Advertising often revolves around a brand or product’s ‘point of difference’. What is your point of difference? Is it the quality of your product, the speed of your service, your price or some other intangible value add? Compliance can work into this value add by supporting the all important brand trust. Reputations rest on trust, and privacy compliance, in particular, is a cornerstone of trust. Value add your brand reputation with compliance.
Businesses often still view compliance as an adjunct to their business activities and pause from time to time to “do compliance” A tick-box approach to compliance is widely frowned upon by both the regulators and the courts; instead we are encouraged to embed compliance in our everyday business practices. In the privacy world this has manifested itself as Privacy By Design (PbD), a concept which found it’s genesis in Canada but which has more recently found favour in Australia, particularly in Victoria where it is championed by the Commissioner for Privacy and Data Protection.
The essence of compliance is to protect and empower consumers so these noble aspirations should be worn as a badge of honour where compliance is attained. The bedrock of compliance is transparency and security. Let people know what you are doing to protect them, make your information easy to find and clear to read and then make it part of your corporate narrative.
Better still, go beyond compliance. Don’t just stop at including an unsubscribe facility in your communications because you are obliged to – instead consider the use of preferencing. If you give consumers a choice between an unsubscribe facility and preferencing there is every chance that they will choose the latter if appropriate choices are offered. Consider including options on: frequency of contact, timing of contact (e.g. Christmas v tax time for donation appeals), channel of communication, and content topics. Not only does this empower the consumer but it provides rich data for better targeted messaging to those consumers. Targeted messaging is more efficient, effective and often better received.
You can also go beyond regulatory compliance by embracing self-regulation and industry standards. If you have a merchant number and collect credit card payments you should be familiar with PCI DSS, the Payment Card Industry Data Security Standards. These were introduced over a decade ago by the credit card providers themselves and their operation is overseen by the PCI Security Standards Council. There are 12 broad ongoing requirements designed to protect credit card information. What this means for business is described as follows “In security terms, it means that your business adheres to the PCI DSS requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. In operational terms, it means that you are playing your role to make sure your customers' payment card data is being kept safe throughout every transaction, and that they – and you – can have confidence that they're protected against the pain and cost of data breaches.”
Compliance with PCI DSS is not mandated by legislation or regulation however the consequences of non-compliance can include increased processing time and, ultimately, loss of merchant facilities. Conversely if you are complying you should leverage compliance as positive and let consumers know that you are protecting them.
These are just several examples of where you can go beyond compliance and value add your brand. Have a look at your other compliance-mandated activities and look for other opportunities to build your brand trust. You are putting a lot of effort into your compliance activities so be sure to make the most of that hard work and make compliance work for your brand.
ADMA provides regulatory guidance to Members, subscribers and participants. The information provided is general in nature only; it is not comprehensive and does not constitute legal advice. You should obtain legal or other professional advice before acting or relying on this information.
By: Jeannette Scott, Director - Legal & Regulatory Affairs