Personalizing Privacy for Competitive Advantage

privacyMore personalized marketing communications has been the goal of companies for years: from mass marketing to direct marketing and now one-to-one marketing. Adding the expanded capabilities of the internet makes this goal of personalization even more important to stay ahead of the competition. Successful web sites will be personalized to the needs of the users whether they are coming to browse and learn or to complete a transaction and leave.

Personalizing the web

Imagine a customer visiting your company’s site and being greeted by a personalized home page complete with a welcome back message, news items based on his or her interests, personalized marketing messages and information about products and services that will be most interesting to this customer, plus a link to this individuals’ private account information for commerce and support. Many companies offer variations of this today from portals like Google, Yahoo and Bing, to banks and health care companies.
This personalization is possible only if the individual has shared personal information to guide the content selection. Individuals will share accurate personal information only if they trust that the owner of the site will manage their privacy appropriately. This is the first aspect of personalizing privacy: proper privacy management is required to enable personalization.

Not all privacy is created equal

The second half is that not all privacy is created equal. The information shared changes depending on the individual or company and on the circumstances. The same person shares their information differently and the same information is shared differently depending the transaction. Some people willingly share their name, address and credit card number to complete a purchase online, but, would not give this same information to a stranger on the telephone. People share their medical history with their doctors but not with their investment broker or their boss. Companies share salary information with their managers, but only for the people they manage. Companies share their mutual purchase data but keep it secret from competitors.

The more a company is perceived as protecting privacy, the more trustworthy they appear and the stronger the relationship with their customers and employees. This trust is an invaluable competitive advantage: especially as the need for personalized functions on the internet becomes more and more imperative.

Privacy Management

So it all begins with effective privacy management that builds the trust necessary to receive the personal information that enables personalization.

Privacy —> Trust —> Personal Information —> Personalization

When I talk with people about the importance of privacy for business, I often get a blank stare, complaints about receiving too much SPAM or a series of questions.  Here are the three most common questions:

A. Why should businesses care about managing individuals’ privacy?
B. What does it mean to manage privacy?
C. Where should a business start?

This paper will explore some of our experiences and insights about the areas of privacy policies, practices and the supporting infrastructure.

A) Why should businesses care about managing individuals’ privacy?

  1. The most frequent reason I hear is that the government requires it.   They do this with rules like the “Health Insurance Portability and Accountability Act” (HIPAA -1996) for the health care industry and companies with group health plans, the “Children’s Online Privacy Protection Act “ (COPPA – 1998), the Gramm Leach Bliley Act – Title V (2000) or the “Safe Harbor Privacy Principles” (2000) that the U.S. Department of Commerce has negotiated with the European Union. Each of these actions stipulates how businesses need to manage individuals’ privacy in certain sectors or for certain types of transactions like employers interacting with health plan managers or companies transferring personal data from EU countries. So one reason businesses care about managing privacy is that their government requires it.
  2. A second reason to care is that customers and employees expect you to do it. The Internet has made it much easier to collect and redistribute personal information with and without the consumer’s knowledge. “Cookies” are a common internet technique to remember a web users’ navigation history and other information about web transactions. These text entries can be placed on a person’s computer without their knowledge while he or she browses the web.   So a second reason for businesses to manage individuals’ privacy is because their consumers and employees expect them to do it.
  3. A third reason is because good privacy practices build a competitive advantage by reinforcing trustworthy relationships with customers and employees. Research repeatedly shows that people will provide personal information more willingly if

–  they trust the organization that is collecting the information, and if
–  they see the value they will receive from providing the information.

Personalized Marketing Requires Knowledge

Personalized marketing communications require accurate knowledge of the target audience. More trustworthy businesses receive data more easily than those who are perceived as less trustworthy. This in turn yields a greater understanding of their customers at less cost. Imagine going to a web site that offers personalization to make the site more efficient for the user. Based on information provided by the user, these sites can include products, services and promotions that are interesting to the individual, while eliminating those that are not. These sites often offer e-mail alerts about interesting topics to leverage the power of the web with e-mail. This personalization is only possible if the user trusts the site owner and sees enough value in the offering to be willing to provide his or her personal interests and preferences.

Operating efficiencies can be gained by enabling more self-service applications. Access to the various portions of these applications are restricted based on personal information known about an individual: his or her need to know about the data for example. Employers can increase their efficiency and build trust with their employees by offering personalized systems that enable an individual to manage much of the information in his or her own employee records like emergency contacts, self-assessed skill levels, and mailing addresses, but not providing the ability to change salary data.

Internet transactions like e-commerce can continue to grow only as long as the parties to the transaction trust that the other participants will deliver what they say they will. This is true whether the transaction is between two individuals like online auctions, between businesses and consumers, like online retailers, or between two businesses like manufacturers and their dealers.

Consider your own experiences

To whom are you willing to provide personal information? With whom do you choose to do business? And with whom do you avoid doing business? So a third reason for effective privacy management is because it builds a competitive advantage by
building /component/option,com_jcalpro/Itemid,28/extmode,flyer/date,2392-11-01/”>cialis tadalafil 5mg more trustworthy and more personalized customer and employee relationships.

Companies should protect individuals’ privacy because:

1. It’s required by law
2. Customers and employees expect it
3. Good privacy practices build a competitive advantage

B) What does it mean to manage individuals’ privacy?

Now that we have discussed why managing privacy is important, let’s identify what it is. The privacy legislation and privacy guidelines from various organizations around the world differ in their details, and each is based on a similar set of privacy principles:

  1. Notice – clearly inform people what information you are collecting and how it will be used.
  2. Choice – offer people the choice to provide the information requested (e.g. name and address) or to receive the offer being made (e.g. newsletter, future promotional offers) by opting-in or opting-out. Generally accepted privacy principles are that the more restrictive “opt-in” should be required to allow the transfer of personal data to a third party or to use the data for purposes in addition to those for which it was originally collected.
  3. Onward Transfer Agreement – ensure that any organization with whom you share this information agrees to abide by the same privacy practices as the organization collecting the original information.
  4. Access – give people the ability to review the information you have about them and to correct or amend that information when it is incorrect.
  5. Security – take care to protect individuals’ data from inappropriate use, unauthorized access, disclosure, alteration or loss.
  6. Data Integrity – ensure that the information is complete, relevant and accurate and is being used for its intended purpose.
  7. Enforcement – make reasonable efforts to address consumers’ privacy concerns by referring their concern to an in-house resolution program or to an external resolution organization. Provide a mechanism within your company to ensure your privacy policies are followed. This often includes the appointment of a Chief Privacy Officer.

Also, to foster more trustworthy relationships a business should collect only the minimum information that is required to complete the transaction or to provide the service. For example, a person’s e-mail address in generally not required to complete a subscription request for a newspaper, so don’t ask for it.  Research tells us that consumers are more likely to provide inaccurate information when they do not see the value to be received by providing the requested information. As people develop more trust in their relationships they will be more willing to provide more detailed personal information in order to receive increasing value from the relationship. For example people will provide their personal interest areas if they expect to receive more targeted communications about offers of particular interest to them.

The seven privacy principles

1. Notice
2. Choice
3. Onward transfer agreement
4. Access
5. Security
6. Data Integrity
7. Enforcement

Not all information is created equal in the eyes of the consumer. A person’s e-mail address is often given more reluctantly than their personal interest areas because of the consumer’s concern for receiving irrelevant e-mail messages (a.k.a. SPAM). Here are some categories of personal information to illustrate the varying levels of information sensitivity:

  • Personally Identifiable Information: data that would enable a person to be located like name and address, telephone number, fax number, and social security number.
  • Personal Information: data that is specific to an individual and can be useful without the Personally Identifiable Information associated with it. Examples include ethnic origin, religion, sex, e-mail address, URL, date of birth, medical history, work history, government service history, account number(s), motor vehicle documents, facial photographs, financial information, and credit card number(s).
  • Personal Interest Areas: like favorite sports, interesting products, preferred services, magazines read, and newspapers received.
  • Personal Communication Preferences: preferred communication vehicles like postal mail or telephone; preferred communication frequency like monthly or when news happens; and level of content detail preferred like summary or detailed, technical or business.

Less is more

In the world of protecting individuals’ privacy, “less is more.”  The more a business can do with less personal information the more trustworthy will be their relationships. Or to put it another way, don’t collect a piece of information unless you are able to act on it. Also, saying, or implying, that a business will utilize the information provided to give more value and not doing so may be worse than not collecting the information in the first place.  I have seen several cases where people designing questionnaires collect all kinds of information without first determining how they will use that information will be used to provide value to the customer now or in the near future.