Privacy and data protection are important issues for all our companies and we aim to meet best practice standards.Our companies collect consumer data through new media and digital channels as well as consumer research, direct marketing and PR and use it to gather opinions, study attitudes (including purchasing habits) and to create targeted digital and direct marketing campaigns.
Awareness of privacy issues continues to grow across all markets and this is being further cemented by increased regulation. Some consumers and interest groups are concerned about the collection and use of personal data for marketing purposes, including practices such as behavioural targeting. We must balance requirements to protect consumer privacy with our need to produce intelligent marketing in line with the natural progression of the marketing industry.
Our approach to privacy is guided by four priorities: maintaining consumer trust; reducing legal and financial risks to WPP; educating our people and the people we work with and improving our own knowledge base; and enabling our clients to use consumer data appropriately to enhance their marketing.
The parent company provides guidance and advice to the operating companies on privacy and data security issues. To ensure that all employees have an understanding of the basic issues, we have added privacy and data security to our revised ethics training which will be rolled out to all employees in 2012.
A briefing document is available on our Group intranet to help employees understand their legal responsibilities and the need to balance commercial objectives with privacy obligations. It defines basic privacy-related terms and includes guidance on privacy clauses in client contracts, data privacy expectations and what to do if a breach occurs. We presented the briefing to the finance directors of group companies in 2011. Some of our companies have made it mandatory for employees to attend a briefing on the document. In 2012, we will be reviewing the data protection and privacy policies and procedures in place at WPP and its companies, and updating these where necessary. We will also be auditing compliance in a selection of offices worldwide.
Our key digital marketing and research agencies have nominated senior executives to provide leadership on privacy, and they work with other agencies in the Group and clients to share best practice. For example, Kantar, our global market research group, has a Chief Privacy Officer and has set up a Privacy Network, of experts from across its businesses. They meet every two months to discuss external and internal developments and identify any action required at group level on privacy and security issues.
Many of our companies have policies and procedures covering how data (including protected types of personal data) should be handled, and some have developed their own technology and tools to improve transparency. These are regularly reviewed and updated. For example Kantar has added specific modules to its privacy policies on issues relating to the use of social media and mobile devices. Wunderman Seattle has established a Privacy 101 training course that all new employees complete as part of the induction process.
Some of our companies have achieved accreditation for their market research and information security management systems. For example Kantar Operations, which provides centralised market research and data services for the Kantar Group, has been accredited with ISO 20252 in their UK and North American offices and ISO 27001 in their UK and India offices.
We continue to review the contractual arrangements we have in place with our suppliers and clients, to clarify our respective roles and responsibilities, to make sure these are appropriate and consistent and to ensure that they continue to meet the requirements of evolving laws and regulations. In 2011, we started to audit these contracts to make sure provisions relating to privacy are being met.
We work with partners on privacy issues. Our companies meet with regulators and participate in consultation exercises to give their views on proposed regulation. In 2011 this included an initiative with the Digital Innovation and Privacy Forum on the new EU Cookie Directive, which will significantly change the way that consumers’ data is stored online.
We collaborate with others in our industry on privacy issues. For example, during 2011 Kantar engaged on a potential self-regulatory framework for the use of tracking technologies in market research.
Many of our people are active participants in organisations working on privacy issues. For example, John Montgomery, COO at GroupM Interaction, is currently chair of the American Association of Advertising Agencies Privacy Committee which works to address Internet privacy issues, particularly related to interest-based advertising. George Pappachan, Kantar’s Chief Privacy officer, is a member of the privacy and legal affairs committees of the industry associations ESOMAR and CASRO.