Being good is good business.

—Anita Roddick

Interestingly, for the first time since we all became aware of privacy as an issue, enterprises and customers share a common interest: protecting and securing the customer’s information. At least that’s true of customers who are thinking about the implications of their far-flung data and of enterprises that are building their value through strategies designed to build the value of the customer base.

In this chapter, we first look at some general privacy issues and how they are being addressed. We next examine the distinct issues raised by data held and exchanged online.

Every day, millions of people provide personally identifiable information about themselves to data collection experts. As a result, an average U.S. consumer is buffeted by thousands of marketing messages daily¹—far too many to hit any consumer’s consciousness. (Ask yourself this: How many do you remember from yesterday? All the others wasted their money trying to get a message across to you!) Consumers sometimes unknowingly divulge their personal data during commercial transactions, financial arrangements, and survey responses. And the Web has escalated the privacy debate to new heights. Never before has technology enabled companies to acquire information about customers so easily. Watchdog privacy advocates and government regulators are mobilizing against the threat to a consumer’s right to privacy.

Consider these points:

• Privacy policies of individual companies vary tremendously, as does compliance with these policies (largely self-generated and self-enforced).
• Privacy preferences vary tremendously among individuals and across nations and cultures.
• Hundreds of new privacy laws have been introduced worldwide in the past 10 years.
• Courts around the world are awarding significant damages to consumers and Internet users over claims of privacy violation.
• New technologies that support data collection, Internet monitoring, online surveillance, data mining, automatic mailing, personal searching, phishing, identity spoofing, and identity theft (now a billion-dollar industry)² are rolling out into the electronic marketplace every month.
• Personalized, customized products and services over the Internet—most of which require users to provide more personal information than they have ever given to companies before—are growing.³
• When deciding to download smartphone apps, 90 percent of app users report that knowing how their personal information will be used is “very” or “somewhat” important⁴—and many are shocked to discover how much personal data is sent to their smartphone manufacturers without their knowledge.⁵

And yet, in the twenty-first century, we realize that customer data are among the most valuable assets an enterprise can have, because the personal information about a particular customer that no other enterprise has is a unique asset that can provide an insurmountable competitive advantage in dealing with that single customer. For a customer-based enterprise to be successful in this century, it needs to protect that information—to hold it sacred. Privacy and personalization are inextricably interwoven. Customers who feel like they could lose control over their own information are not likely to become willing participants in a dialogue. Privacy should not be taken lightly by the customer-based enterprise.

For the enterprise interested in increasing its share of each customer’s business, there has to be a balance between getting enough information from customers to help them do business with the firm while respecting their right to lead a private life. The dilemma for the customer-centric firm is how to remain sensitive to privacy while improving the business to suit each customer’s individual needs. This is in stark contrast to a product-selling company, which likely views privacy simply as a roadblock on the road to profitability.

The privacy debate continues as the interactive and interconnected era matures. Despite the ongoing controversy over a person’s legal right to privacy, customers find it difficult to quantify the damage they incur when their privacy has been violated. It is difficult to place a monetary value on the abuse of personal information, unlike other crimes, such as a car theft. For that matter, what value is forfeited when someone’s credit card number is exposed to a third party who does not use it?

Our society subscribes to two antithetical beliefs simultaneously: that people should have the right to remain inconspicuous to others but that people also have the right to learn the identity of someone else when we need to. For instance, a consumer might want anonymity when shopping, especially online. But the same person might support a system that reveals the identity of computer hackers or those who plant e-viruses. To ponder further, our society requires the display of license plate numbers, for public revelation of each automobile owner. Should we also have “license plates” for Internet users so it would be easy to track them down when they commit an offense, such as identity theft or launching a virus maliciously?

Three events since the beginning of the century have shaped our opinion of privacy, at least in the Western world:

1. The terrorist attacks in the United States on September 11, 2001, called into question the wisdom of ironclad privacy protection and the anonymizing technologies available online.
2. The increased capabilities of social media and their surge in popularity, especially among younger consumers (see Chapter 8), have significantly increased the volume and detail of personal information many people make available online.
3. A spate of hacking incidents that have left customers’ private data open and vulnerable, such as Sony and Home Depot and spouse-cheater site Ashley Madison, which promised customers that sensitive data would be deleted, but it was eventually stolen and exposed.⁶ Hackers may want to steal, socially object, or look under the rug and show everybody what’s there.

In 2014, a Gallup poll showed that more Americans worry about being hacked than any other crime—more than being robbed or attacked by a terrorist.⁷ Supporting that worry is a belief uncovered by a Pew Research Center study: 76 percent of American adults say they are “not too confident” or “not at all confident” that records of their activity maintained by the online advertisers who place ads on the websites they visit will remain private and secure. Roughly two-thirds of respondents say the same thing about social media sites, search engine providers, and online video sites.⁸ And according to a Harvard Business Review survey, 97 percent of responders are concerned about governments and businesses misusing their data: “80 percent of Germans and 72 percent of Americans are reluctant to share information with businesses because they ‘just want to maintain [their] privacy.’”⁹

Ironically, although most Americans do seem to think privacy is fairly important, a lot of U.S. popular culture has been inspired by snooping: So-called reality television programs, such as Survivor, Keeping Up with the Kardashians, and Property Brothers, have enabled viewers to peer into the private lives of ordinary other people. It has become a cultural norm to be flies on the walls of a stranger’s personal conversations when his cell phone rings while riding a bus or a plane. Voyeurism seems to be more in vogue, so long as no one is snooping on me.

But the increasing popularity and use of social media has led to what might also be an epidemic of exhibitionism (discussed later in this chapter), at least among the younger generation. One of the authors pointed out to his then-teenage son that the son needed to be careful what he posted about himself online, since, in 20 years, when the son was 37, he may have his dirty laundry come back to haunt him if he gets interviewed for a job. The son said, “Dad, don’t you think the guy who interviews me then will have his own dirty laundry?” It’s possible that kids who were born after 2000 will simply not get the idea of privacy, since they will have been raised in a world of increasing transparency.¹⁰

Privacy concerns have long existed in traditional shopping methods, not just the Web. Walk into a supermarket or department store and the customer is often asked to hand over a loyalty card in exchange for a purchase coupon. But what if he buys something in a retail store and simply uses a standard bank credit card? In such a case, the store has very little way of tracing the information about that shopping transaction and may have difficulty linking it to a particular customer, unless the customer is having the merchandise delivered. (It should be noted that the credit card company will have a complete record of that transactional information, for that customer, store to store.) Some stores have found a way to gather information from nearly all in-store purchases, regardless of payment type. Its store personnel ask customers for permission to affix a bar code to the back of a customer’s own (say, non-Nordstrom) credit card, giving the store the capability to track its customers’ purchases made with other credit cards. Starbucks and other merchants that have mobile apps that enable payment from a device can link purchases to personal ID info. Stores are also using beacons/cameras to track customers; if a customer has given her personal information to an app, the store can link behavior/transactions to make a personal profile. Facial recognition technology is so advanced, it could become the de facto ID of the future, and debate has already begun about the privacy issues inherent in in-store cameras scanning faces and identifying customers.¹¹

Profiling of a customer’s personal data is standard protocol in the direct-mail industry and has been for nearly a century. Traditionally, this has meant that catalog retailers and credit card companies have collected names and addresses for their own use and have sold or rented those lists to other direct marketers. Phone a catalog merchant, and the buying process involves divulging an address and phone number. For that matter, call L.L. Bean or many other catalog companies, and the customer service representative might even be able to identify the customer before he states his name, thanks to the caller ID technology integrated into the company’s call center. Interactive voice response systems, when programmed with metadata detailing the kind of calls individual customers have made in the past, can ensure that the most valuable customers end up at the top of the queue not only to speak directly with a customer service representative, but with the most experienced.¹² NICE (http://www.nice.com) and other companies now offer voice recognition software that rapidly authenticates caller ID from any phone to save time and reduce fraud.

Remembering a customer and his logistical information makes it easier for him to order and also leads him to believe he is important to the enterprise. The Internet offers the greatest opportunity to date for gathering personal customer information, as long as a mutually valuable relationship between provider and consumer is honored. Over time, data collected about Web site visitors empower companies with a keen ability to identify their most valuable customers and deploy relevant marketing campaigns—as long as the information customers enter is true, that is.¹³ But, in general, customers themselves are recognizing the convenience of being known by the Web sites they visit: A 2006 Ponemon Institute survey found only 8 percent of people “very frequently” delete cookies (down from 14 percent in 2004), and 24 percent “never” delete them. Further clarifying that convenience is outweighing past privacy concerns, 63 percent said marketers should understand their interest before advertising to them, and 55 percent said that Web ads that suit their needs improve or greatly improve their online experience.¹⁴

However, even questionable security is a deal breaker for most customers. Sixty-three percent of respondents to a National Cyber Security Alliance and Symantec poll did not complete a Web site purchase due to security concerns—with the majority of those choosing not to purchase “simply not sure” about whether the site was secure. As important as convenience may be, more than 75 percent of respondents said they would be just as likely to make a purchase from a Web site if it required additional steps to verify their identity. According to a Forrester report, “About three-fifths of consumers actually look at privacy policies,” and “When a company’s privacy policy (including its mobile apps) seems confusing or leaky, many consumers will forego completing a transaction with that firm.”¹⁵ Clearly, customers want both maximum convenience and maximum (identity) security, creating a very precise tightrope for customer-centered businesses to walk.

Enterprises gather information about their customers and create loyalty programs to build lasting relationships. But with increasingly complex product choices, many sophisticated customers enjoy comparing and contrasting products to find the best price and most efficient service—and want both the information and the privacy to make a decision on their own terms, without being pressured too soon to make a purchase. The goal, therefore, is for the enterprise to find out as much information about a customer and use it for that customer to make the buying experience more valuable to that customer in various ways. Managing customer relationships in the interactive age requires enterprises to collect information about customers in a “virtuous cycle” in which they can deliver additional value to individual customers. Once the customer begins receiving personalized attention and customized products, he is motivated to divulge more information about himself.

For instance, another recent Forrester report concluded that many consumers believe sharing personal data through loyalty programs enhances their customer experience with that brand. Consumers surveyed found the following loyalty program benefits “important” or “very important”:

• Instant discounts—77 percent.
• Reward certificates—69 percent.
• Points, miles, or other loyalty currency—65 percent.
• Printable coupons—64 percent.
• Enhanced customer service—59 percent.
• Mobile coupons and/or rewards—54 percent.
• Ability to earn special status—54 percent.¹⁶

Although the preponderance of evidence shows that consumers do like the customized offerings and other advantages companies can give them by tracking their data, it is essential to guarantee that the customized benefits provided will not jeopardize their privacy. Customers must know that the company will use that data in a limited way for services agreed on in advance. Without such trust, customization is not a benefit. Once earned, trust in an enterprise enhances customer loyalty. But enterprises need to address customer concerns about privacy, to offer guarantees, and stick to them. Those enterprises that gain the customer’s trust first often will have the first-mover advantage. (We talk more about privacy pledges later in this chapter.) Most important, Dr. Dimitrios Tsivrikos found trust to be more powerful than rewards for consumers: “The extent to which individuals reported to trust an organization was four times more important than any other factor based on exchange rewards such as receiving specially tailored offers or free products.”¹⁷

Some believe that a customer might be more trusting of an enterprise and would provide the personal information that can foster a mutually beneficial relationship if the enterprise simply first asks the customer his permission to do so. The relationship in which a customer has agreed to receive personalized messages and customized products forms the basis of permission marketing, an idea from author Seth Godin, who points out that “The combined shortage of time and attention is unique in today’s Information Age. Consumers are now willing to pay handsomely to save time, while marketers are eager to pay bundles to get attention.” He compares interruption marketing, which is the kind we’re all used to, with permission marketing, which offers marketers a chance to talk only to the customers who volunteer to get their messages. Godin likens the two kinds of marketing to two ways of getting married:

The Interruption Marketer buys an extremely expensive suit. New shoes. Fashionable accessories. Then, working with the best database and marketing strategies, selects the demographically ideal singles bar.

Walking into the singles bar, the Interruption Marketer marches up to the nearest person and proposes marriage. If turned down, the Interruption Marketer repeats the process on every person in the bar.

If the Interruption Marketer comes up empty-handed after spending the entire evening proposing, it is obvious that the blame should be placed on the suit and the shoes. The tailor is fired. The strategy expert who picked the bar is fired. And the Interruption Marketer tries again at a different singles bar.

If this sounds familiar, it should. It’s the way most large marketers look at the world. They hire an agency. They build fancy ads. They “research” the ideal place to run the ads. They interrupt people and hope that one in a hundred will go ahead and buy something. Then, when they fail, they fire their agency!

The other way to get married is a lot more fun, a lot more rational, and a lot more successful. It’s called dating.

A Permission Marketer goes on a date. If it goes well, the two of them go on another date. And then another. Until, after 10 or 12 dates, both sides can really communicate with each other about their needs and desires. After 20 dates they meet each other’s families. Finally, after three or four months of dating, the Permission Marketer proposes marriage.

Permission Marketing is just like dating. It turns strangers into friends and friends into lifetime customers. Many of the rules of dating apply, and so do many of the benefits.¹⁸

Trust, as discussed in Chapter 3, is always critical. Customers are dubious of unfamiliar enterprises that have not been recommended to them. Some customers won’t buy anything online until they’ve seen other customers’ reviews and comments, even though those other customers are total strangers.

Although we talk about privacy as if it were a single topic, it is really an umbrella term, and if you ask customers what bothers them about privacy, you will get several answers.

• The most common is a concern about criminal activity—misuse of stolen credit card numbers, usurpation of identity. This concern nearly always comes back to the issue of data security.
• Distinct from the first point is a concern about others knowing things about them they would rather not have “out there” as common knowledge.
• Another issue is the idea that they would rather not be bothered if they don’t want to be: spam is driving them crazy (if it comes through their mobile device, they even have to pay for the minutes and the texts!), and marketing calls at dinner are a nuisance.

Meanwhile, if you ask enterprise executives what the term privacy means to them, and they’re honest with you, you may find that privacy is a risk of fines on each breached record and a potential minefield for public relations. To the lawyers, it may be about regulation compliance and litigation avoidance. But to those in the organization whose mission is to build the value of the customer base, privacy is what customers think it is, and it’s also:

• Getting information from customers who are comfortable giving it.
• Using the information to build mutual value with each customer.
• Protecting customer data as a valuable competitive asset (through data security, protective processes, and customer-focused culture).
• Communicating data protection to customers.

Relationships require trust, and privacy is one of its underpinnings.

Moreover, as each organization moves to globalize its operations, its leaders will need to be aware of and comply with the many legal requirements of the nations in which it serves customers, and they will need to respect the individual cultures of these countries. Enterprises will also need to protect the accuracy, transmission, and accessibility of their customer records. In the next few sections, we examine how enterprises protect the precious customer data they collect. We also peer into the many differences between privacy rules in the United States and Europe.

Privacy in Europe Is a Different World

The privacy debate in Europe is just as fierce as in the United States, although the rules about privacy are starkly different in Europe. In the United States, an individual’s habits and behavior may be examined by an employer, a retail merchant, and by companies on the Web. This information is then used to target the customer for marketing purposes or is resold to other companies. By contrast, in most European countries, it is illegal to monitor an individual under any of these circumstances and use the information to target the customer. The ground rules for privacy for members of the European Union (EU) are laid down in the European Union Data Protection Directive, originally adopted in 1995, which applies to electronic and paper filing systems, including financial services. (The EU’s new General Data Protection Regulation was proposed in 2012, due to take full effect in 2017.)¹⁹ The directive required EU member states to amend national legislation to guarantee individuals certain rights to protect their privacy and to control the contents of electronic databases that contain personal information. The data covered by the directive are information about an individual that somehow identifies the individual by name or otherwise. Each European nation’s government implements the directive in its own way.

Under the directive, information about consumers must be collected for specific, legitimate purposes and stored in individually identifiable form. Those collecting the data must tell the consumer who ultimately will have access to the information. The rules are stricter for companies that want to use data in direct marketing or to transfer the data for other companies to use in direct marketing. The consumer must be explicitly informed of these plans and given the chance to object. U.S. and European principles on privacy share a key similarity. The Data Protection Directive and U.S. privacy laws attempt to protect human rights. However, both do little to check the growth of government databases or information-collection powers.²⁰

Europeans do not allow the sharing of personal information between enterprises; this area is not yet regulated by the U.S. government.²¹ In contrast to the United States, where more of a free-market approach is taken to many things, including customer privacy protection, the European Privacy Directive prohibits enterprises from transferring electronic records of personal information— including names, addresses, and personal profiles—across borders. It is at least partly intended to reduce trade barriers within the EU by standardizing how various companies treat individual information in different countries. If European nations must follow the same standards about privacy protection, then trade between nations can occur more freely. Personal data on EU citizens may be transferred only to countries outside the 15-nation bloc that are deemed to provide “adequate protection” for the data. But the rising use of social networking sites worldwide is putting the European Privacy Directive to the test. A strict reading implies those who “tag” their friends in Facebook, upload videos to YouTube, or post other personal material to social networking sites without consent are breaking the law.

According to J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals, one of the biggest data privacy challenges is that the industry is not only new but constantly changing. “We don’t know all the rules of the road. This is not a mature space. The technologies that drive privacy issues today are emerging technologies. It seems like every six months—every quarter, even—we see a new technology that forces us to think about how we use data in a completely new way.”²²

Privacy Pledges Build Enterprise Trust

If the enterprise is to establish a long-term relationship with a customer based on individual information, it will recognize that customer data are its most valuable asset, will secure and protect those data, and will share the policy for that protection in writing with its customers, partners, and vendors in the form of a privacy pledge. That pledge will permeate its own culture and be part of its employees’ DNA. The privacy pledge will spell out:

• The kind of information generally needed from customers.
• Any benefits customers will enjoy from the enterprise’s use of this individual information.
• Any events that might precipitate a notification to the customer by the enterprise.
• An individual’s options for directing the enterprise not to use or disclose certain kinds of information.
• Specific steps to secure and protect customer information.

Enterprises sometimes jeopardize their relationships with customers by engaging in unethical moves that compromise customer privacy for short-term marketing gain. That’s why enforcing a privacy policy is reassuring to many customers. Fortunately, according to a survey done by the Retail Industry Leaders Association and Retail Systems Research, 72 percent of top retailers understand that customers are concerned about privacy and that their personal information must be protected.²⁷ But being careful with customer data is not enough for the enterprise. Such a company must also get agreements in writing with all its vendors and partners that confirm they too will comply with enterprise privacy standards. A Midwestern bank committed to protecting its customers’ information learned that a printing company that produced checks for the bank’s customers had been copying the names and addresses of customers, routinely printed in the upper left corner of the checks, and reselling that information to list brokers. These list sellers in turn were selling the information to insurance agencies, garden supply companies, competitive financial services institutions, and others.

As the privacy debate rages, customers are, more and more, aware of whether they are given a chance either to opt in (proactively elect to receive future communications from the enterprise) or opt out (tacitly choose to receive them by inaction, unless they actively opt out). Consumer groups tend to favor opt-in as a better protection for consumers, whereas industry groups point to very low participation levels and, ironically, fewer targeted messaging efforts, and therefore tend to favor opt-out. Frequently, however, this opt-in or opt-out choice is an all-or-nothing toggle switch. To treat customers in a more one-to-one fashion, best practice today is to offer choices to the customer, with respect not just to the types of information he may choose to receive but also as to the frequency with which he is contacted with this information.

What greater assets do any company, online or off, have to dangle in front of other companies than the private data of thousands, or even millions, of customers? Do the rules change when a company is bought out or goes bankrupt? What happens to a company’s privacy pledge when there no longer is a company? And what guarantee is there that the new owner of your data will honor the same privacy standards as the former owner?

There is a simple, universal solution: The global business community needs to prevent such abuses, and preferably without government intervention. In this Age of Transparency, technologies are cropping up to help the process. Software enables online users to control how sites collect, control, use, and share their personal information. With privacy pledges under scrutiny, more enterprises are adopting and publicizing them. Nonetheless, many enterprises still do not state their policies, and others never share user data with third parties.

What constitutes a good privacy protection policy? For starters, it should explain to customers what kinds of information the company needs from them, how the information will be used, and how it will not be used. It should also explain the benefits a customer would gain by sharing personal information. Enterprises need to promote their privacy policies beyond the Web site, mobile apps, and corporate promotional collateral, including it in direct-mail pieces, invoices, and other company mailings. A privacy policy will reinforce the foundation on which each customer relationship is built. Trust is an essential part of any Learning Relationship, and a privacy policy helps build that trust.

Building a trusted relationship goes far beyond simply writing a privacy policy and posting it on the Web site. Unless the enterprise is careful as to how it uses sensitive customer information, the opportunity for forming Learning Relationships may disappear. It is important to recognize, however, that some individuals do not want companies to know which Web sites they visit or anything about their personal information. In the headlong rush of enterprises to use the latest databases, data-mining techniques, neural nets, and Internet-based information collection systems, some have neglected or overlooked this important issue. Moreover, a customer’s willingness to collaborate with an enterprise by interacting with the firm could be one important measure of the customer’s value to the enterprise.

It is important to explain the motives for wanting to create a relationship with a customer. Enterprises need to describe to customers how they will benefit by exchanging personal information with them. Once customers have read the privacy pledge and understand that their personal information will not be sold or shared irresponsibly, they simply want to know how providing their personal data will affect customer service. Beyond the security or convenience of the actual transaction, what assurance does a customer have that his personal information will not be misused or abused? After all, most customers have experienced the irritation of “getting on a list” and, as a consequence, received unsolicited direct mail and outbound telemarketing calls. Ironically, if a customer does not provide information to an enterprise about what he likes to buy, the likelihood is that he will receive more junk spam or direct-mail pieces that promote products and services of little interest to him and his needs. Clearly, this question has yet to be definitively resolved.²⁸

These and many other privacy-related questions may never be fully settled. But the customer-based enterprise has to monitor changing privacy issues closely. Intensifying the privacy debate is the way customer information is being collected and used on the Internet. The Web has created a powerful medium to collect and analyze customer data. But how can enterprises afford customers the same privacy protection online as they do in the “real world”? And how sensitive are customers to divulging personal information on the Web?

The bottom line is that the information that technology provides about your customers, and the increasingly cost-efficient tools you have to interact directly with customers and to facilitate them interacting with each other, should be used to build more trust. It really won’t matter what your formal privacy protection policy is, or how well you comply with whatever antispam regulations are enforced, if you don’t see the problem through the right end of the telescope—that is, from the customer’s perspective. Fail to take this point of view and you are still going to be undermining your customers’ trust.²⁹

Submitting Data Online

For many consumers who buy online, the protection of their personal information is a valid concern. To the selling enterprise, however, information is like currency—it enables them to identify customers and customize their offerings based on that information.

By personalizing their products and services for online customers, enterprises stand to enhance their revenue—but only if they disclose how customers’ data will be used.³⁰ Still, online users believe that Web sites should be accountable for explaining to them how their information will be used, as more and more consumers feel out of control regarding their personal information.³¹ According to a Pew Internet & American Life survey on cloud computing:

• Ninety percent of users would be “very concerned” if the company storing their data sold it to another company.
• Eighty percent would be “very concerned” if companies used their data for marketing purposes.
• Sixty-eight percent would be “very concerned” if service providers analyzed their information and then displayed ads to them based on their actions.³²

According to an Ernst and Young study, 70 percent of consumers say they are “never happy” for companies to share their personal data with third parties.³³

Furthermore, customers are concerned enough that they believe the government should do more to protect their data; only 34 percent believe the government should not get more involved.³⁴ Web site personalization requires consumers to submit information about themselves, such as their names, zip codes, interests, and even credit card numbers. Consumers personalize the online sites they visit to enhance their online experiences, but many do not want to have their information shared among Web sites without their knowledge.

Beginning with TRUSTe in 1997 it has become important for eCommerce websites to include a trust seal that certifies by a third party that the data a customer submits to the site are secured and protected, and thus sensitive information such as credit card numbers and social security numbers is safe. The most trusted seals are Norton, McAfee, TRUSTe, and BBA Accredited. Although customers may not keep up with the newest and best Web trust seals, we check for the reassurance that a reliable third party is watching before we enter our personal data on any Web site.³⁵

Personalization online helps customers to access the specific content and products they are looking for while giving the enterprise access to their browsing habits. For many enterprises, the objective of personalization on the Web is to increase customer loyalty through return visits. Privacy advocates claim that the instances of abuse of consumer data are a sign of how Internet marketers are overstepping their boundaries. The marketers, in turn, argue that data gathering is merely a nonthreatening way of fine-tuning marketing for the convenience of consumers. A firm will have to accomplish two things to break down the mistrust barrier between the customer and the online merchant:

1. Offer assurances of confidentiality. Customers want to know whether their personal data will be sold or used beyond simply information gathering.
2. Build Learning Relationships based on trust. Enterprises will need to develop individual, personalized relationships with their customers to promote trust and enhance loyalty.

As privacy protection advocates in Australia, the United States, and Europe continue to fuel the debate that it is wrong for companies to abuse personal information about their customers on the Web, enterprises will need to take a balanced view, not second-guess what their customers “really” want. The customer-strategy enterprise will strive to protect an individual’s privacy online but also weigh the real benefits of personalization against its real costs.

The truth is, we leave our electronic fingerprints in the ether because it saves us time, because we like sharing photos and stories with others, and because it would be nearly impossible to function in modern society any other way. Web sites know who you are because whenever you log in, you tell them, and because they leave cookies, and because they have your IP address. What companies need to know is that customers would rather do business with a company they trust to handle this information fairly and safely.³⁶

So much changed about the U.S. national attitude toward privacy on September 11, 2001. With the terrorist attacks on New York and Washington, D.C., U.S. national security was threatened as it had never been before. But on a more personal level, citizens felt that their individual safety was in jeopardy. The threat of additional terrorist attacks led to a heightened state of security at many public places, including airports, sporting events, and bridges and tunnels.

In the immediate aftermath of September 11, the civil rights of private citizens became a public issue. How much could the government encroach on a person’s right to privacy in the shadow of terrorism? How much was okay if it made us all safer? What if it only made us feel safer? (Have you ever heard airport security referred to as “security theatre”?) Could the government begin to check the backgrounds and personal information of anyone it deemed to be a suspicious terrorist? There’s no easy, immediate answer to what is always a best practice in privacy. The capabilities to get and share data about individuals become cheaper and easier daily. Smart cards can carry not only your retinal scan and fingerprints with you everywhere but your entire medical record.³⁷ And Intellicheck already enables bars to swipe your driver’s license to ascertain your legal age (and then, in many states, to also suddenly “know” your Social Security number, gender, weight, address, etc.).

The real commercial questions are these:

• What do we need to “know” to serve a customer better and make him more valuable to us?
• What information do we really need to “know” that?
• Once we get that information, how do we balance distribution at the front lines with the need to protect a customer’s privacy?
• What are the limits in how we will share or distribute data?
• How will we protect and secure the data?
• How do we build privacy and trust into our profitability strategies?

Summary

The fluid collaboration between enterprise and customer is ceaseless throughout the life of the relationship. But for the relationship to flourish, customers sometimes will have to reveal personal information about themselves to the enterprise. The enterprise, in turn, will have to promise to keep this private information private. Indeed, privacy—the customer’s right to it, and the enterprise’s protection of it—has become an important, and controversial, subject of the Information Age.

Food for Thought

1. Who owns a customer’s information?
   • Who should profit from it?
   • How would that work?
2. Is anonymity the best solution to privacy?
3. What is the difference between privacy and data security, and how should that difference affect the way we use customer data?
4. Compare the situation of Big Business versus Big Brother having detailed information about you.

Glossary

Age of Transparency

The era of human history characterized by increasing levels of transparency in all human affairs, as a result of the pervasive interconnectedness of people, using social media and other ubiquitously available communications technology.

Benefits

Advantages that customers get from using the product. Not to be confused with needs, as different customers will get different advantages from the same product.

Cookie

A small text file stored on your local hard drive that contains information that a particular Web site wants to have available during your current session (like your shopping cart), or from one session to the next. Cookies give sites persistent information for tracking and personalization.

Customer service

Customer service involves helping a customer gain the full use and advantage of whatever product or service was bought. When something goes wrong with a product, or when a customer has some kind of problem with it, the process of helping the customer overcome this problem is often referred to as customer care.

Customer service representative (CSR)

A person who answers or makes calls in a call center (also called a customer interaction center or contact center, since it may include online chat or other interaction methods).

Customer-strategy enterprise

An organization that builds its business model around increasing the value of the customer base. This term applies to companies that may be product oriented, operations focused, or customer intimate.

Customization

Most often, customization and mass customization refer to the modularized building of an offering to a customer based on that customer’s individual feedback, thus serving as the basis of a Learning Relationship. Note the distinction from personalization, which generally simply means putting someone’s name on the product.

European Union Data Protection Directive

Requires EU member states to amend national legislation to guarantee individuals certain rights to protect their privacy and to control the contents of electronic databases that contain personal information. Information about consumers must be collected for specific, legitimate purposes and stored in individually identifiable form. Those collecting the data must tell the consumer, who will ultimately have access to the information, and companies wanting to use data in direct marketing must explicitly inform consumers of these plans and give them a chance to object.

Identify

Recognize and remember each customer regardless of the channel by or geographic area in which the customer leaves information about himself. Be able to link information about each customer to generate a complete picture of each customer.

Information Age

“A period in human history characterized by the shift from traditional industry that the Industrial Revolution brought through industrialization, to an economy based on information computerization.” [Wikipedia]

Interactive voice response

Now a feature at most call centers, IVR software provides instructions for callers to “push ‘1’ to check your current balance, push ‘2’ to transfer funds,” and so forth.

Most valuable customers (MVCs)

Customers with high actual values but not a lot of unrealized growth potential. These are the customers who do the most business, yield the highest margins, are most willing to collaborate, and tend to be the most loyal.

Needs

What a customer needs from an enterprise is, by our definition, synonymous with what she wants, prefers, or would like. In this sense, we do not distinguish a customer’s needs from her wants. For that matter, we do not distinguish needs from preferences, wishes, desires, or whims. Each of these terms might imply some nuance of need—perhaps the intensity of the need or the permanence of it—but in each case we are still talking, generically, about the customer’s needs.

Opt in

When customers proactively elect to receive future communications from an enterprise.

Opt out

When customers proactively elect not to receive future communications from an enterprise.

Personalization

Refers to a superficial ability to put a customer’s name on something—to insert a name into a message, for example, or to monogram a set of sheets. Note the distinction from customization, which means creating an adapted product or service or communication based on the customer’s individual feedback.

Privacy policy

A written document detailing how a company will share (or not share) data collected from its customers. Ideally, it should explain to customers, in simple language, what kinds of information the company needs from them, how the information will be used, how it will not be used, and the benefits a customer would gain by sharing personal information.

Social media

Interactive services and Web sites that allow users to create their own content and share their own views for others to consume. Blogs and microblogs (e.g., Twitter) are a form of social media, because users “publish” their opinions or views for everyone. Facebook, LinkedIn, and MySpace are examples of social media that facilitate making contact, interacting with, and following others. YouTube and Flickr are examples of social media that allow users to share creative work with others. Even Wikipedia represents a form of social media, as users collaborate interactively to publish more accurate encyclopedia entries.

Trust seal

A certification by a third party that the data a customer submits to the Web site is secured and protected, and thus sensitive information such as credit card numbers and social security numbers are safe. Examples include Norton, McAfee, TRUSTe, and BBA Accredited.