The issues regarding member and contact information involve privacy issues that are currently a topic of much public discussion. For instance Privacy Storm Clouds Gather, a column in Executive Edge published by Gartner and Forbes (October, November 2000 p. 19), talks about how people would rather risk fines than supply information. It recommends making a plan and publicizing that plan. The plan should show a move towards "permission-based/opt-in marketing" where potential targets are provided the opportunity to "convey that they don't wish to be marketed to. ... Always give clear instructions on how they can be removed from marketing lists."
To make such a plan or policy can be difficult. There are facts to keep in mind and many questions that must be answered in a manner that eliminates ambiguity yet allows flexibility.
Some of the facts that must be considered in the creation of such a policy are the following.
Membership and contact data is one of the association's primary assets.
Members and contacts may not be well informed about the potential uses of the data they provide.
The privacy of information about individuals is a significant issue subject to current and pending legislation and should not be considered lightly.
The member and contact data is not a simple list but rather a classified and categorized set of records with historical and business transaction information.
There are costs involved in selecting, preparing, and transmitting data that must be accommodated. These costs are over and above those involved in the storage, maintenance, and management of that data.
There are commercial firms and other associations that sell business name and address information classified by industrial code and other means. They may provide a model for the association to use in developing its policy and guide and as an alternative to the association as a source of information.
The policy and guide must answer at least the following questions thoroughly and without ambiguity.
How will the individual requesting member and contact data be qualified and certified? Will requests for data be considered from anyone or just members or an individual meeting some other defined criteria?
How will the utilization of the member and contact data provided under the policy be qualified and certified as appropriate for the association data?
Who will be authorized to certify the requesting individual and the intended use?
What process will be used as a means to affirm or reject the original data request decision if necessary? What process will be used when the individual authorized to certify the requesting individual and use is not available?
What options or alternatives will be offered to anyone requesting the association data and what policy is to be used to guide the selection of any of these options or alternatives?
What field sets will be released and what conditions may be placed on specific field sets?
What record sets will be released and what conditions may be placed on specific record sets?
What process will be used to approve requests for custom field or record sets or other processing or manipulations?
What media will be supported in the conveyance of data? Envelopes, labels, web or e-mail file, directory, or other? What criteria will be used to guide the acceptance or rejection of the requested choice of media? What alternatives will be offered using what criteria?
How will fees be set and what criteria will be used to determine fees? Will fees depend upon the requesting individual and the intended use? How will this be done? Who will review these fees and recommend modifications or changes as needed?
Who will pay data query costs, data conversion costs, media costs, and other incidental costs in selecting, preparing, and transmitting the requested the association data?
How will costs be collected and to whom will they be paid? How will the association assure proper payments for services and products rendered in meeting an approved request?
How will the association record and manage data requests?
How will the association monitor and enforce proper use of data released?
What will the association do if its data is misused? How will it seek recompense or resolution?
How will the association resolve objections and complaints about unwanted marketing by its members and contacts whose information was released?
How will the permissions of the members and contacts for the use of information about them be collected, recorded, monitored, enforced, and used?
How will the intellectual property rights of other parties be managed? This could include logos, company names, data structures and designs, and other potential intellectual property that may be involved either in the data itself, its representation, or the methods used to prepare the data.
Who will be the the association director responsible to the board for monitoring the application of these policies and reporting on their use to the board? How will this person be selected and what will happen if this person fails to perform the necessary duties?
These questions may only cover some of the issues involved. The association directors charged with creating a policy should consult with appropriately qualified individuals to provide assurance that due care was exercised in the preparation of the policy and related guidelines and materials including sample contracts and requesting forms.