|
By Donna Loyle
The rise of targeted marketing principles and the implementation of efficient data-collection and -sharing practices has been one of the driving forces of the American economy for the last several decades. Of that, no one is in dispute—not even government officials.
But the migration from mass marketing to direct marketing also has a down side. Some consumers, tired of having targeted offers thrust at them from all angles, are experiencing marketing fatigue. And they're starting to say: "Enough already!"
Add to the mix the alarming rise in identity theft, computer-clogging spam and telemarketing, and you have a scenario in which consumers are prone to demand legislative action—which is exactly what is happening today. And with politicians eager to show constituents that they feel their pain and are taking decisive action, passing stringent privacy laws that restrict direct marketing practices is a political no-brainer.
The problem, however, is that emotionally charged scenarios such as those engendered in the current-day privacy debates often lead to ineffective legislation. For example, some of the do-not-spam laws currently being bandied about in Congress very well may lead to a silencing of legitimate marketers, while illicit marketers will continue their scams and law evasion.
So where does this disturbing turn of events leave legitimate direct marketers? Even more broadly, where does it leave the whole concept of targeted marketing? Indeed, will the "privacy bubble" grow so large it chokes direct marketers' ability to devise well-targeted offers and deliver them effectively and efficiently? Can privacy and direct marketing co-exist?
Target Marketing asked several privacy and marketing experts for their thoughts on what direct marketers should be doing differently now and what they should absolutely not be doing anymore.
Focus on Trust
"It's all about the long-term relationships with customers," says Jim Koenig, co-head of privacy strategy and compliance practice for PriceWaterhouseCoopers and general counsel of the International Association of Privacy Professionals (IAPP). "Frankly, it's always been about the long-term relationship with customers," he notes. "Privacy [invasion] is what we call it when it's done wrong—when we misuse a customer's trust. The skill and the competitive advantage now is on how marketing and privacy are balanced to give customers the trust and value they want."
You can demonstrate your trustworthiness to today's privacy-sensitive consumers in the following ways.
> Don't ask customers and prospects for more personally identifiable information (PII) than you actually need to serve them well.
Michael Turner, Ph.D., president of the Information Policy Institute, a Washington, D.C.-based think tank, says: "Companies should know what data they're collecting and exactly why they're collecting it. When I go into a Radio Shack to buy a package of batteries, and the sales clerk asks me for my name and address, I find that invasive."
> Do make your data-collection and -sharing practices transparent.
Customers want to know how you will use their PII and their stated privacy preferences, says Al DiGuido, CEO of Bigfoot Interactive, a permission-based, e-mail marketing services provider. "If you're asking for their information so you can craft specific offers, devise content just for them or time your messages to them, by all means, tell them that," says DiGuido.
Similarly, if customers understand how their data is shared, with whom and when, you can build trust between yourself and your customer base. "If you send surveys and you tell recipients exactly how you'll use the information they provide, what PII you will and won't share, how you'll safeguard participants' information so it won't be unnecessarily revealed—that is, if you give full disclosure—customers will feel more comfortable sharing that information with you," says DiGuido.
> Do strictly adhere to customers' stated privacy preferences.
Gary Laden, director of the privacy program at BBB Online (a program of the Better Business Bureau) and former attorney with the Federal Trade Commission (FTC), says that once you've identified your customers' choices in regard to data-sharing and privacy, you must respect them. "If they don't want their data shared, don't share it. Period," he notes. "If they say: 'Take me off your calling list,' do it fast."
> Do make clear to your customers that data-sharing often is for their direct benefit.
Part of your trust-building efforts should be focused on educating consumers about how industry-standard data-collection and -sharing practices help them directly. At a recent one-day workshop sponsored by the FTC, marketers discussed how easy and responsible access to customers' credit reports and PII has enabled those customers to get, for example, car loans in 10 minutes and mortgages approved in less than 24 hours.
By the end of the workshop's testimonies, FTC officials acknowledged that data-sharing has been a crucial driver of the American economic engine. But they cautioned marketers that their customers may not truly understand that fact. Therefore, it's incumbent on today's marketers to convey such information to their customers. Otherwise, consumers will continue sharing their narrowly focused privacy grievances with legislators.
"The broad issue of privacy is really a balance of economics, service and personal privacy," says Win Billingsley, a privacy consultant and former chief privacy officer at Naviant. "If we had absolute privacy in this country, it would be extremely difficult to get business done, and our gross domestic product probably would fall by several points because of it. We need a compromise, and consumers need to be educated about that."
Your Privacy Strategy
> Do devise privacy policies, principles and practices.
Billingsley advises his client companies to develop a set of corporate-wide privacy policies and then integrate those policies with the company's normal business practices. In this way, any new or existing customer-facing policy or practice must pass your company's privacy principles.
"It's amazing how many companies don't pay attention to this," says Billingsley. "For example, when I ask companies if they adhere to the FTC's fair-information principles, I usually get no response. I'll ask: 'What are you doing to provide customers with notice of your privacy practices?' I get blank stares. For these and other reasons, I think direct marketing is in trouble."
> Do assign someone to coordinate your company's privacy-related tasks.
It may be best to give the job of ensuring your company's compliance with all federal and state privacy regulations, and adherence to your own set of best practices, to a professional.
Chief privacy officers (CPOs) generally are lawyers specially trained in this regulatory arena. But you don't have to put an attorney on staff to get the same level of expertise. If you employ outside counsel, ask if the firm has someone trained in this area. Or hire a privacy consultant to do the job. Billingsley, for example, is the CPO for 12 companies. (The International Association of Privacy Professionals, www.iapp.org, may be able to help you find a consultant right for you.)
However you assign the job, in-house or outsourced, that person should have ready access to your company's senior-level executives, because the advice he or she will offer (e.g., changing a data-collection practice so you comply with an impending state law) may require the cooperation of your company's key decision makers. Indeed, your CPO's voice needs to be clearly heard in your company's executive suite.
> Do coordinate your privacy strategy across your enterprise.
Once you've devised your privacy policy and practices, set up a training program so all current and new employees have access to them and understand them. (This is where your CPO can be especially helpful.) For example, train your call center reps and retail clerks to be extremely cautious in sharing customers' data. And get your database managers and account managers in the loop.
> Do safeguard your customers' data.
Involve your information technology department in the training program—a lesson Guess.com learned the hard way. Last year, a computer programmer visited the site to buy jeans. But before entering his order, he wanted to see how secure the company's e-commerce operations were. He keyed a code that's well-known in the programming community into the site's address bar, and up popped about 200,000 of Guess.com's customer names and credit card numbers. It's called a Structured Query Language (or SQL) injection attack, and your IT personnel should secure your servers appropriately to protect against it.
In June, Guess.com settled with the FTC for an undisclosed sum on charges that it misled consumers by stating in its privacy policy that it protected consumer data when, in fact, it didn't.
> Don't rush to employ all marketing efficiency methods.
Turner of the Information Policy Institute argues that some direct marketing practices, such as predictive dialers employed by the telemarketing industry, may have reduced costs for the marketer, but have brought consumers' wrath down on the industry as a whole. "Such practices create a lot of bad press, too, so marketers are doing themselves a grave disservice by employing these efficient marketing methods," he notes.
Clean Up Your E-mail Marketing Practices
Many in the direct marketing and privacy arenas believe that do-not-spam laws, similar to the recently formulated do-not-call regulations, may soon be passed. At the center of this particular debate is the alarmingly high number of poorly targeted and outright fraudulent commercial e-mails flooding personal and corporate e-mail inboxes.
Why is this important to the direct marketing industry as a whole? According to Regina (Reggie) Brady, president of Reggie Brady Marketing Solutions, and a member of the Direct Marketing Association's (DMA) Ethics Policy Committee, many DMA members are worried that spam issues will spill over into direct mail, turning customers and prospects permanently away from the most targeted marketing messages and offers.
"This may actually happen," says Brady, "that is, if we don't regain consumers' trust in direct marketing as a medium."
If you currently send any sort of e-mail campaigns, the following suggestions are for you:
> Do take a stand on opt-out or opt-in.
Decide whether consumers must opt out to stop receiving e-mail from you or if consumers must opt in to receive e-mail from you. Then, Brady advises, let your e-mail marketing practices mirror your convictions.
> Don't batch and blast.
No one in their right mind would call broad and blind solicitations effective targeted marketing. And yet, that's exactly what many e-mail marketers currently are doing.
"They're not offering contextually relevant offers," says DiGuido. "The direct mail blast format, in which you send tons of mail pieces and hope that some hit the right customer at the right time—well, there are a lot of 'what-ifs' in that scenario. And when marketers come over to the e-mail space and try that same practice of batch and blast, that's just not leveraging the power of e-mail communications."
Moreover, the definition of spam still has not been nailed down. "It recently has started to include irrelevant messages, even for opt-in names!" says DiGuido. "That represents a real challenge for today's marketers. … Batch and blast makes irrelevant offers to people, who then get angry and call it 'spam.'"
> Do make it extremely simple to get off your e-mail list.
Brady says that while most credible marketers offer a way to unsubscribe, it may not be easy enough for today's angry consumers.
"We make them go to an 'unsubscribe' site on a Web page, or open another e-mail message, type in 'unsubscribe' and figure out to whom it should be routed. That's too much work. People should be able to click on an unsubscribe link, and they're automatically taken off your e-mail list. The process should be much, much simpler," Brady suggests.
> Do verify how the e-mail names you're renting have been gathered.
Billingsley suggests you grill your list brokers on the source of e-mails in the lists you're renting. "Ask if the addresses were collected properly or by Web crawlers. Is this a true opt-in list? Can they prove it?" says Billingsley.
"Companies with integrity and the scammers are all screaming [their] messages together, and consumers can't tell the difference between them."
Get Involved
> Do talk with your state and federal legislators.
Tell them about your privacy practices. Show that you comply with all applicable state and federal laws.
"Marketers are strangely silent about this issue," says Billingsley. "Their silence seems to be implying that someone else must tackle this problem for them, or perhaps they're afraid to shed too much light on their own privacy practices. … Marketers in general aren't nearly as proactive about these issues as they ought to be. And it's frustrating for legislators when marketers show a lack of interest in a topic that is this important to their industry."
> Do participate in policing illicit marketers.
Brady points out that the DMA has a special program in which members can report deceptive marketing practices. If the DMA agrees, and the marketer doesn't change its performance, it can be expelled from the association. Sounds like a terrific plan, doesn't it? But, Brady says, the DMA actually has trouble finding cases.
"As an industry, we have to start taking more responsibility for that industry," Brady argues. "If we see someone doing something illicit or illegal, we have to report them [to the DMA or the FTC]. We have to start policing our own industry, or the legislators will continue to do it for us."
> Do stay informed about proposed and current laws.
The FTC and other agencies that police the hundreds of state and federal privacy laws have taken a new, muscular stance on these consumer-protection issues. And indeed, direct marketers are being fined for privacy breaches. For example, earlier this year, Hershey's Direct and Mrs. Fields cookies were fined $85,000 and $100,000 respectively for failure to comply with the Children's Online Privacy Protection Act.
A CPO or privacy consultant can help you determine to which laws you must comply and how to adhere to the spirit of those laws.
> Don't remain too comfortable in your current marketing practices.
Legislators and consumers are expecting more from you in this privacy era. "The winners in this new game will be those who can establish trust and permission, and do these with some best practices in mind," says Brady. "Otherwise, the threat of even more legislation will be in our future."
Turner agrees, adding that today's direct marketers must practice a bit of self-restraint for the good of the entire field. "The direct marketing industry has a knack for shooting itself in the foot," he says. "And until direct marketers clean up their acts and undertake some effective collective action, I don't see a reversal of the legislative trend on privacy. The industry really needs to come together on this one."
The rise of targeted marketing principles and the implementation of efficient data-collection and -sharing practices has been one of the driving forces of the American economy for the last several decades. Of that, no one is in dispute—not even government officials.
But the migration from mass marketing to direct marketing also has a down side. Some consumers, tired of having targeted offers thrust at them from all angles, are experiencing marketing fatigue. And they're starting to say: "Enough already!"
Add to the mix the alarming rise in identity theft, computer-clogging spam and telemarketing, and you have a scenario in which consumers are prone to demand legislative action—which is exactly what is happening today. And with politicians eager to show constituents that they feel their pain and are taking decisive action, passing stringent privacy laws that restrict direct marketing practices is a political no-brainer.
The problem, however, is that emotionally charged scenarios such as those engendered in the current-day privacy debates often lead to ineffective legislation. For example, some of the do-not-spam laws currently being bandied about in Congress very well may lead to a silencing of legitimate marketers, while illicit marketers will continue their scams and law evasion.
So where does this disturbing turn of events leave legitimate direct marketers? Even more broadly, where does it leave the whole concept of targeted marketing? Indeed, will the "privacy bubble" grow so large it chokes direct marketers' ability to devise well-targeted offers and deliver them effectively and efficiently? Can privacy and direct marketing co-exist?
Target Marketing asked several privacy and marketing experts for their thoughts on what direct marketers should be doing differently now and what they should absolutely not be doing anymore.
Focus on Trust
"It's all about the long-term relationships with customers," says Jim Koenig, co-head of privacy strategy and compliance practice for PriceWaterhouseCoopers and general counsel of the International Association of Privacy Professionals (IAPP). "Frankly, it's always been about the long-term relationship with customers," he notes. "Privacy [invasion] is what we call it when it's done wrong—when we misuse a customer's trust. The skill and the competitive advantage now is on how marketing and privacy are balanced to give customers the trust and value they want."
You can demonstrate your trustworthiness to today's privacy-sensitive consumers in the following ways.
> Don't ask customers and prospects for more personally identifiable information (PII) than you actually need to serve them well.
Michael Turner, Ph.D., president of the Information Policy Institute, a Washington, D.C.-based think tank, says: "Companies should know what data they're collecting and exactly why they're collecting it. When I go into a Radio Shack to buy a package of batteries, and the sales clerk asks me for my name and address, I find that invasive."
> Do make your data-collection and -sharing practices transparent.
Customers want to know how you will use their PII and their stated privacy preferences, says Al DiGuido, CEO of Bigfoot Interactive, a permission-based, e-mail marketing services provider. "If you're asking for their information so you can craft specific offers, devise content just for them or time your messages to them, by all means, tell them that," says DiGuido.
Similarly, if customers understand how their data is shared, with whom and when, you can build trust between yourself and your customer base. "If you send surveys and you tell recipients exactly how you'll use the information they provide, what PII you will and won't share, how you'll safeguard participants' information so it won't be unnecessarily revealed—that is, if you give full disclosure—customers will feel more comfortable sharing that information with you," says DiGuido.
> Do strictly adhere to customers' stated privacy preferences.
Gary Laden, director of the privacy program at BBB Online (a program of the Better Business Bureau) and former attorney with the Federal Trade Commission (FTC), says that once you've identified your customers' choices in regard to data-sharing and privacy, you must respect them. "If they don't want their data shared, don't share it. Period," he notes. "If they say: 'Take me off your calling list,' do it fast."
> Do make clear to your customers that data-sharing often is for their direct benefit.
Part of your trust-building efforts should be focused on educating consumers about how industry-standard data-collection and -sharing practices help them directly. At a recent one-day workshop sponsored by the FTC, marketers discussed how easy and responsible access to customers' credit reports and PII has enabled those customers to get, for example, car loans in 10 minutes and mortgages approved in less than 24 hours.
By the end of the workshop's testimonies, FTC officials acknowledged that data-sharing has been a crucial driver of the American economic engine. But they cautioned marketers that their customers may not truly understand that fact. Therefore, it's incumbent on today's marketers to convey such information to their customers. Otherwise, consumers will continue sharing their narrowly focused privacy grievances with legislators.
"The broad issue of privacy is really a balance of economics, service and personal privacy," says Win Billingsley, a privacy consultant and former chief privacy officer at Naviant. "If we had absolute privacy in this country, it would be extremely difficult to get business done, and our gross domestic product probably would fall by several points because of it. We need a compromise, and consumers need to be educated about that."
Your Privacy Strategy
> Do devise privacy policies, principles and practices.
Billingsley advises his client companies to develop a set of corporate-wide privacy policies and then integrate those policies with the company's normal business practices. In this way, any new or existing customer-facing policy or practice must pass your company's privacy principles.
"It's amazing how many companies don't pay attention to this," says Billingsley. "For example, when I ask companies if they adhere to the FTC's fair-information principles, I usually get no response. I'll ask: 'What are you doing to provide customers with notice of your privacy practices?' I get blank stares. For these and other reasons, I think direct marketing is in trouble."
> Do assign someone to coordinate your company's privacy-related tasks.
It may be best to give the job of ensuring your company's compliance with all federal and state privacy regulations, and adherence to your own set of best practices, to a professional.
Chief privacy officers (CPOs) generally are lawyers specially trained in this regulatory arena. But you don't have to put an attorney on staff to get the same level of expertise. If you employ outside counsel, ask if the firm has someone trained in this area. Or hire a privacy consultant to do the job. Billingsley, for example, is the CPO for 12 companies. (The International Association of Privacy Professionals, www.iapp.org, may be able to help you find a consultant right for you.)
However you assign the job, in-house or outsourced, that person should have ready access to your company's senior-level executives, because the advice he or she will offer (e.g., changing a data-collection practice so you comply with an impending state law) may require the cooperation of your company's key decision makers. Indeed, your CPO's voice needs to be clearly heard in your company's executive suite.
> Do coordinate your privacy strategy across your enterprise.
Once you've devised your privacy policy and practices, set up a training program so all current and new employees have access to them and understand them. (This is where your CPO can be especially helpful.) For example, train your call center reps and retail clerks to be extremely cautious in sharing customers' data. And get your database managers and account managers in the loop.
> Do safeguard your customers' data.
Involve your information technology department in the training program—a lesson Guess.com learned the hard way. Last year, a computer programmer visited the site to buy jeans. But before entering his order, he wanted to see how secure the company's e-commerce operations were. He keyed a code that's well-known in the programming community into the site's address bar, and up popped about 200,000 of Guess.com's customer names and credit card numbers. It's called a Structured Query Language (or SQL) injection attack, and your IT personnel should secure your servers appropriately to protect against it.
In June, Guess.com settled with the FTC for an undisclosed sum on charges that it misled consumers by stating in its privacy policy that it protected consumer data when, in fact, it didn't.
> Don't rush to employ all marketing efficiency methods.
Turner of the Information Policy Institute argues that some direct marketing practices, such as predictive dialers employed by the telemarketing industry, may have reduced costs for the marketer, but have brought consumers' wrath down on the industry as a whole. "Such practices create a lot of bad press, too, so marketers are doing themselves a grave disservice by employing these efficient marketing methods," he notes.
Clean Up Your E-mail Marketing Practices
Many in the direct marketing and privacy arenas believe that do-not-spam laws, similar to the recently formulated do-not-call regulations, may soon be passed. At the center of this particular debate is the alarmingly high number of poorly targeted and outright fraudulent commercial e-mails flooding personal and corporate e-mail inboxes.
Why is this important to the direct marketing industry as a whole? According to Regina (Reggie) Brady, president of Reggie Brady Marketing Solutions, and a member of the Direct Marketing Association's (DMA) Ethics Policy Committee, many DMA members are worried that spam issues will spill over into direct mail, turning customers and prospects permanently away from the most targeted marketing messages and offers.
"This may actually happen," says Brady, "that is, if we don't regain consumers' trust in direct marketing as a medium."
If you currently send any sort of e-mail campaigns, the following suggestions are for you:
> Do take a stand on opt-out or opt-in.
Decide whether consumers must opt out to stop receiving e-mail from you or if consumers must opt in to receive e-mail from you. Then, Brady advises, let your e-mail marketing practices mirror your convictions.
> Don't batch and blast.
No one in their right mind would call broad and blind solicitations effective targeted marketing. And yet, that's exactly what many e-mail marketers currently are doing.
"They're not offering contextually relevant offers," says DiGuido. "The direct mail blast format, in which you send tons of mail pieces and hope that some hit the right customer at the right time—well, there are a lot of 'what-ifs' in that scenario. And when marketers come over to the e-mail space and try that same practice of batch and blast, that's just not leveraging the power of e-mail communications."
Moreover, the definition of spam still has not been nailed down. "It recently has started to include irrelevant messages, even for opt-in names!" says DiGuido. "That represents a real challenge for today's marketers. … Batch and blast makes irrelevant offers to people, who then get angry and call it 'spam.'"
> Do make it extremely simple to get off your e-mail list.
Brady says that while most credible marketers offer a way to unsubscribe, it may not be easy enough for today's angry consumers.
"We make them go to an 'unsubscribe' site on a Web page, or open another e-mail message, type in 'unsubscribe' and figure out to whom it should be routed. That's too much work. People should be able to click on an unsubscribe link, and they're automatically taken off your e-mail list. The process should be much, much simpler," Brady suggests.
> Do verify how the e-mail names you're renting have been gathered.
Billingsley suggests you grill your list brokers on the source of e-mails in the lists you're renting. "Ask if the addresses were collected properly or by Web crawlers. Is this a true opt-in list? Can they prove it?" says Billingsley.
"Companies with integrity and the scammers are all screaming [their] messages together, and consumers can't tell the difference between them."
Get Involved
> Do talk with your state and federal legislators.
Tell them about your privacy practices. Show that you comply with all applicable state and federal laws.
"Marketers are strangely silent about this issue," says Billingsley. "Their silence seems to be implying that someone else must tackle this problem for them, or perhaps they're afraid to shed too much light on their own privacy practices. … Marketers in general aren't nearly as proactive about these issues as they ought to be. And it's frustrating for legislators when marketers show a lack of interest in a topic that is this important to their industry."
> Do participate in policing illicit marketers.
Brady points out that the DMA has a special program in which members can report deceptive marketing practices. If the DMA agrees, and the marketer doesn't change its performance, it can be expelled from the association. Sounds like a terrific plan, doesn't it? But, Brady says, the DMA actually has trouble finding cases.
"As an industry, we have to start taking more responsibility for that industry," Brady argues. "If we see someone doing something illicit or illegal, we have to report them [to the DMA or the FTC]. We have to start policing our own industry, or the legislators will continue to do it for us."
> Do stay informed about proposed and current laws.
The FTC and other agencies that police the hundreds of state and federal privacy laws have taken a new, muscular stance on these consumer-protection issues. And indeed, direct marketers are being fined for privacy breaches. For example, earlier this year, Hershey's Direct and Mrs. Fields cookies were fined $85,000 and $100,000 respectively for failure to comply with the Children's Online Privacy Protection Act.
A CPO or privacy consultant can help you determine to which laws you must comply and how to adhere to the spirit of those laws.
> Don't remain too comfortable in your current marketing practices.
Legislators and consumers are expecting more from you in this privacy era. "The winners in this new game will be those who can establish trust and permission, and do these with some best practices in mind," says Brady. "Otherwise, the threat of even more legislation will be in our future."
Turner agrees, adding that today's direct marketers must practice a bit of self-restraint for the good of the entire field. "The direct marketing industry has a knack for shooting itself in the foot," he says. "And until direct marketers clean up their acts and undertake some effective collective action, I don't see a reversal of the legislative trend on privacy. The industry really needs to come together on this one."
Companies Mentioned:
 |
|
|
|||
|
|
|
|||
|
|
|
|
