Baylor University || Baylor Business Review || CRM & Privacy: How much do companies need to know about their customers?


Browse the Archives About Us Submit Your View Points of View Site Map Change Your Contact Information From the Dean Business Innovation Bears in Innovation View/Review Learning in 360 Leadership Perspective History in the Making ENT LLC Baylor Business Fellows Research & Publishing Research in Action Baylor Angel Network Alumni News Baylor Business Buzz Ethics of... Why Hire a Baylor Grad?	CRM & Privacy: How much do companies need to know about their customers? Email This Page\|Share Your View\|Other Views REVIEW: Paul Greenberg Author of the best-seller "CRM at the Speed of Light: Essential Customer Strategies for the 21st Century" and CRM Fellow for the European Institute for Responsible Information Management (EIRIM) and co-chairman of Rutgers University’s CRM Research Center. There is one thing about every human that you or I know – all of us are consumers. All of us. We are not just any consumers now that the 21st century is rollicking through its years, but in fact, we are exceptionally bright consumers who are knowledgeable, technology savvy, and know that we have instantaneous information on services and products from trusted sources online. We also know that critical to our consumer lives is control over what content we are provided and what information we are asked to give. For good reason, we are increasingly worried about identity theft. We read stories about Lexis-Nexis and 310,000 stolen social security numbers or Bank of America “losing” 1.2 million customer records. The annual updates we get from companies on their privacy policies aren’t really much of a comfort for those fears of stolen data are they? Truthfully, do you even read them? I said, truthfully. I don’t. What I expect of a company is that if I deal with them, I can trust them to protect whatever information I gave them in return for something they gave me. And that goes to the crux of the matter. Customer data privacy isn’t really the concern of the population as much as trust in dealing with it is. With all the concerns about privacy and its breaches you read of in the media, in fact, that hasn’t stopped the 21st century customer from being forthcoming with enough personal information for someone else to establish a new identity complete with photos from what is publicly available online – and made public by the customer themselves. In fact, these neo-customers from Gen X and Y are surprisingly relaxed about providing tons of data well beyond the transactional and are also quite lax its public exposure – as long as they are in control of the decisions for the exposure and feel that they can trust the institution they gave it to. For example, in a study done in October 2005, by Ralph Gross and Alessandro Acquisti of Carnegie Mellon Institute on “Information Revelation and Privacy in Online Social Networks” they found that the survey respondents, members of the primarily college student social networking site Facebook (www.facebook.com) chose to reveal enormous amounts of personal information including their home addresses, IP addresses, data related to their personal relationships including partner data, political preferences, hobbies, music, books, movies, you name it. In fact, the social tags that are there to slice and dice customized knowledge of individuals are mind-altering. What is even more astounding is that this data is available to any member of Facebook at all – most who are clearly strangers to other members. But when queried, 50% of the member-respondents worried about the data being seen by someone they actually knew. In virtual (but not actual) anonymity there was trust. But get this. Facebook’s privacy policy, states that they are allowed to continue to collect personal data from other sources like Instant Messenger conversations and newspapers “regardless of use of the website.” Additionally, they can use that data to supplement the personal profiles of the members and to give it to Facebook service providers. But because of the rather naïve trust the Facebook members have in Facebook, this incredibly fast and loose privacy policy was simply “not believed” by 60-85% of the respondents, according to the Carnegie-Mellon survey. They chose to believe what they wanted based on their innate trust in Facebook the cyber-institution. What this implies is that institutional trust is the primary concern of customers, not privacy per se. Even though there have been dozens of high profile customer data breaches from Lexis-Nexis, Bank of America, ChoicePoint, ad nauseum, ad infinitum, and fear of being individually victimized by identity theft has grown from around 42% in August 2004 to 65% in December 2005 (Ponemon Institute, 2006) it doesn’t stop the customers from purchasing things with their credit cards online, because they trust the means to do so. 2005 saw $143 billion spent (up 25% from 2004) online – not exactly an indication of fear of cyber-theft as a whole. The overall level of “in the Internet and our business partners we trust” remains pretty high. But it is a fragile high. The Ponemon Institute, what I consider the world’s best privacy management firm, did a significant study released in January 2006 on the “Most Trusted Retail Banks.” They came to some very significant conclusions. First, it takes two breaches of privacy at a banking institution to destroy trust and lose the customer. Second, that 68% of the customers believe that the bank will protect their customer data and privacy and will inform them should there be a breach. Only 14% weren’t sure that their bank would. The study found that immediate response to a breach is important via phone or written notice (less electronically, oddly enough). They trust their banks to protect their information but 68% would transfer to another bank if they didn’t. Also that 63% were as confident of the protection of their data online as they were at the local branch. But that is a decline of 11% since the last study. So what kind of conclusions can we draw from all this? Privacy, while a significant issue, is actually less the issue when it comes to 21st century customer/company relationships. The real issue is trust in the handling of that data, not the fear of its revelation. Most customers are willing to give the data if they can trust the institution they can give it to. That is the true value of a privacy policy. But actions speak louder than words. So what do you do to improve that trusted relationship? The Ponemon Institute study found that the three most important trust factors are: 1. Don’t sell or share the information with other organizations 2. Don’t use it to aggressively market back to the customer 3. Keep the customer posted on the status of their information And I would add 4.Inform them honestly and immediately of any breach In other words, the more open about how you handle individual customer data, the more trust you engender. The more transparent you are with your customer, the more trust you will gain. There are very few of us who mind giving out personal and transactional information in exchange for something that is valuable. But to keep the trust and thus the business of that customer means that the more control they have over their data’s fate, the more trusting they will be. That means transparency, honesty and quick resolution of problems, not just an annual updated privacy policy for them to not read. That doesn’t seem too hard, now does it?