If you are responsible for online privacy issues in your company, your mantra should be “Know, say, do.” Know what your company is doing, say what your practices are, and make sure you do what you say.
Finally, you must ensure that you are actually keeping the promises you make in your policy. This involves frequent return visits to those folks you interviewed in step one, to find out if anything has changed. It should also involve educational programs to make sure that everybody who plans new programs or touches consumer data in any way knows the company’s commitments and how they’re expected to adhere to them. If your data gathering is very extensive or complicated, you may even need to engage an outside auditor to make sure you are indeed keeping your word.
Ray Everett-Church, Esq., is CEO of PrivacyClue (www.privacyclue.com), a privacy-oriented consulting firm in San Jose, CA.
One survey found that 92% of consumers are fearful about the potential misuse of their data. The Forrester Group estimated that consumer fears about privacy cost online retailers $3 billion, or about 10% percent of total sales, in 1999. Certainly something was behind what may be the most remarkable statistic in e-commerce: More than three-quarters of all shoppers abandon their shopping carts without making a purchase.
So you would be wise to adopt best privacy practices and aggressively tell your customers about them. A growing number of companies recognize the need for the first, but most fall short with respect to the second.
Perhaps the most difficult aspect of data management is getting rid of “information.” The enormous capacity of modern storage systems allows companies to keep virtually unlimited amounts of individual customer data. Don’t do it. Data should not be kept in an identifiable form any longer than needed for the original purpose. Aside from the potential for privacy abuse, the longer data are held, the less valuable they become, and the more they cost the company. Even straightforward data such as addresses become obsolete in a society in which people are constantly moving.
The two fundamental outward-facing policies are notice and choice. Tell consumers what data are being collected and why. Your customers should know how you use the information, who controls it, and who receives it. Then customers can choose whether to provide you with the data or to allow you to share the information with other companies. All data should be kept up to date, with frequent review and corrections as needed.
The only way customers will know you respect their privacy is if you tell them. Communicate your privacy policies through every touch point with your customers. Display them prominently on your home page, mention them in your e-mails, and include them in all mailings. Remind your customers of your respect for their privacy in both your promotions and your billings.
Peter Heffring is president of the CRM division of NCR Corp. (www.ncr.com), a transaction and data warehousing solutions provider based in Dayton, OH.