Data is the lifeblood of relationship marketing and we live and breathe it. Industry studies and sales numbers are starting points, but a more profound understanding of consumer behavior requires insight at a more granular level. So we assimilate, study and mine data provided to us by our clients to inform how we segment, target and position marketing communications. And when existing data about our clients’ customers is not enough, we go directly to the customers themselves through the administration of surveys and the integration of transactional data. We build upon and enhance our data – constantly seeking better means of nurturing the delicate relationship between a brand and its customers.

Use and possession of this type of data brings with it a solemn responsibility to protect individuals’ privacy, and nowhere are these issues more important than in the pharmaceutical industry. Customer data related to health is not only inherently more private, it is also protected by a host of industry ethical guidelines and legal statutes.

Th is post summarizes our agency’s fundamental approach to the management of privacy issues as they relate to the marketing of products and services using individuals’ Protected Health Information. Adherence to these principles and a contextual understanding of where they come from will ensure that we remain consistent with the highest legal, ethical and relationship marketing standards.

This post is part one of three; it covers the basics. Subsequent postings will expand upon additional industry guidelines, important legal statutes (e.g., HIPAA) and other key considerations.

Privacy and Security: The Least You Need to Know

It is imperative that every tactic we recommend to our clients is:

> Compliant with all applicable state and federal statutes

> Amenable to our clients and their legal counsel

> Conducive to a positive consumer experience and, ultimately, profit for our client

These objectives should form the foundation of every new campaign we develop, but are especially important within the pharmaceutical vertical. Drug manufacturers have received increased scrutiny in recent years, so it is critical that we in the industry maintain the highest standards when it comes to protecting consumer privacy. Failing to do so not only exposes our clients and us to the risks of negative publicity and costly litigation, it compromises the very thing we stake our reputation upon: the ability to build a symbiotic relationship with today’s consumer.

The golden rules when collecting consumer data to market a product where privacy may be a concern are to: a) tell consumers exactly what we are doing with their information, b) strictly adhere to those stated limits. Our policy must be to remain beyond reproach with regard to the methodologies we develop to collect, store and use consumer data.

Several notable industry organizations have set forth recommended practices when dealing with PHI for marketing purposes, including The Direct Marketing Association (DMA), the American Medical Association (AMA) and The Pharmaceutical Research and Manufacturers of America (PhRMA ). Each is in agreement that marketing organizations must adhere to certain universal policy guidelines.

For most of our clients, this is not a major issue. We work with database vendors or internal database groups that handle the day-to-day management of consumer data. However, there are instances where we possess sensitive customer data and therefore must be vigilant in its treatment. The technical details of how to move, store and encrypt sensitive data are beyond the scope of this document. In general, however, the following rules should be followed when handling this type of data:

1 Do not store sensitive data on an enterprise shared server.
2 Do not store sensitive data on your personal computer.
3 If data must be stored, protect it with a password and strong encryption. (Marketing Intelligence or IT can assist with this if needed.)
4 Do not email sensitive data! Use a secured FTP site to upload and download encrypted files.

Guideline 3: Collect only PHI for which a clear and genuine benefit to the consumer exists

In general, no customer data should be collected unless there is a clearly articulated plan for its use. In the case of sensitive information, it is especially important that consumers perceive an equitable return in exchange for providing their personal information. For example, asking about an individual’s health is acceptable if we then leverage the information to serve more relevant information to them. It is not acceptable to simply store it with no plan for its use.

Guideline 4: Comply with Fair Information Practice Principles

Beginning in the early 1970s, government agencies in the United States, Canada and Europe began to take notice of the how, why and by whom consumer information was being gathered. Their collective goal was to ensure that “information practices” were fair and provided for adequate personal privacy protection. The results of these efforts have been a myriad of reports and codified guidelines through the years. As technology continues to push world economies to an ever-increasing need for better information, it is certain that these rules – collectively known as Fair Information Practice Principles – will only grow in importance.

The universal elements of the principles are widely disseminated, and will be summarized here next week .

Written by Zachary Rodman - Visit Website

This entry was posted on Tuesday, May 13th, 2008 at 12:42 pm and is filed under relationship marketing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.