In a presentation at the research firm's annual security and risk management summit, Frank urged marketers to firm up their privacy policies and achieve compliance with the (DAA), an industry-led self-regulatory organization focused on educating consumers about how their information is collected and used and providing options for limiting tracking.
The likely alternative, Frank said, is more rigorous oversight of the industry at the hands of federal regulators.
"By now it's clear there are no easy solutions to the problem of how to reconcile marketing imperatives with privacy," he said. "You don't want regulatory practices to go and start to replace the self-regulatory practices, and this will happen if people aren't complying voluntarily."
The DAA, whose members include several of the leading advertising and marketing trade associations and the Council of Better Business Bureaus, has been working to spread its privacy framework throughout the industry in a bid to convince lawmakers and regulators that self-regulation is a viable path to protecting consumers.
Frank, a fan of the self-regulatory model, is advocating that businesses engaged in behavioral targeting sign onto the model backed by the DAA, which he described as a "serious" organization.
Many privacy advocates, however, have challenged whether the DAA model goes far enough, calling for an expanded government role in policing the sector and more tools to allow users to escape tracking systems.
Lawmakers have made efforts at passing legislation to authorize federal regulators to enforce rules for protecting consumer privacy online in the last several sessions of Congress, but so far each has stalled. Frank expects that pattern to hold.
"I personally think that privacy legislation is a losing proposition for most politicians, because whatever you do you're not going to make everyone happy," he said. "Either the powerful Silicon Valley lobby will come down on you as they have, for instance, in prior attempts to legislate piracy. Or you'll be accused of making toothless laws that don't protect anyone. So it's really a no-win situation."
"I certainly don't think that this congress is going to do anything, and if I were a gambling man I would bet that the next congress won't either," he added.
In addition to signing onto the DAA privacy framework, Frank advised firms to work to bring together the privacy and marketing teams, noting that they often work at cross purposes.
Acknowledging that data is in essence a form of currency in the marketing operation, and that the business case for maintaining detailed customer profiles is compelling, Frank nonetheless urged privacy officers to involve themselves in the development of any data-collection program. By speaking on behalf of the consumers, in-house privacy advocates could challenge their marketing counterparts to implement reasonable limitations on their data-collection efforts, setting caps on how long data would be retained and minimizing the gathering of personally identifiable information, for example.
The "best thing privacy officers can do is bring the customer's voice into the marketing process," he said. "What marketing really needs on this stuff is a conscience."
in CIO's Government Drilldown.