Thanks to numerous well-publicised instances of data losses, breaches and misuses, there is a growing political appetite to reform existing data protection laws on all sides of the political divide. The prominence of the issue has, in particular, led the Tories to make data security a component of their draft election manifesto. In their paper, “Reversing the Rise of the Surveillance State”, the Tories pledge to task the Information Commissioner to carry out a consultation with the private sector with a view to introducing an industry-wide kite mark system of best practice, among other things.
If current public opinion polls are to be believed, then we can reasonably assume the forthcoming general election will result in a new Tory administration coming into power. With their election, the political spotlight will fall on data privacy and security. Again, I think we can reasonably assume that any new data protection policies they implement will be weighted heavily in favour of protecting individuals’ rights.
Naturally, this will have a major impact on businesses that rely on data for marketing and sales purposes. While it is unlikely that any regulations will be as tough as those as we now see in force in Germany, it is imperative that the UK direct marketing industry proves it is capable of managing its data security obligations and does not require excessive state intervention.
Effective self-regulation will be a decisive factor in ensuring that the next government has confidence that the direct marketing industry is capable of policing itself and putting in place the necessary safeguards for protecting personal data. Doing so means ensuring that companies have the tools and guidance they need to manage their customers’ data to an acceptable level of performance.
Until now, ISO 27001 has been the only information security standard available to marketing suppliers. While this stands as the definitive information security standard, achieving certification is beyond the capability of many companies. For this reason the DMA is leading the way in supporting direct marketing services suppliers to prove they adhere to robust information security procedures.
Working in conjunction with BSi, the DMA has launched DataSeal, the first private information security standard to be produced specifically for the direct marketing industry. DataSeal provides an accessible, achievable and cost-effective means for suppliers and client companies to demonstrate that they have implemented appropriate information security measures within their business. Where appropriate, it can also help companies move towards the standards required for ISO 27001 accreditation.
Like all other BSi-backed standards, companies can only achieve DataSeal certification after passing an audit by an independent auditor. As such, DataSeal certification will be a credible measure of a company’s data handling capabilities.
Certification, of course, will yield great commercial benefits for suppliers that need to prove to prospective clients that they can be entrusted with managing their customers’ data.
On a wider scale, the DataSeal scheme will not only help to rebuild consumer confidence in sharing their personal details with companies, it will also demonstrate to government that the direct marketing industry has its house in order and does not require yet more regulation to keep it in check.