Are You Paying Attention to Privacy
by Kim M. Bayne
e-Business Advisor magazine
February 2001
Internet technology can offer digital entrepreneurs a better view of the typical customer. Through the use of cookies, personalization, site registration, and databases, e-marketers can virtually peek into a customer's mind, applying gathered and mined information to create more useful Web sites or sell just the right product.
It seems as if dot-coms love online technology so much that e-marketers routinely forget that the customer comes first. As a result, e-commerce enterprises, including those heading toward bankruptcy, often find themselves at the center of the growing controversy over customer privacy. Even if an enterprise has no original plans to release customer data, the financial condition, management, and ownership of a company can change, along with policies originally conceived in good faith.
Privacy concerns
Consumers have two main complaints about online privacy practices: violations and covert data gathering. Violations involve differences between the policy statement and the company practice, such as promising to keep data private but releasing it to an outside service provider or trading data to partner companies without permission. Covert data gathering includes activities that occur without a consumer's know- ledge, such as the placement of cookies, the aggregation of session information from multiple past visits, or the merging of offline and online mailing lists.
"Technologies like personalization and CRM [customer relationship management] tools increase the need for accurate customer data while raising the stakes for customer privacy," says James Crawford, senior consultant, marketing solutions for DiaLogos, a customer development firm. He sees both the consolidation in the industry (mergers) and the consolidation at the data layer (data warehousing) as having the greatest potential for privacy abuse.
To be fair, "when privacy policies are drafted, (companies) are not envisioning all the situations they'll find themselves in," says attorney Tom Regan of the law firm Cozen and O'Connor. As a counsel to the National Fraud Center in various privacy initiatives, Regan observes that new technology can often have an anti-privacy aspect that isn't readily obvious.
REALITY CHECK: Consumers aren't cutting e-businesses any slack for their lack of foresight. Judging by the types of complaints filed with the Federal Trade Commission (FTC) in 2000, privacy advocates are fervently calling out e-marketers that continue to tread on privacy's sacred ground.
EXAMPLE: Amazon.com is one company that found itself in trouble with privacy groups. According to news reports, Amazon's original privacy policy stated the company would not trade, sell, or rent a customer's personal information. In September 2000, the online bookseller revised its policy and was immediately criticized for altering an agreement with previously registered customers. In December 2000, Junkbusters Corporation, a privacy clearinghouse in New Jersey; and the Electronic Privacy Information Center, a research center in Washington, D.C., each asked the FTC to investigate Amazon.com's current privacy practices regarding its gathering, sharing, and use of customer data.
Risks of breaching agreements
"Changing the rules undermines the confidence of the online shopper," says Anand Jagannathan, founder and chairman for Responsys.com, an online direct marketing service provider. E-businesses strapped for cash have labeled sensitive customer data as "company assets" after the fact, then they cash in by selling out. The news media continues to spread similar bad news about online shopping, which can negatively impact sales.
In the past, "if a business didn't address user privacy concerns, they ran the risk of angering users," says DiaLogos' Crawford. Now, e-businesses that ignore privacy concerns "jeopardize their long-term ability to maintain a successful customer relationship," he explains, adding that Web site owners are increasingly exposed to lawsuits and devastating class action suits. Clearly, e-commerce survival relies upon establishing and maintaining customers' trust.
EXCEPTION: Release of customer data isn't always a problem. If you're wondering whether your transfer of customer data is acceptable to the FTC, ask yourself if you're selling a business or selling individual assets. If one company takes over a second company in the same industry, it's acceptable to transfer customer lists to the new owner, clarifies Jagannathan. The "wrong way to liquidate a mailing list is to sell it to five other people," especially when customers haven't provided permission, he says.
Customers fight back
Online users aren't waiting for e-business to self-regulate or government to settle the privacy debate. Users who don't trust Web sites routinely falsify registration information, a common practice documented repeatedly in surveys by the Graphic, Visualization, and Usability Center (GVU) at the Georgia Institute of Technology in Atlanta. False customer data can potentially skew marketing results and increase errors in business decision-making. But falsification concerns rarely dissuade e-marketers.
"When people supply false information, it's usually pretty obvious," claims Mark Smith, president of Quadstone, a provider of predictive marketing software for customer behavioral analysis. "Most people don't go through a long thought process of cleverly changing data," he says, pointing out that Mickey Mouse is "by far the most popular customer of leading online retailers."
Beyond little white lies and user aliases, there are other ways visitors circumvent marketer's plans. Users can set browser preferences to reject cookie files, send disappearing e-mail, or surf Web sites through anonymous services and software.
Are you too nosy?
If you're interested in gauging your true privacy reputation, there are a few entry-level answers at your fingertips. Tracking the rate of opt-out customers can give insight into privacy concerns, or at least point out that you're sending too many e-mails to customers.
A simple survey of incomplete Web site registration forms can ferret out intrusive questions--ones that repeatedly go unanswered. Ignored questions may also point to a failure to convince the user there's value in providing this data.
Current Web technology can also reveal whether or not e-customers trust your company's privacy practices in general.
"If you're using cookies as your method of [user] identification, you can see the number of people coming to your site who are either accepting or not accepting cookies," says Jay Henderson, product marketing manager for NetGenesis, referring to Web browser preferences that let users reject cookies. If a large number of visitors are rejecting your site's cookie files, "perhaps you should look at other mechanisms for unique identification," he notes.
Tools like NetGenesis 5 (e-metrics software) can tell Web masters if a large percentage of users are visiting a site via anonymous software and services. Such measurement solutions help marketers recognize site trends and know when and where to take corrective action.
Improve the customer relationship
Rick Vieth, vice president of marketing for Dynaptics Corporation, a provider of Web personalization products, sees a difference in creating a user profile vs. a shopper's profile. He prefers to avoid "drawing a profile around users based on traditional demographics." Instead, Vieth is only interested in being able to glean from a customer's online shopping session where his interest is, using that information to make product suggestions along the way. This resembles how shoppers are served in brick-and-mortar stores.
"When you walk through the door, shopping clerks don't ask you a bunch of personal questions," says Vieth. Questions are related to why the customer came to the store and how the sales clerk can help.
Users may provide a false name, but "they can't hide their behavior," says Quadstone's Smith. Customer behavior--pages viewed and in what order--can't be faked. Surfing patterns are often a better predictor of online shopping and buying behavior than traditional demographics.
SMART MOVE: Once you realize that your business needs are better met by tracking behavior and customer needs instead of personal information, you can work on building a privacy platform on your Web site that addresses the concerns of both the customer and the company.
Five best practices for protecting privacy
"There should be some common guidelines across the industry," says Responsys.com's Jagannathan, promoting the idea of consistency across Web sites so everyone understands the concept of privacy. Jagannathan cites the following five main aspects of creating a workable privacy policy statement.
1. Provide notice.
According to an Internet privacy policy survey by Georgetown University, almost two-thirds of consumer-oriented Web sites have privacy disclosures. But not all privacy statements are equal.
"Be completely honest and clear in explaining how customer data will be used and why it's needed," says Smith. Sometimes, a Web site appears to go through the motions of addressing privacy concerns by giving minimal notice "just to protect themselves," he says. "The consumer is going to drive business one way or the other ... being honest is one of the key things in the whole privacy debate," he adds.
DiaLogos' Crawford believes privacy policies should include contingencies for both business and technological changes. This year, a large number of dot-coms dosed their doors and put their assets up for sale. Customers who didn't anticipate the sale of a business became concerned that their data would land in the hands of an unknown and unreputable entity--and with good reason.
2. Get permission.
"The consumer doesn't want [personal data] to be swapped out and traded, and may not want a follow-up contact from the original vendor," says Dynaptics' Vieth. Online customers want "assistance and service, but not at the price of having personal information go beyond a visit," he says. He adds that site registration forms shouldn't make information-sharing a default action. Boxes for such permission should be unchecked, making the choice "totally opt-in."
"Asking users to register or allow themselves to be tracked without delivering value in return is the kiss of death for establishing a mutually beneficial, trusting relationship," confirms Crawford. The customer is more agreeable to revealing preferences, such as current lifestyle needs, and allowing data sharing if there's something in it for him or her. The marketer not only has the responsibility of convincing the customer that there's value in sharing data, but he or she must convince customers that there's value in sharing that information with other companies.
"Focus on making a case to the customer why it's valuable to them to provide their data. If an e-business can't provide the value statement to the customer, then the consumer has the choice to move on and go somewhere else," advises Quadstone's Smith.
3. Allow data access.
Occasionally, a site posts a privacy statement that's either questionable or deemed unacceptable by privacy advocates.
EXAMPLE: In an August 21, 2000 column for The Gazette (Colorado Springs, Colorado), I reviewed the Web site of a local FM radio station. The radio site linked to a disclosure statement on a broadcast portal site. The linked statement revealed that personal information couldn't be changed or deleted (figure 1).
[Figure 1 ILLUSTRATION OMITTED]
"To completely ignore that the customer needs access is very short-sighted," says Smith. If you deny a consumer the opportunity to update personal data, you fail to consider that interests and lifestyles change. You could be wasting money marketing to a disinterested market segment.
"It's a lack of real understanding of why data is valuable that makes companies nervous about giving customers access to it," Smith says. Savvy e-marketers understand that the accuracy of customer data is critical.
4. Offer control.
"The consumer should have the right to get out of the system. This is a very important element of what makes it successful," says Responsys.com's Jagannathan.
Don't waste time and money marketing to individuals who are no longer going to purchase a particular product or use a service. Maintaining useless names in a customer database for the sake of pumping up the numbers is a disservice to e-businesses, online customers, and anyone else with whom you do business.
5. Be consistent between policy and practice.
Whether or not sites follow their stated policies to the letter is a big area of consumer concern. Unless your site is a trusted name with which the user has previously done business, the casual visitor shouldn't be expected to provide personal data in exchange for access. Until a company has demonstrated that it respects and honors privacy policies, don't expect customers to volunteer information until they decide to close the sale.
"If there are clear guidelines, I'll have more trust," says Jagannathan, speaking from the customer's viewpoint. Responsys.com bases its privacy guidelines on its experience with clients, including Lands' End, BMW, Radisson Hotels, Chadwick, and eToys. The company has achieved a customer list opt-out rate of less than 2 percent.
Finally, in addition to educating your customers about your privacy policies, concentrate on educating your staff on the implications of proper privacy policy administration. Review your privacy polices and marketing practices continually for relevancy and compliance. Change or explain anything that may appear--even on the surface-to conflict with your privacy initiatives, and be proactive in doing so to avoid conflicts.
TOP TIP: Above all, if you state that you won't ever sell or trade a customer's data, remember that promise and stick by it.
Article COPYRIGHT 2001 Advisor Publications, Inc.
Article COPYRIGHT 2001 Gale Group