Call today! 1 866 3 NYMITY
Username: Password:
Nymity News
Nymity logo
Home About Us

Interview with Amanda Maltby

 

May 2003

 

Terry McQuay, Nymity President, recently spoke with Amanda Maltby, Senior Vice President, Public Affairs and Communications at the Canadian Marketing Association (CMA). Amanda has over 15 years experience in public affairs and strategic communications management. At the CMA, she oversees the Association's communications, research and government relations' programs in addition to managing the work of the Association's Ethics and Privacy Committee and Special Interest Councils.

 

The Canadian Marketing Association is the largest marketing association in Canada. Its 800 corporate members include Canada's major financial institutions, insurance companies, publishers, retailers, charitable organizations, agencies, relationship marketers and those involved in e-business and Internet marketing. CMA members make a significant contribution to the Canadian economy, supporting over 482,000 jobs and generating more than $51 billion in overall annual sales through various marketing channels.

 

Nymity:  The Canadian Marketing Association has been at the forefront of privacy in Canada, please share with our readers how the CMA has been involved with the creation of Canada's private sector privacy legislation?

 

Maltby:   Privacy has been an important issue for the Association for over a decade. CMA was a member of the Canadian Standards Association's (CSA) Technical Committee, established in 1991, which developed Canada's Model Code for the Protection of Personal Information. This Code forms the backbone of Canada's privacy legislation. The Association called for federal legislation back in 1995. At the time, some viewed this as odd - a national business group calling for legislation - but following the success of the CSA process and the amazing consensus reached by consumers, governments and business in arriving at the Model Code, CMA felt the Code was basis for a well-balanced law. One that recognized the rights of consumers to protect their personal information and provided flexibility for the private sector to use customer data to grow their business. On this basis, we worked closely with Industry Canada in the development of PIPEDA until its passage on January 1, 2001.

 

Nymity:  Why did the CMA's create its own Privacy Code in 1993 and why did you make it compulsory for your 800 members?

 

Maltby The Association made a proactive move to develop a Privacy Code in the early 90s to ensure that marketers remained ahead of the curve. Privacy began to show up on government agendas, for example the OECD Privacy Code introduced in 1984 followed by the enactment of privacy legislation in Quebec, CMA believed that Canada would more than likely quickly follow with its own federal privacy legislation. The Code was written in part to demonstrate that responsible self-regulation can work hand in hand with regulation and that marketers were paying attention to this important issue. The Privacy Code was made compulsory to give it credibility and to demonstrate to consumers and government that CMA members have a commitment to ethical guidelines as a key part of their business operations. Each year our members must sign a commitment to follow the Code.

 

Nymity:  The CMA has a focus on the federal government review of PIPEDA in 2005. What is the review and why the concern?

 

Maltby: The review was mandated when the federal legislation was passed in 2001. It allows the federal Parliament to review the legislation to ensure it is working effectively for both consumers and businesses. The CMA views the review with caution. On the one hand, the legislation could face unreasonable attacks from some groups who merely want to tighten up some provisions based on narrow perceptions on how the law has been working or not working in this case. On the other hand, the review is also an opportunity for business to ensure that the legislation is working. Privacy can be a very emotional issue, so we want to ensure that any review and accompanying debate is carried out with all sides having all the facts.

 

Nymity:  The CMA Code of Ethics for Privacy as outlined on your Website is more restrictive then PIPEDA. Does this mean that CMA members are prepared for PIPEDA? ( http://www.the-cma.org/consumer/ethics_2.cfm#Private )

 

Maltby:   As a result of the mandatory Code, our members have probably had to consider customer privacy for a longer period of time and adjust their practices accordingly. This is particularly true for consent and the disclosure of personal information as in the case of list rentals or customer acquisition programs. It also means that since 1993 they have had to ensure that they maintain up-to-date customer lists and only market to those individuals who want to hear from them.

 

There are some compliance issues that will need to be addressed. As an example, we are working with our members to ensure that their opt-out language is easy to see, understand and execute to provide greater transparency for consumers. Overall, there is still the need for general business education and practical hands on advice to ensure compliance by January 1, 2004.

 

Nymity:  You have a mandate for the CMA members to maintain an internal suppression list. What is a suppression list and why is it necessary?

 

Maltby:   All our members must maintain an internal suppression or a Do Not Market list. It's a list of their own customers who have asked not to receive marketing offers. Often the list can be segmented by channel or medium. For example, some individuals choose to receive marketing offers by mail over e-mail. The Association also runs a Do Not Contact program which allows Canadians to register their address or telephone number at no cost to reduce the amount of marketing information they receive. CMA members are required to run any marketing lists being used for acquisition purposes (non-existing customers) against the CMA's Do Not Contact list prior to executing a marketing campaign.

 

Nymity:  Amanda, the CMA has been dealing with consent for many years. The following questions are specifically on consent.

 

When is it appropriate to use implied consent?

 

Maltby : Implied or deemed consent is appropriate when a business is speaking to their existing customers. It allows for magazine subscription renewals to be sent, charities to communicate to their existing donors or organizations to offer product upgrades.

 

When is it advised to use opt out consent?

 

Maltby:   Opt-out consent is required for the disclosure of non-sensitive information to a third party. This would apply to most list rentals. CMA recently added new opt-out requirements in our Code of Ethics that requires member organizations to offer an opt-out option to their existing customers if they are sending marketing offers that are unrelated to their original purchase. Organizations should make sure that their opt-out language is easy to see, execute and understand.

 

When should a company used expressed or positive (opt-in) consent?

 

Maltby: Express consent is required for the disclosure of sensitive information, which is typically defined as medical or financial information. Organizations should also keep in mind PIPEDA's reasonable person test and how it would apply in this circumstance. For example, some people may classify their travel information or certain magazine subscriptions as being sensitive.

 
Is their any special consent considerations for telemarketing?

 

Maltby: The levels of consent outlined above apply regardless of the media or channel being used.

 

What are the consent consideration for recording phone calls?

 

Maltby : This is usually done to ensure quality control. An organization should inform consumers in advance if they are recording any call. This will allow a consumer to determine whether or not they want to participate by simply hanging up.

 

Nymity:  In closing, what recommendation would you have for organization that are starting to look to become complaint with PIPEDA?

 

Maltby:

  1. Review your information handling practices and formalize them. (CMA's List and Data Transfer Guidelines is a good resource - www.the-cma.org).
  2. Create formal privacy policy reflecting the legislated principles and make it available on request.
  3. Assign an individual to be responsible for privacy and identify him/her in public materials as required.
  4. Establish complaint handling procedures and notify individuals of resolution of their complaints.
  5. Ensure personal information disclosed to a third party is being used in accordance with the law.
  6. Ensure information received from a third party has been collected and is being used in accordance with the law.
  7. Make sure you do some staff training or education on the above.
 

 

 

Now Hiring

 

 

 

 

 

 
Contact Us | Privacy Policy | Terms of Use and Disclaimer © 2003 - 2008 NYMITY