Protecting Privacy in 1:1 Printing

[htollvr]

To what extent are printers showing sensitivity to respondents' privacy concerns (if any)? When I do any kind of online search for privacy issues in direct marketing, it's always "opt out of direct mail" or issues related to financial privacy. Certainly, VDP/personalized printing raises privacy issues–people want their personal information protected, whether it's in print or online. Are any standards or best practices being developed? Any thoughts on this?

Thanks,

Heidi Tolliver-Nigro

 

[Printing_World]

Data privacy and direct mail in UK

Data privacy and direct mail in UK

Over the last few months, the UK direct mail sector has been up in arms over the government's plans to outlaw the sale of electoral data by councils because it is an "unsatisfactory way to treat personal information". (www.printweek.com/news/833292)

The electoral role provides probably the most accurate source of data on UK citizens, and a ban on using it for marketing purposes could lead to a reliance on poor and less traceable data. It also ensures marketing on things such as finances or alcohol only goes out to people over the age of 18.

However, I empathise with worries over personal informatioon - I worry about my personal information falling into the wrong hands or being over-used for commercial purposes, not to mention for identity fraud. There have been a string of high-profile cases of government offices misplacing citizen's data in recent months. Some would say the UK is a relative big brother state, with London home to the highest number of CCTV cameras per resident (apparently more than 500,000 cameras for roughly seven million people - Closed-circuit television - Wikipedia, the free encyclopedia). There's also the ruckus over ID cards.

 

[barjosh]

Standards Organization

Standards Organization

There is an organization known as NASPO who has a security assurance standard that includes protection of PII (personally identifiable information). I would be more than happy to connect you to this group.

 

[GeorgeA]

Unprotected VDP files = big trouble

Unprotected VDP files = big trouble

Heidi has raised a really important issue that anyone involved in VDP needs to pay attention to. There are two aspects that strike me as critical. First, there’s the “creepiness” (invasion of privacy) factor. For example, if I had recently recovered from cancer surgery and I suddenly started getting a bunch of fund-raising appeals from cancer charities, I would rightly be concerned about how the world knows the details of my private medical situation. It doesn’t matter if any existing law was broken or not–I would be upset. This is generally an issue that falls more into the area of responsibility of marketers than printers, but it could easily lead to restrictions that impact VDP.

A more urgent concern for printers–and one that could lead to lawsuits and bankruptcy–is the handling of database files by printers. Many variable-data jobs depend on data of a personal nature. It could just be information about a recent purchase, or it could be sensitive information about income or health. When a printer is entrusted with a file containing variable data, it is important to have security procedures in place to keep that data from getting into the hands of outside parties. This becomes highly critical for printers who want to move into “transpromo” printing, since transactional data is often highly sensitive.

My impression is that many printers have not taken this problem seriously enough. If that impression is wrong, I’d be very happy to hear about it. I am not aware of any standards within the printing industry that touch on this area. Also, I can’t find anything useful on the NASPO site that barjosh referred to in the previous post.

For those who are interested in more on this topic, I have posted some information about data-security problems among printers on my site here: Do you handle variable data? How’s your security?. Also mentioned in that post is the possibility floated by the head of Germany’s commerce department that it might be a good idea to simply outlaw any transactions involving personal data. That concept certainly made me sit up and take notice: if it caught on, it could wipe out a lot of mailing list rentals and the majority of VDP print jobs.

George Alexander
Beyond-Print.net

 

[lfelton]

Data Protection Act

Data Protection Act

A thought provoking thread.

In the UK, we have a legal obligation to comply with the Data Protection Act, which is applicable to VDP. From the Information Commissioner's Office web site:

"The Data Protection Act requires anyone who handles personal information to comply with a number of important principles. It also gives individuals rights over their personal information."

There will be similar legislation in the rest of the EU and the US.

That's the "base line" legal obligation in handling and using personal data, and other initiatives may also apply, depending on what the data is used for. For example in the UK, if the data is being used for marketing purposes the "Direct Marketing Code of Practice" applies to all DMA members.

Thanks for making me think; I've certainly realised that compliance with the DPA should be part of our ISO9001 QMS (and it isn't yet, so while we do comply, we can't instantly prove it to an auditor). It also made me check the small print of our liability insurance!