What we're doing
Who we work for and the type of work we undertake can give rise to ethical issues. Examples include work undertaken for governments or clients in sensitive sectors and marketing for sensitive or controversial products. Our companies have established a review and referral process to help identify ethical issues associated with client commissions, to manage risks to WPP or our clients and to make sure our decisions reflect the standards in our WPP Code of Conduct and the Group’s Sustainability Policy.
Before accepting work that may pose an ethical risk, employees are required to elevate the decision to the most senior person in the relevant office and then to the most senior executive of the WPP operating company in the country concerned, who will decide if further referral to a WPP executive is required.
We need to make sure that all our companies in all locations understand and use the correct referral process. Our ethics training includes a module to help employees identify ethical risks associated with client work, and to make sure they understand the correct referral procedures. Depending on scope, the internal audit program of work may incorporate a review of the considerations given by management to possible impacts on the Group’s reputation prior to accepting new clients.
WPP has a committee which meets, at least quarterly, to discuss cases of concern and identify new risk areas. Breaches are discussed if and when they arise. Committee members are senior managers at Group level. They include the Group chief counsel, compliance officer, finance director and the head of sustainability.
Privacy and data security are important issues for WPP. Our companies collect consumer data through new media and digital channels as well as consumer research, direct marketing and PR and use it to gather opinions, study attitudes (including purchasing habits) and to create targeted digital and direct marketing campaigns.
Awareness of privacy issues continues to grow across all markets and this is being further cemented by increased regulation. Some consumers and interest groups are concerned about the collection and use of personal data for marketing purposes, including practices such as behavioural targeting. We must balance requirements to protect consumer privacy with our need to produce intelligent marketing in line with the natural progression of the marketing industry.
Principles and guidance:
Our approach to privacy is guided by four priorities: maintaining consumer trust; reducing legal and financial risks to WPP; educating our people and the people we work with and improving our own knowledge base; and enabling our clients to use consumer data appropriately to enhance their marketing.
The parent company provides guidance and advice to our operating companies on privacy and data security issues. To ensure that all our people have an understanding of the basic issues, we have added privacy and data security to our revised ethics training which will be rolled out to all employees in 2012.
A briefing document is available on our Group intranet to help employees understand their legal responsibilities and the need to balance commercial objectives with privacy obligations. It defines basic privacy-related terms and includes guidance on privacy clauses in client contracts, data privacy expectations and what to do if a breach occurs. We presented the briefing to the finance directors of Group companies in 2011. Some of our companies have made it mandatory for employees to attend a briefing on the document. In 2012, we will be reviewing the data protection and privacy policies and procedures in place at WPP and its companies, and updating these where necessary. We will also be auditing compliance in a selection of offices worldwide.
Our key digital marketing and research companies have nominated senior executives to provide leadership on privacy, and they work with other companies in the Group and clients to share best practice. For example, Kantar, our global market research group, has a chief privacy officer and has set up a Privacy Network of experts from across its businesses. It meets every two months to discuss external and internal developments and identify any action required at Group level on privacy and security issues.
Many of our companies have policies and procedures covering how data (including protected types of personal data) should be handled, and some have developed their own technology and tools to improve transparency. These are regularly reviewed and updated. For example, Kantar has added specific modules to its privacy policies on issues relating to the use of social media and mobile devices. Wunderman Seattle has established a Privacy 101 training course that all new employees complete as part of the induction process.
Some of our companies have achieved accreditation for their market research and information security management systems. For example, Kantar Operations, which provides centralised market research and data services for the Kantar group, has been accredited with ISO 20252 in its UK and North American offices and ISO 27001 in its UK and India offices.
Working with others:
We continue to review the contractual arrangements we have in place with our suppliers and clients, to clarify our respective roles and responsibilities, to make sure these are appropriate and consistent and to ensure that they continue to meet the requirements of evolving laws and regulations. In 2011, we started to audit these contracts to make sure provisions relating to privacy are being met.
We work with partners on privacy issues. Our companies meet with regulators and participate in consultation exercises to give their views on proposed regulation. In 2011, this included an initiative with the Digital Innovation and Privacy Forum on the new EU Cookie Directive.
We collaborate with others in our industry on privacy issues. For example, during 2011 Kantar engaged on a potential self-regulatory framework for the use of tracking technologies in market research.
Many of our people are active participants in organisations working on privacy issues. For example, John Montgomery, COO at GroupM Interaction, is currently chair of the American Association of Advertising Agencies Privacy Committee which works to address internet privacy issues, particularly related to interest-based advertising. George Pappachan, Kantar’s chief privacy officer, is a member of the privacy and legal affairs committees of the industry associations ESOMAR and CASRO.
We undertake public policy work for clients, including direct lobbying of public officials and influencing public opinion. The majority of our public affairs work is undertaken for clients in the US, although many of our clients are multinational companies. Our public affairs companies include:
- Burson-Marsteller, and its affiliates:
- Prime Policy Group
- Direct Impact
- Penn Schoen Berland
- Dewey Square Group
- Glover Park Group (acquired in 2011)
- Hill+Knowlton Strategies, and its affiliate:
- Wexler & Walker Public Policy Associates
- Ogilvy Government Relations
- Quinn Gillespie & Associates
WPP companies comply with all applicable laws and regulations governing the disclosure of public affairs activities. In the US, this includes the Lobby Disclosure Act and the Foreign Agent Registration Act, which are designed to achieve maximum transparency on client representation and require lobby firms to register the names of clients on whose behalf they contact legislators or executive branch personnel. It is WPP’s practice that those of its US companies whose sole or primary business is lobbying have representatives of both major political parties among senior management.
We will not undertake work which is intended or designed to mislead. We do not knowingly represent ‘front groups’ (organisations which purport to be independent NGOs but are controlled by another organisation for the purpose of misleading) and seek to ensure we are aware of who the underlying client is before taking on work.