News Stay informed about the latest enterprise technology news and product updates.

Protect privacy or jeopardize CRM

Experts agree few issues are as crucial to building successful customer interactions as developing consistent and effective privacy customer privacy policies.

Customer relationship management software means little if there are no customer relationships left to manage.

Experts agree few issues are as crucial to building successful customer interactions as developing consistent and effective privacy policies. When a business alienates its own customers by bombarding them with spam or distributing their data to unwanted parties, there is usually no relationship left to salvage.

A customer privacy policy typically outlines how a particular business intends to use information collected from its customers. These policies are most often devised by the companies themselves with input from consultants, legal counsel and sometimes even users.

Siebel's guide to building effective customer privacy policy
How does CRM giant Siebel advise its customers to craft privacy policies? Here are the guidelines it offers up:

An organization's privacy policy is a statement to their customers and sets out the ways they will process the personal data they collect on their customers. It should state that any personal data collected by the organization is used in accordance with the relevant data protection legislation. The policy should be written in clear and comprehensive language and should avoid the use of legal jargon. As a guideline, organizations should include statements relating to the following areas:

  • Introduction -- what the privacy policy refers to
  • The Data Protection -- Privacy legislation the organization must comply to
  • The use that will be made of the customer's personal information
  • Consent -- whether the organization will operate a opt-in or opt-out policy
  • Use of data for direct marketing purposes
  • Disclosure of data to third parties
  • "How-to" -- verifying, updating and amending your personal information
  • Security of customer data storage
  • Notification of changes

Ensuring data protection and privacy compliance is not just a matter of operating within the law; it is also about the effective handling of personal information and respecting the interests of your customers.

But when it comes to sharing information, what is considered acceptable is sometimes a moving target.

"Consumers will declare something to be spam even if they request it sometimes," said Ray Everett-Church, chief privacy officer for Philadelphia-based ePrivacy Group, a privacy consulting company. "In a world where the customer is always right, that's not a failure of the customer to be rational, as you might think; it's a failure of the company to make sure that their [CRM] communication was presented in the context of an ongoing relationship."

Everett-Church backs a five-point privacy plan that includes:

  • Notice: Telling customers what kind of data you intend to collect and what you want to do with it.
  • Choice: The ability for customers to say yes or no when a business wants to collect their data.
  • Access: Giving customers a picture of what kind of information a business has collected about them and the option to possibly delete it.
  • Security: The opportunity for customers to keep data from being misused by unauthorized parties.
  • Enforcement: Giving consumers the ability to get privacy complaints addressed, with some recourse for those who believe they've been violated.

Increasingly, government agencies such as the Federal Trade Commission (FTC) are making it their business to ensure that companies aren't crossing the line as they try to build customer databases and find new ways to increase sales and loyalty.

In fact, in some industries, privacy policies aren't just important, they're also the law.

In 1999, then President Bill Clinton signed the Gramm-Leach-Bliley Act. The legislation requires financial institutions to disclose their privacy policies regarding the sharing of non-public personal information with both affiliates and third parties. It also requires consumers be notified and given an opportunity to "opt-out" of sharing non-public personal information. The Clinton administration was also responsible for passing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to reform how the healthcare industry handles patient information.

According to Everett-Church, U.S. businesses should expect the federal government to continue to address individual privacy rights on an industry-by-industry basis. In Europe, European Union governing bodies have passed similar regulations to control privacy.

And there are examples of just why the government has been forced to address the issue. For instance, just this year eyebrows raised when bankrupt health information site, co-founded by former U.S. Surgeon General C. Everett Koop, announced that it would sell its member list to a site aimed at marketing vitamins, While the site gave its users a last-minute chance to opt out of participation, the strategy has been roundly criticized.

Meantime, the search engine/portal giant Yahoo Inc., Sunnyvale, Calif., recently caused a stir by changing from "opt-in" to "opt-out" marketing without first telling users. After an onslaught of negative publicity Yahoo publicly apologized and vowed to better inform customers of its plans.

Success story

One business that has built a reputation for deftly approaching customer privacy policies is online auction giant eBay Inc., San Jose, Calif. According to Kevin Pursglove, spokesman for eBay privacy, his company's success is based on constant interaction with its customers.

"From the start it was apparent that privacy was a serious issue with our users," he said. In fact, Pursglove's job was created by eBay based on the huge volume of calls it gets from users and the press inquiring about privacy.

"As the site grew, we had a solid foundation from an active group of users [who helped] develop policies that would aid their ability to buy and sell, communicate, and protect their individual privacy," he said.

According to Pursglove, whose company has worked with a non-profit privacy initiative known as TRUSTe, San Jose, to develop its policies, placing a clearly spelled out privacy statement on the bottom of every page it posts has also been key to its success. He said that eBay regularly updates its policies on its site.

The software vendor's role

Yet, when it comes to the leading CRM software vendors, there is some debate as to how much responsibility a technology provider has in terms of helping its customers create their own privacy guidelines.

Daniel Lackner, vice president and general manager of marketing at CRM applications industry leader Siebel Systems Inc., San Mateo, Calif., contends that data protection and privacy compliance is a business issue and not something achieved by implementing a software system.

"As a software vendor, it is not our place to advise on creating privacy policies, and indeed there are associations far better placed to advise on policy development," Lackner observed. Still, he knows Siebel must ensure that its products can support customer needs in this area.

According to Lackner, Siebel offers its customers the flexibility to support data protection and privacy compliant business processes. He said his firm provides products that protect customer data. Most importantly, Lackner said that Siebel makes visible customer contact preferences so users can act as one company within their customer base.

At least one expert agrees that vendors like Siebel have limited responsibility in terms of helping to create a privacy policy itself. Scott Nelson, analyst at Stamford, Conn.-based researcher Gartner, said the vendor's task is to build more tools into products to encourage the development of effective privacy practices.

"In many ways it is becoming an issue of multi-channel support," Nelson said. "There are a wide range of customers out there with differing preferences as to how they are approached using CRM and how their information is leveraged."

Nelson believes that businesses need to walk a fine line between protecting customer privacy and running a successful CRM effort.

"Privacy is the number one issue that can foil CRM and make customers go elsewhere to do business," he said. "It's a matter of carefully figuring out what each individual customer expects you to do with their information and building a number of different strategies that will help create the stronger relationships companies are hoping to foster with their clients through CRM."


Pre-register for the free SearchCRM Webcast "Integrating customer privacy tactics with CRM initiatives" with Gartner analyst Scott Nelson on Aug. 28 at 1PM EDT

Ask your question to customer loyalty expert Michael Lowenstein.

.lbBWaJwZnIl.0@.ee83d1e!viewtype=&skip=&expand=>Share your thoughts on customer privacy in our Sound Off forum.

Dig Deeper on Customer loyalty and retention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.