be required to:
- Publish clearly and conspicuously their own policies for the use of individual information and, if the information is to be used outside the company, to give the individual the right to opt out of its use,
- Maintain their own in-house files of people who have requested to be removed from their internal lists, both for further solicitations and for dissemination to third parties, and
- Use The DMA's Mail Preference Service, Telephone Preference Service and, when it becomes available, E-Mail Preference Service.
If any company is found not to be following these principles, they will be publicly expelled from membership in the association.
In addition to these programs, The Direct Marketing Association maintains its Guidelines for Ethical Business Practice, which among other things contains extensive privacy guidelines. Our Committee on Ethical Business Practice enforces these guidelines. The committee hears complaints from many sources, particularly consumers, regarding the potential violation of these guidelines. If the committee, following a rigorous fact-finding process, finds that a company is violating the guidelines, it first tries to work with that company to correct the problem. Failing that, the company may be subject to public censure and dismissal from the association.
Furthermore, any company that commits to The DMA's privacy promise risks prosecution for deceptive trade practices by the FTC and state attorneys general if it does not abide by that promise. We believe that this level of self-regulation goes a long way toward meeting both the demands and the requirement for protection of privacy in this increasingly technological society.
Nevertheless, The Direct Marketing Association has also worked with Congress, the Federal Trade Commission, the Federal Communication Commission, the Postal Service, and others to develop legislation and regulation affecting marketing data collection, use or disclosure practices to meet specific privacy concerns raised by disclosures of particularly sensitive data. These laws and regulations include:
- Cable Communications Policy Act of 1984 - Electronic Communications Privacy Act of 1986 - Video Privacy Protection Act of 1988 - Computer Matching and Privacy Protection Act of 1988 - Telephone Consumer Protection Act of 1991 - Customer Proprietary Network Information (CPNI) - Consumer Credit Reporting Reform Act of 1996 - Children's Online Privacy Protection Act of 1998 - Drivers Privacy Protection Act of 1998 - Health Insurance Portability and Accountability Act of 1996
As a result of these and other laws, data practices of the marketing industry are subject to regulation in many instances involving sensitive information. For example, marketing data is regulated under the Fair Credit Reporting Act to the extent that it is used for credit or employment purposes decisions that may have an adverse effect on an individual. By contrast, where information is not sensitive in nature and the only "harm" to a consumer is that he or she will or will not receive an offer for a product or service that he or she may be interested in, self-regulation is the norm.
IV. POSSIBLE ADDITIONAL REGULATION
The Subcommittee has asked our views with regard to pending financial privacy legislation and with regard to regulation of electronic commerce.
A. General Observations
The DMA is strongly committed to principles of notice and opt-out for disclosures to third parties for marketing purposes, and to self- regulation as the most appropriate and effective means of achieving privacy protection in marketing practices. Our privacy promise program should be given an opportunity to work before Congress imposes new layers of regulation on marketing practices. In particular, we urge Congress not to disturb self-regulation of ordinary marketing data obtained from financial institutions and not to sweep non-financial identifying information into this legislation.
With regard to electronic commerce, we strongly believe, as the FTC recently confirmed in its report to Congress on privacy released last week, that self-regulation coupled with robust enforcement of existing laws governing unfair and deceptive practices is sufficient at the present time. As FTC Chairman Pitofsky cautioned the House Telecommunications Subcommittee last week, Congress should be careful not to stifle the growth of electronic commerce through premature regulation that will be unnecessary if privacy self-regulation continues to spread at its current pace in this new medium.
B. Comments on H.R. 10, as amended in the House:
H.R. 10 contains provisions requiring the affected financial institutions to disclose their privacy policies and provide consumers with the ability to "opt out" of the sharing of nonpublic information with nonaffiliated third parties. These provisions are consistent with our own self-regulatory policies. As stated before, we believe strongly that self-regulation is working and is preferable to legislation. However, we do not oppose provisions covering the sensitive areas of
privacy of medical information
and so-called "pretext calling."
The amended H.R. 10 also contains provisions prohibiting the sharing of account numbers, credit card numbers, and other similar information under any circumstances with "telemarketers," and "direct mail marketers." We oppose these provisions as currently written because they would severely limit use of information that in encrypted or other encoded form is an important tool for marketers to insure the accuracy of their data, assist customers and businesses in making safe and secure transactions, and protect against fraud and theft.
In normal practice, when this type of information is passed on for direct marketing purposes, it is done in encoded form so that the data cannot be read or understood by just anyone. In fact, even the encoded data is rarely, if ever, seen by those who make the telemarketing calls or prepare the mail.The Direct Marketing Association Guidelines for Ethical Business Practice states this general policy with regard to the transfer of account numbers:
"The DMA considers credit card numbers, checking account number, and debit account numbers to be personal information and therefore should not be transferred, rented, sold or exchanged when there is a reasonable expectation by the consumer that the information will be kept confidential. Because of the nature of such personally identifying numbers, they should not be publicly displayed on direct marketing promotions or otherwise made public by direct marketers."
A typical transaction occurs something like this. A financial institution prepares abstracts of customer files, combines them into a targeted marketing list and transmits the list to the third party for marketing purposes. Account numbers may be scrambled and the files are encrypted. The third party may further process the file by running it against other suppression files such as The DMA's Mail Preference Service and the Postal Service's "pander" file. Throughout the entire process, account numbers, if they are included, are either scrambled in varying orders according to different algorithms, or the numbers are replaced with alphas. The scrambled account number is never shown to the actual telemarketers or people responsible for the preparation of mail.
The account information thus encoded does have many useful purposes, some of which are important privacy and security enhancers.
1. It can provide a direct and unique way to identify customers and verify a purchase, reducing the chance for both error and fraud.
2. It can permit the institution selling the product or service to gather accurate and verified data for customer service purposes.
3. It is an important tool in improving the accuracy of mailing and telephone lists.
4. It can be an important tool in allowing the customer to charge a purchase to an existing account without having to reveal the number to the actual direct marketer, thus adding a further element of security.
Other witnesses with more experience in the technical details of the actual marketing process can provide you with more details. Suffice it to say that properly encrypted account data can actually increase the security of a transaction and provide important tools both to ease the process of a transaction and to positively identify a customer in the marketing process. H.R. 10 could remove these positive benefits to both business and the consumer.
Second, we are concerned that the definitions in the bill particularly the definition of "nonpublic personal information"--are unclear because they tend to blur the differences between personally identifiable financial information and other types of personally identifiable information. They might be read to interfere seriously with use of certain non-financial identifying information to make marketing databases more accurate. This result would do little or nothing to advance privacy, while compromising the accuracy of marketing. As a result, a significant number of mailings, for example, would go to the wrong address, and would not reach consumers who have chosen not to opt-out of receiving marketing offers. This would hardly be a victory for privacy, would undermine consumer choice, and would hurt a very important sector of the American economy.
V. CONCLUSION
Thank you again for the opportunity to testify on this important subject. We would be happy to offer our assistance to the committee to work on legislation that assures the privacy of customers of financial institutions while at the same time preserving important marketing tools to businesses and customers alike.
END
LOAD-DATE:
July 22, 1999
Document 58 of 124.
Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.
