The Digital Marketing Association has updated its ethics self-regulatory guidelines for online marketers, and they include some additions and modifications driven by the current regulatory climate surrounding data protection, kids, mobile apps and more. It advises members to check out the new guidelines as soon as possible.
According to DMA, the data protection section was updated to include the following, requiring marketers to:
• “Provide protection of personally identifiable information (pii) across the organization.
• Establish a written data security policy.
• Train staff, monitor and assess periodically.
• Include protections within contracts to ensure all contractors are held to the same standards to protect pii [personally identifiable information].
• Data-loss prevention technology should be used, as well as a data minimization plan for data destruction and purge processes.
• Have a data security breach plan and be ready to inform law enforcement and customers.
• Use email authentication protocols to reduce spoofed emails.
• Implement added protections for sensitive data."
The revised guidelines address "concerns over data security breaches and protecting against criminal hackers who target companies," but also came just days after DMA registered its unhappiness with the Data Broker Accountability and Transparency Act of 2014, introduced last week by Sen. Jay Rockefeller (D-W.Va.). That bill would allow consumers to access and correct data collected for marketing purposes, or to opt out of it entirely. DMA pointed out last week that Congress has previously found that access and correction are only necessary when data is used for eligibility purposes, which DMA argues marketing is not.
"DMA members deeply value consumer trust and understand that responsible data practices are critical to building and maintaining customer relationships," DMA said last week, citing its ethics guidelines.
DMA also said it made the following changes in light of the Federal Trade Commission changes to the enforcement of the Children's Online Privacy Protection Act (COPPA):
• "Increased scope of application for covered entities including mobile applications.
• Personal information is now defined broadly (such as the online persistent identifier, video of a child or their voice).
• Direct notice is required for parents (not a link).
• Parental controls for children’s information is strengthened; verifiable parental consent is required."
Elsewhere on the mobile app front, DMA said it has added requirements that notice and choice information be easy to find and read on mobile screens, and specifically references mobile apps in a "catch-all" section on online privacy protection and behavioral marketing. There is also a new notice requirement for ad networks that are allowed to collect info for themselves or others.