[log in to unmask] wrote:
> 
> ** Reply to note from Adrian Tribe <[log in to unmask]> Fri, 12 Nov 1999 07:56:48 +0000
> 
> > >
> > > > we did this and wrote to all staff and allowed them to opt out
> > > > as opposed to opt in, I think we only got 4 who wanted to be ex-diretcory
> > >
> > >Hi Sally,
> > >
> > >4 wanting out is pretty good.  But did the other xxx really reply?  My
> > >concern is if I did the same I will be lucky to get 20% response.
> > >
> > >Regards
> > >Charles
> >
> > Charles makes an important point here, because you are
> > not on safe ground by taking a failure to respond as
> > being the same as a positive indication of either giving
> > or withholding consent.  This point was made at the DP
> > update conference in London in May by the bloke from the
> > Office of the DPR whose name I can't remember!
> 
> Can I clarify two points here (as I now see I misread Sally's comment).
> 
> First, I am under the understanding that up to Oct 1998 we could have set up
> directories allowing staff to opt out (ie. everyone is in and then we simply
> remove entries).  We could therefore have taken (permitted by the DPR) non
> replies as acceptance to be included.  What I mean is we HAD such permission
> but we did not implement a directory before Oct 1998.
> 
> Since 1998 I think it has been made clear (on more occasions than one) that
> we must have explicit opt-in.  For those who are making such directories
> live since Oct 1998, it should be classed as new processing thus it has to
> comply with the new Act.
> 
> Right/wrong?
> 
> The second problem is the following.  If staff must opt-in, how do I get them
> to reply whether they want in or out.  I will get a very low reponse (that is
> why I thought 4 wanting out was pretty good 'cause I assumed xxx explicitly
> wanted in).  I would have to go around selling the idea and I cannot do that
> (too many other things to do). I would like to receive the replies on paper
> and then enter them in a database (I know I could receive opt-ins opt-outs
> via email but where is the electronic signature ?  I have different
> alternatives but they will all result in an even lower response). I have no
> support for such an exercise.
> 
> The second problem above is an organisational management problem not
> data-protection issue, albeit it is caused by the new Act.
> 
> Even if we were to be given persmission by the DPR now, to allow staff to
> opt-out until when would it be valid?  Oct 2001?  By Oct 2001 we have to
> comply with the new Act in full.  In my view it is little point setting up a
> directory now and then go back in less than two years and undo it.
> 
> The Act is straighforward in this respect (famous last words), we must have
> explicit opt-in. The technology is simple, all that is needed is a flag in a
> database and it would not be difficult for the users to change it themselves.
> The real problem we all face is that in an opt-in policy we will get very few
> responses thus very few opt-ins.  Further, every organisation has staff whose
> hair stands on end when they see a computer.  We have staff who never check
> their mail boxes (or know how to switch a PC on).  What good is it asking
> them to reply or even including them since I KNOW they never look at a PC.
> 
> Please, let us not make this into a discussion of how to bring people to the
> 21st Century.  I have plenty of ideas of my own, napalm or nukes seem to be
> my preferred options.  What I personally need is practical solutions as to
> how to get staff to respond In/Out.  When I know how many want out I will
> worry about the opt-out level.
> 
> Regards
> Charles
> 
> ==============================================
> Charles Christacopoulos, Secretary's Office, University of Dundee,
> Dundee DD1 4HN, (Scotland) United Kingdom.
> Tel: +44+(0)1382-344891. Fax: +44+(0)1382-201604.
> WebDad of http://somis.ais.dundee.ac.uk/
> Home of the Scottish Search Maestro http://somis2.ais.dundee.ac.uk/
> Happily using OS2 Warp.
> ==============================================
It might interest this list to know that in the direct mail industry, a
3% positive response rate is considered rather good.  When one asks
people at a distance to do something, they don't like to unless they see
something of significant value to themselves coming back.  This may
suggest why business has been rather cool to data protection in its
unpasteurized form as is now being implemented in the UK. Now, as to
this directory business, I suppose you could "market" the
glory/wisdow/desirability of having your name on the 'Net, but I gather
this is a tough sell.
  As for consent, the Directive refers to mere consent, and to explicit
consent, the latter especially as to sensitive data. Nowhere are these
terms defined. I believe a very good case can be made and reasonably
argued that an opt-out situation is "explicit" if the facts are
attractive. Eg., a number of occasions are given to opt-out before data
disclosure, clear explanations of what will happen to the data are
provided, a simple and costless means of opting-out is provided, and
perhaps some sort of personal touch is provided. This might be a
personal handwritten note, or the appearance of the data protection
officer at general meetings of the University to receive opt-outs, or a
secretary's calls.  The imagination can go on and on.  I think this
group might do itself a service by beginning to work on, and develop,
other modalities of demonstrating "explicit consent".  This instance is
but one of many to come where this will be required.  I would urge you
to build a record that "loud silence" after "loud warnings" equals
"explicit consent". 
Regards,
 
-- 
Charles A. Prescott
Vice President, International Business Development 
and Government Affairs
Direct Marketing Association
1120 Avenue of the Americas
New York, NY 10036
U.S.A.

Tel. (1) 212-790-1552
Fax. (1) 212-790-1499
e-mail: [log in to unmask]
website: www.the-dma.org



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%