Essential Reading for Marketing & Business ProfessionalsWednesday August 27th 2008Data Privacy Compliance Steps:
* 1) Identify the risks
* 2) Data Privacy Training
* 3) Data Privacy Process & Contracts
* The 5th Annual Privacy & Data Protection UK 2008 Conference

This week we are focusing exclusively on
Data Privacy in the light of two recent
admissions of significant data loss in the
past seven days. First there was PA
Consulting losing prisoners' data, then we
have a contractor to NatWest, the Royal Bank
of Scotland and American Express selling a
server on E-bay with over 1 million records
on it.
With most companies outsourcing all or part
of their data management this shows how
important it is to properly select, manage
and audit these organisations to ensure that
they are complying with data privacy. Our
staff have undertaken Data Privacy audits for
many leading organisations, including
Alcatel, Cisco, Johnson & Johnson,
Oracle/PeopleSoft, N-Power and Telegraph
Media Group. And without giving any secrets
away we can tell you that the two biggest
risks are a) sales & marketing staff and b)
third party contractors.

And finally
and perhaps most timely of all, there is the
Annual Data Privacy conference at the Law
Society in London next week. Day 2 of the
conference is specifically for marketing
staff.

Read on to find out how you can take steps to
protect your customers, your reputation and
quite possibly your job!

James Pearson - Editor

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1) Identify the risks

The first starting point is to identify what
you are currently doing or not doing and how
this could be affecting compliance with Data
Privacy law. It is important to bear in mind
that recent changes to consumer legislation
mean that Marketing Managers can be
personally at risk of imprisonment for
non-compliance.

The best way to do this is to have an audit
undertaken by a specialist company. Typically
an audit will take between five and thirty
man-days and cost between £5,000 and £40,000
- depending on size of company. The benefit
is that this will quickly identify and
quantify the levels of risk. For example, our
approach provides a pragmatic "Risk
Assessment Table" where we identify the
significance of breaches, the level of risk
they represent to the business and the
rectification measures necessary. This helps
senior management focus quickly on the most
important elements first.

A big side benefit of an audit is that they
always help eliminate costly and unnecessary
system duplication and provide a basis for
beneficial process change. As a rule, a good
audit will always find savings and benefits
that significantly outweigh the costs.

Click here to Download our data privacy datasheet

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2) Data Privacy Training

Most people have some idea about Data
Privacy, but in our experience people focus
on the wrong things, they are over-cautious
in some areas and not cautious enough in
others. The result is that opportunities for
collecting valuable data - with permission to
use it - go begging while at the other end of
the spectrum huge risks are taken because of
a lack of awareness of the issues. We
recommend three approaches to Data Privacy
awareness:-

Firstly all staff should be give a short, 15
minute briefing on the key issues and what to
do if anything relating to Data Privacy
becomes a concern.
Secondly, as part of
this, every member of staff should be given a
"Data Privacy Card" - you can download a copy
via the link below.
Thirdly every
department should nominate a "Data Privacy
Specialist" who will have a 2-3 hour training
and workshop session. Custom-built privacy
training courses can be delivered by MI on
site, tailored precisely to your organisation.

Click to Download Data Privacy Guide

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3) Data Privacy Process & Contracts

Complying with Data Privacy and ensuring that
you do not end up mired in bad publicity is
all about having good processes. Processes
for handling Subject Access Requests (SARs),
processes for disposing of old PCs, processes
for data storage and transmission, processes
for purchasing data and many more. In
addition you need contracts for purchasing
data and contracts for anyone who is handling
your data on your behalf. Just making a
general statement about "complying with Data
Privacy law" is nowhere near good enough
anymore.

We have developed all the processes and
contracts you many need which can be tailored
to your specific requirements and provided as
a comprehensive manual of documents.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The 5th Annual Privacy & Data Protection UK 2008 Conference

"Data Protection:
CRM, Web 2.0 & Social Networking "
3rd of September 2008 4th of September 2008
The Law Society, London

This year's event is spread over two days -
Day 1 being for the lawyers and compliance
officers with Day 2 being devoted to
marketers. It features a fascinating lineup
of speakers and if past years are anything to
go by, this really is a "must attend"
conference for anyone concerned with managing
CRM, Web 2.0 initiatives and social networking.

There is a discount of £50 for readers of
Insight making the event, at just £300
extremely good value. To download the full
Agenda and booking form, just click on the
link below.

Click here for the full Agenda