Interview with John Matyskiel

Call today! 1 866 3 NYMITY

Interview with Rogers Publishing

November 2003

Terry McQuay, Nymity President, recently spoke with John Matyskiel, Director, Target Marketing at Rogers Publishing on how PIPEDA has impacted their publishing business. John Matyskiel has spent over 25 years with major Canadian publishing and direct marketing companies Readers Digest and Rogers Publishing. In that time he has held a variety of marketing, marketing analysis and database roles. Along with his main responsibilities as Director, Target Marketing, he is currently a privacy advisor for the consumer publications of Rogers Publishing, including titles such as Maclean's and Chatelaine.

Nymity: John, has PIPEDA had a major impact on Roger's magazine business?

Matyskiel: Like many Canadian magazine publishers, we were already following Canadian Marketing Association (CMA) guidelines and providing an opt-out method for our subscribers who do not want to receive secondary marketing. So, PIPEDA compliance really meant formalizing and tightening up existing practices. We weren't starting from scratch.

Nymity: But during you compliance process you did discover some unforeseen problems. Please explain. What additional process or precautions were implemented?

Matyskiel: Sure, there were a few things. There are two examples that come to mind. First, there were some printed customer records that contained credit card numbers. They were filed in a reasonably safe place, but after discussion we decided to move them to somewhere even more secure. Sometimes you can overlook those simple, obvious things. Second, we found some demographic data in our computer records that had been collected from subscribers a number of years ago. The details of how it had been requested were no longer available. So, since we weren't sure if we had described purpose or asked permission, we deleted the data.

Nymity: Did PIPEDA cause changes in the areas of consent for secondary purposes? What is an example opt out clause at your magazines ?

Matyskiel: We use a version of a commonly used opt-out, roughly "From time to time we may make customer contact information available to other organizations who have a product or service that may be of interest to you. If you do not want your contact information provided, check here." We've tweaked the wording a bit, and have variations for certain situations. For example, in a contest situation, we do not assume that a contest entry creates a relationship. So, the wording is more like "From time to time, <magazine name> or other organizations may ask ....." It's just a variation, but it shows that we don't assume implied permission in that case.

Nymity: Rogers Publishing has set up P3P. Why? What was the process for setting up P3P?

Matyskiel: Our consumer publications all have web sites, and it is common to have co-promotions or provide microsites for our advertisers. One of those advertisers required us to have a P3P file to comply with their own standards. We had been looking at P3P, but that got us going quickly. We used one of those publicly available generators, where you simply answer questions about your privacy policy, and it generates the file for you. The tricky part was trying to answer the questions, which were phrased in a very general way, so that they made sense for our business. Our web staff were able to install the file easily. It's only up on that one title.

Nymity: Rogers had a complaint that was handled by yourself such that it didn't go to the Commissioners Office. Please explain.

Matyskiel: I don't know that it would have gone to the Commissioner's Office, and we don't get a lot of these. But this one certainly made an impression on me. I received a letter from a subscriber who was extremely upset that we had permitted her contact information to be used for list rental, even though she had requested otherwise. When I say upset, I mean two pages of single-spaced "never"s and "if you don't correct this". Really, really upset. So we looked up her records, and sure enough we found that the CSR had not marked her file properly. It was our error. I wrote to her and explained and apologized. She had asked what organizations may have used her name, and I provided that information. A few weeks later, I got a really sweet letter back, saying "thank you, I didn't expect such a response from a big company". I had read that if you handle a customer problem well, it can actually increase the customer's opinion of your organization, and I really believe that now.

Nymity: In closing, what surprises did you find in complying with PIPEDA.

Matyskiel: I would just say that you have to be really methodical. Look in all the drawers, under all the rocks. There are lots of places where personal information can be kept, and you have to make sure you find them all.