Managing Marketing Risk for Future Success September 2015 Deborah Thomas RBI Group Risk & Compliance Officer RBI Global Risks © 2014 Reed Business Information Ltd 1 2 3 4 1. IP Protection > 90% 2. Third Party Data handling 6 A 3. Talent capability P R O B A B I L I T Y 4. Global laws & regulations 50 - 90% 5. Talent lifecycle B 4 1 5 11 6. Leakage of trade secrets or other confidential information 3 1 10 - 50% C 7. Investment in new technology 8 10 2 8. Portfolio change 9 9. Economic & political 7 <10% D uncertainty <2% Revenue / Op Profit 2 - 5% Revenue / Op Profit 5 - 10% Revenue / Op Profit I M P A C T >10% Revenue / Op Profit 10. Reacting to disruptive competitor activity 11. BCP and Disaster Recovery © 2014 Reed Business Information Ltd Anti-Bribery Risk © 2014 Reed Business Information Ltd THE GLOBAL RISK MAP © 2014 Reed Business Information Ltd BRIBERY RISK IN MARKETING Gifting and Entertaining Vigilance when attending dinners, awards and events. Ensuring accurate recording of G&E Knowing limits around the world New RBI G&E recording system being launched globally in Q4 2015. Using Third Parties RBI are responsible for the conduct of agents (sales, marketing etc..) who work on our behalf. Due diligence must be performed if the intermediary falls within the scope of the policy, before work is undertaken. Full training, policy documents and materials available. © 2014 Reed Business Information Ltd Data Privacy © 2014 Reed Business Information Ltd DATA PRIVACY RISK IN MARKETING Complex and fast-changing area, and getting more complex as RBI becomes more international RBI Global Contact: Robbie Burgess Global Approach: Elsevier has global e-marketing guidelines for more info for a global approach: http://nonsolus/legaldepartment/privacy/emarketing.htm New Canada Guidelines: The RELX DPP group has an information page on the recent changes to Canada’s marketing laws (CASL) here: https://thewire.regn.net/corporate-departments/legal/privacy/Pages/casl.aspx New Singapore Guidelines: The guidance provides some specific examples to illustrate when consent can or cannot be required. https://www.pdpc.gov.sg/docs/default-source/advisory-guidelines-on-consent-for-mktg/advisory-guidelines-onrequiring-consent-for-marketing-(8-may-2015).pdf?sfvrsn=2 The DPA has also issued another document that sets out sample clauses for obtaining consent for memberships, marketing and lucky draws and sample forms for the withdrawal of consent from marketing/telemarketing. https://www.pdpc.gov.sg/docs/default-source/Templates/sample-clauses-for-obtaining-and-withdrawing-consent-(8may-2015).pdf?sfvrsn=2 Safe Harbour Guidelines: http://export.gov/safeharbor/eu/eg_main_018476.asp The RELX Group Safe Harbor Privacy Policy, revised June 1, 2015, is available from the corporate website at: http://www.relxgroup.com/documents/policies/safe-harbor-policy.pdf. © 2014 Reed Business Information Ltd SAFE HARBOUR RULES Safe Harbor is a US voluntary self-regulation scheme set up by the US Dept. of Commerce that has been declared adequate by the European Commission. This means that companies can transfer personal data from the EU to a US company who has signed up to Safe Harbor in compliance with the EU’s transfer principle (no transfers outside the EEA without adequate measures in place). By signing up to Safe Harbor a US company agrees to seven data handling principles, similar to the EU’s principles. These are: notice, choice, onward transfer, access, security, data integrity, enforcement. Once signed up the company has to re-certify every year. Currently the following RELX entities have Safe Harbor certifications. • Accuity Inc. • Health Market Science • LexisNexis Examen Inc. • Lexis Managed Technology Services, a business of LexisNexis, a division of Reed Elsevier Inc. • LNRS, operating through LexisNexis Risk Holdings Inc. and LexisNexis Risk Data Management Inc. and their subsidiaries • Moreover Technologies Inc. • Reed Elsevier Technology Services, a division of Reed Elsevier Inc. • WorldCompliance Inc. © 2014 Reed Business Information Ltd DATA PRIVACY DOS AND DON’TS Adhere to the licence or other requirements of bought-in or harvested lists. If consent is required it must be freely given, specific, informed and positively indicated. Retain proof of consent to demonstrate compliance if challenged. Inform customers and prospects that their data will be used for marketing. There are different ways to achieve this. (Robbie will know how RBI do it.) Always identify the sender. Always offer an opt-out from marketing communications. Action unsubscribe requests promptly. Follow your relevant internal business rules on things like retention of non-active customer data; how many times in a certain period you can carry out phone/e-mail marketing activities etc. © 2014 Reed Business Information Ltd Collect contact details responsibly. Don’t assume just because it’s public it means the person is open to receiving marketing. Collect what you need to have, not what would be nice to have. Don’t add unnecessary or very personal details to CRMs, such as birthdays, children’s names, favourite football team and so on. Don’t market into a country without checking whether there are any specific rules and that you are complying with them. If a country has a ‘do-not-call’ register, always use it. Don’t send large amounts customer data around internally by e-mail unless necessary, and password-protect the attached document. Q&A © 2014 Reed Business Information Ltd DEBORAH THOMAS – QUICK BIO Education Graduated in 1999 from St John’s College, Cambridge Qualified ACA from PricewaterhouseCoopers (PwC) in 2002 Work 5 years in Omnicom (2004-09) running group projects for a UK division of the world’s largest Marcomms group 3 years in Diageo (2010-13) doing risk management and compliance roles in London and Singapore Joined RBI in 2013 as Group Risk & Compliance Officer in London © 2014 Reed Business Information Ltd