2014 DMA Guidelines for Ethical Business Practices
"DMA members, and those they work with, should immediately review the DMA Guidelines to ensure they are in compliance," said Senny Boone. Esq. DMA's senior vice president, compliance services and general counsel. "DMA believes self-regulation is the most effective tool to stave off unnecessary regulation and to keep innovative marketing moving forward to provide relevant, customer-centric marketing for consumers and ensure consumers have choices about their marketing. We ask members to review the guidelines now."
DMA is the largest and oldest trade association for commercial and nonprofit organizations using responsible data-driven marketing practices. Included in its membership are multi-channel marketers in all industries from financial services to B2B to retail to publishers to travel, hospitality and entertainment to technology; as well as suppliers to marketers in the areas of digital, social, ad:tech, CRM, database and analytics, list management and marketing information solutions providers.
The Ethics Policy Committee is comprised of marketing practitioners who review and revise the Ethical Guidelines to ensure marketers follow the current best practices, rules, and ethical standards. Its sister committee, the Committee on Ethical Business Practice (the Committee) investigates and examines marketing promotions and practices made throughout the direct marketing community based on complaints and inquiries, and uses the DMA Guidelines as the basis of good and ethical marketing practices. This is done in an effort to increase good business practices and to increase consumer protection in the marketplace.
Highlights of the Changes to the Guidelines:
Data Security Article #37
Data security sections were updated due to concerns over data security breaches and protecting against criminal hackers who target companies. The updated sections require that marketers:
- Provide protection of personally identifiable information (pii) across the organization.
- Establish a written data security policy.
- Train staff, monitor & assess periodically.
- Include protections within contracts to ensure all contractors are held to the same standards to protect pii.
- Data-loss prevention technology should be used, as well as a data minimization plan for data destruction and purge processes.
- Have a data security breach plan and be ready to inform law enforcement and customers.
- Use email authentication protocols to reduce spoofed emails.
- Implement added protections for sensitive data.