• August 17, 2001

August 15, 2001 Web Chat: Personalization vs. Privacy

Forrester Research analyst Chris Kelly and CRM magazine contributing editor Jason Compton examine solutions for gathering, sorting and marketing customer information by answering participant questions.

**Transcript Begins**

SPEAKER_destinationCRM Event Host: Welcome to destinationCRM.com's live Web Chat: Personalization vs. Privacy. We are chatting today with Jason Compton and Chris Kelley.

SPEAKER_destinationCRM Event Host: Jason Compton, a contributing editor to CRM magazine, authored the feature, "Personalization vs. Privacy" in the August issues of CRM magazine.

SPEAKER_destinationCRM Event Host: Christopher Kelley, an analyst with Forrester Research, focuses on consumer e-commerce issues, including customer service and privacy.

SPEAKER_destinationCRM Event Host: Please submit your questions for Jason and Chris by typing and clicking on the "Send to Speaker" button. Time constraints permitting, we hope to get to as many of your questions as we can.

SPEAKER_jasoncompton: Thanks for coming everyone. Ask those questions, please.

SPEAKER_Chris Kelley: Good afternoon everyone. I would be happy to answer any questions you all have regarding consumers' attitudes towards privacy.

jamesw: Why are people worried about privacy? Is this just paranoia?

SPEAKER_jasoncompton: Aside from the fact that some people simply find it creepy to know that there's a spreadsheet as long as their arm about them at major enterprises across the country, some people are generally worried that personalization will be used in ways that punishes rather than rewards certain consumer segments.

SPEAKER_jasoncompton: People don't want to see dumbed-down content delivered to 'ghetto' ZIP codes or IP addresses, people don't want to get bad service because they fit the profile of an unprofitable customer, and people above all don't want to see preferential pricing.

SPEAKER_jasoncompton: Basic microeconomics says that the most profitable way to operate would be to know exactly where your customers lie on the demand curve, then sell to each of them at that precise price. Needless to say, if I'm willing to pay $25 for something that retails for $15, I would hate for the vendor to figure that out and jack up his price as I visit.

SPEAKER_Chris Kelley: Even beyond pricing, consumers are worried about possible ramifications with health care or getting turned down for a job because of their profile.

jschranz: how does one go about thinking about hiring a privacy officer?

SPEAKER_Chris Kelley: The privacy officer needs to wear many hats -- from knowing about the corporate culture, to IT, to policy.

SPEAKER_jasoncompton: In the real world, a lot of general counsels are being given the CPO job as an interim measure, but Chris is right, they need to be cross-discipline. My story has a profile of Expedia's CPO who is both responsible for privacy AND personalization, a tenuous mix but he feels it works.

Bruce: Could you please comment on the protection of corporate vs. personal information. For example, are there privacy requirements for a person's corporate address, phone number, and profiles?

SPEAKER_jasoncompton: It sounds like you're talking about information about an individual, rather than about a corporation, in which case as far as I'm aware that's considered "personally identifiable" and just as valid for protection as a home address. (In other words, if I give a website my work address and my home address, both need to be treated with equal respect with regards to privacy.)

SPEAKER_Chris Kelley: Ironically, most consumers equally guard their home information (e.g. phone number and address) as they do their work information.

allears: Beyond federal regs, what are your recommendations for businesses to stay in clients' and prospects' good graces in concern to its email practices?

SPEAKER_Chris Kelley: Consumers want two things when it comes to email -- one is control over unregistering, and the other is a clear value proposition from the company.

SPEAKER_jasoncompton: Which means that if you're sending e-mail uninvited, you'd better have a pretty good reason for doing so. Most of the analysts and vendors I've spoken with recommend aggressively re-verifying the types of e-mail people want to see.

PJ: What tools do you recommend firms use that allow them to personalize their Web sites and protect their consumers' privacy?

SPEAKER_Chris Kelley: Since I am consumer-focused in my research, there are better people here at Forrester who can help with that issue.

SPEAKER_jasoncompton: We're not systems consultants, so I can't really tell you what the "best" software to use is. The CRM Magazine website has a variety of vendor links...my suggestion is to figure out what your privacy goals are, then ask tools vendors if they're interested and capable of helping you meet those goals.

hatteras: Which industries, if any, do you feel are ahead of the curve in applying personalization techniques - wireless, financial services, etc.? Are there any particular tactics that are now raising the red flag on privacy?

SPEAKER_jasoncompton: I've been told that telecom/wireless has good things going, but then again, Ameritech just always tries to sell me caller ID every time I call for service, so I'm dubious.

SPEAKER_jasoncompton: Personalization started with e-tail, and that's where it's been motivated to mature the quickest. Major financial services firms, such as Fidelity, have good stories to tell in the space in terms of understanding and synchronizing their customers across channels.

SPEAKER_jasoncompton: As for red flags, I'm personally very concerned about a complete lack of restriction on data _acquisition_, which is a major red flag in my mind for just about anybody. I'd say watch the next twelve months and see if any financial services vendors get slapped for Gramm-Leach-Bliley infractions.

SPEAKER_Chris Kelley: Amazon has worked hard to personalize their site. However, when they went to personalized pricing, they got dragged over the coals for it because of the privacy issues involved.

PJ: Do you need to sacrifice advanced personalization in order to protect consumers' privacy?

SPEAKER_jasoncompton: It depends on what your approach to the personalization problem is. If you _require_ your customers to interact through a data-collection heavy personalization interface, then it's the customer who makes the "sacrificial" decision.
pbeston: Isn't it really a matter of whether the customer sees a clear value benefit in providing personal data?

SPEAKER_jasoncompton: If, on the other hand, you're willing to serve customers who insist on anonymity, then yes, you may have to sacrifice some of the ROI your personalization vendor promises when you discover that one-third or more of your customers are either falsifying data (that number from the Personalization Consortium's research) or simply opting not to participate in your personalization efforts, period.

SPEAKER_Chris Kelley: No, so long as you establish a clear value proposition with consumers, they will share as much data as you will need to successfully personalize a site. If you don't have a clear value proposition, or if you try to collect too much data behind consumers' backs, then they will give you bad data.

pbeston: Isn't it really a matter of whether the customer sees a clear value benefit in providing personal data?

SPEAKER_Chris Kelley: Yes, that is the key. But consumers also want some control over their information. That is, if, over time, a consumer doesn't see the value that they thought would be there, they want to be able to opt-out of the relationship.

SPEAKER_jasoncompton: The experts seem to say 'Make sure you provide something of value in return' then run away before you can ask them to explain what that means. Frankly, aside from making it a barrier to entry for doing business with your company and then letting them make the decision whether your service is worthwhile, I'm not sure.

SPEAKER_jasoncompton: Because personalization is ultimately about increasing profits, I'm a little surprised we haven't seen industry say 'If we can't personalize, we'll make less money and your IRAs will lose money'-I suspect such tactics are only a matter of time. Already, certain marketing agencies threaten that restrictions on data collection and sharing will make items like clothing more expensive, so the transition to threatening people with destitute retirements isn't as much of a stretch as you might think.

nykirke: Does real-time personalization pose additional problems for customer privacy?

SPEAKER_Chris Kelley: It depends on how it is executed. If you offer it to everyone without asking them, there will be consumers who won't be happy about it because they'll think it's creepy.

SPEAKER_jasoncompton: Assuming you mean real-time vs. any other sort of personalization, I'd say maybe, only in that real-time personalization tends to insist on a greater amount of data synchronization across channels, which could mean that more members of your organization know more about your customers...

jacques: Do consumers read privacy policies?

SPEAKER_Chris Kelley: Overwhelmingly no. However, they're still concerned about the issue. Therefore, companies should push their privacy message out to consumers every chance they get.

pbeston: Do you see the future of online privacy being determined largely by legislation and/or industry regulations, or by technology tools and software that consumers can use to protect themselves (like ZeroKnowledge, for instance?)

SPEAKER_jasoncompton: If and when there's some sort of code established it's NOT going to come from enterprise tools vendors, I'll tell you that much. They are singularly uninterested in enforcing any particular code of conduct, because they're ultimately paid to provide a technology, not to be moral watchdogs, and they know it.

SPEAKER_jasoncompton: It doesn't seem that consumer/client-level tools like ZK will ever get enough penetration to completely turn the debate, it only creates "privacy guerillas"...which is fine, if you're willing to become one, but doesn't change overall industry conduct. That said, industry is obviously interested in less regulation than consumers are, and I'm a little dubious that the current executive branch is going to do a whole lot either.

SPEAKER_jasoncompton: THAT said, there are members of both parties in Congress that at least talk an interesting privacy game.

SPEAKER_Chris Kelley: Consumers don't want to lift a finger to protect their privacy. Instead, they see it as a right. With this in mind, technologies that address the privacy issue haven't had much traction with consumers. Conversely, 60% of online consumers want the government to regulate the issue -- a percentage that has held steady since we began tracking the issue in 1999. Will the government do anything about it? Well, as Jason said, it's not on the top of the president's agenda.

mattycrm: What plans does the gov't have to limit the kind of e-customer information I can collect/use?

SPEAKER_jasoncompton: For more detail on that, I'd suggest checking out the groundwork that went into Gramm-Leach-Bliley (the Financial Services Modernization Act), including the work of the three named congressmen. Also check Sen. Hollings and Rep. Dick Armey, who both have advanced privacy agendas recently.

SPEAKER_Chris Kelley: The government's main concern is that there will be some sort of choice in the matter for consumers. That is, that consumers have the option of sharing different types of information with you.

Lisa: Are any of the organizations that were meant to certify corporations' trustworthiness (Trust-e?) able to provide a Goodhousekeeping Seal of Approval that means anything to consumers regarding the integrity of a given institution and their privacy policies?

SPEAKER_Chris Kelley: Right now, Truste has a good reputation with consumers. However, it will only take one or two major privacy blow-ups at Truste sites before this trust is gone. The main problem Truste has is that they have held the bar too low for sites to get a seal.

SPEAKER_jasoncompton: By and large, all those organizations do is verify that a company has a privacy policy in complete sentences. There's a Big Five firm out there (E&Y, I believe) which claims to be doing aggressive privacy audits to make sure that the policies match practice.

SPEAKER_jasoncompton: Basically, the seals say very little about codes of conduct, they're more of a registration database than anything. So until someone can figure out a business model that involves companies not only establishing respectful privacy policies and paying money to be honored in such a way...don't base your decisions on seals alone.

PJ: Why are firms burying these trust seals a few pages deep into their Web site instead of displaying them openly on their home pages?

SPEAKER_Chris Kelley: Because companies see the privacy issue as a compliance issue rather than a customer service issue. If companies elevated their use of seal programs and their privacy policies, they would earn more trust with online consumers.

maryk: Doesn't the privacy problem go away if people just turn their cookies off?

SPEAKER_jasoncompton: Not really. For starters, there are plenty of ways to collect, share, and integrate data about someone even if they don't allow cookies to be stored on their system.

SPEAKER_jason compton: Also, many websites are simply impossible to navigate if cookies are turned off or set to 'ask'-try it sometime, the average website can hurl a dozen or more cookie requests at you, and after a very short while it's just not possible to decide what's necessary versus what's just being used to track your activity.

SPEAKER_jason compton: Finally, the online privacy question has evolved into a broader matter-people aren't just worried about their online records, they're now concerned about those decades of largely unfettered offline collection, too.

SPEAKER_Chris Kelley: To follow up on that, many online consumers don't even know how to turn off their cookies. These consumers have little technological know-how, and would therefore still be very concerned about this issue.

marianne: How am I going to get ROI on my CRM investment if I can't exploit all its potential?

SPEAKER_Chris Kelley: Well, if you collect data and use that data without consumers knowing about it, they'll give you bad data. One-third of online consumers lie online on a regular basis, and they do so because they don't know how their personal information will be used. Therefore, by taking privacy concerns into account, you'll get better data to work off of.

SPEAKER_jason compton: That leads me back to my speculation that companies are going to start telling the CNBC crowd that privacy is un-American. If your entire CRM strategy hinges exclusively on exploiting what I had for breakfast every day of my life, though, you may have other problems.

nick_name: Can anyone speak to online consumer privacy in the UK? I understand that Euro companies must store consumer information in only one country at a time (e.g. German data in Germany)?

SPEAKER_jason compton: I'm not an authority on international privacy but I have heard of such barriers. I spoke with a vendor of wireless personalization software who claimed that it was a real problem for cell providers in Europe because they had a difficult time legally sharing service plan information as business travelers moved across the continent.

TRA: What is the customer's #1 complaint about privacy?

SPEAKER_Chris Kelley: The number one complaint right now is that they get too many spam emails that they don't want. However, there are also the long-term concerns that consumers have which haven't played themselves out yet. For example, using personal information collected online as evidence in a divorce trial.

SPEAKER_jason compton: I'd just like to chime in by saying that although spam is a big complaint, I think it leads too many people to associate the whole issue of "privacy" with simply receiving unwanted e-mail. Privacy and respect for other people's information goes WAY beyond outbound communication.

PJ: Do you think that P3P will increase consumer trust in the Internet?
hatteras leaves Live Chat

SPEAKER_jason compton: (P3P is an emerging standard that allows Web sites to broadcast their privacy policies to a browser, which can then read the policy and share or restrict personal information according to a user's preferences.)

SPEAKER_jason compton: Trust is a perception issue, so from that standpoint, the answer is "maybe"...Microsoft can sell just about any concept if they try hard enough and they're pushing P3P in IE6, so they might convince people that it's a Good Thing. From a results standpoint, the answer is no. Like the cookie problem, privacy isn't something that can be solved with browser-side preferences, and Chris asserts that most people can't even handle cookie options, let alone understanding and setting a slate of P3P criteria.

TRA: How can I integrate a privacy policy into my overall business strategy without turning the company upside down?

SPEAKER_Chris Kelley: A good example of a company that has done this is IBM. They have worked hard on the privacy issue throughout the company, largely with the help of their CPO. With this, IBM has made privacy a corporate priority without turning the company upside down.

Bruce: Can one assume that if a customer volunteers information to one marketing channel that the information can be used with other marketing channels? For example, if a user volunteers information to a web site and that site begins tracking that user's browsing behavior, does it violate the customers privacy to notify a local sales person that a particular customer is showing interest in a specific product?

SPEAKER_Chris Kelley: The key with that issue is letting the consumer know that there will be multiple channels involved. Otherwise, the consumer may not think that any person will contact them, which would then bother the consumer when the salesperson calls.

SPEAKER_jason compton: Right now that is a safe assumption, that information can be shared across contact channels.

SPEAKER_jason compton: There's a danger, however, in very large enterprises of assuming a little too much. I like to pick on AOL Time Warner about this sort of thing...if I tell AOL through a banner click that I might be interested in AOL, to my mind that doesn't necessarily mean I want to get a mailer from Time Magazine. To AOL/TW, I'm "the enterprise's customer" but it's not clear that the average citizen sees or respects the grand web they've woven. (That's a hypothetical situation, BTW, I have no idea if AOL/TW does that sort of thing...)

nick_name: There is no way my company can justify a CPO. Who can we use in-house? Should s/he come from IT or the business side?

SPEAKER_Chris Kelley: Some companies that I talk to are in the same boat. What they have done is created a SWAT team for privacy. These people come from various parts of the organization including IT, marketing, and legal. From my conversations with them, they have been quite effective working on the issue within their own companies.

SPEAKER_jason compton: I've heard it suggested that CIOs are ideal candidates to lead privacy, since they are sensitive to business issues, yet are also ultimately responsible for the technology that has to enforce privacy.

TRA: In regards to non web/email related privacy...How can companies ensure they are effectively and properly communicating their privacy policy to the customer?

SPEAKER_Chris Kelley: Radio Shack now has a short privacy notice at registers in their traditional stores.

SPEAKER_jason compton: Present the information at the channel of contact. While some have criticized the GLB-mandated mailers financial services companies had to send out, as a consumer I thought they worked fairly well--they came on their own, with no bills or marketing materials or anything like that, so they at least expressed a semblance of being important as a stand-alone item.

brianm: Who should we talk to if we want to have our say about the privacy debate?

SPEAKER_jason compton: Anyone with a serious stake in marketing is active in the debate, so that means industry groups and data vendors are good candidates to open a discussion with, as of course is your local congressperson, as well as the aforementioned Hollings, Armey, Gramm, Leach, and Bliley.

SPEAKER_jason compton: The Personalization Consortium tends to get pretty good marks from both industry and legitimate consumer advocates I've spoken with, at least in terms of laying out objectives and codes of conduct.

SPEAKER_Chris Kelley: Senator Kerry from Massachusetts has also taken this issue to heart - so he'd be a good one to add to that list.

SPEAKER_destinationCRM Event Host: That is all the time we have today with Jason and Chris. Thanks for attending destinationCRM.com's Personalization vs. Privacy Web Chat. We encourage you to continue the discussion on the CRM Web board at destinationCRM.com/community.

SPEAKER_Chris Kelley: Thank you all for the great questions. Have a good afternoon.

SPEAKER_jason compton: Thanks for your interest, everyone.

**Transcript Ends**

CRM Covers
for qualified subscribers
Subscribe Now Current Issue Past Issues