Live from the DMA B-to-B Marketing Conference: Privacy Looms as B-to-B Issue

While the landscape for consumer privacy protections has been well established, firms that target business have been slower to embrace the need for customer privacy protections.

Counter to prevailing belief, B-to-B firms are subject to most privacy regulations, do have to exercise strict protection over their customer data, have responsibility toward the privacy practices of their business partners beyond cursory due diligence, and need to consider culpability or damage to their reputation, according to Larry Ponemon, founder of Ponemon Institute, an information practices think tank.

Research conducted by Ponemon Institute revealed at least awareness of the problems. Firms surveyed said they are taking privacy concerns seriously, with many implementing programs at the enterprise level. These actions range from exploring technology and database protection, integrating security teams into privacy governance policies and plans to devote increased resources to managing privacy issues through 2004.

But other firms still show great skepticism about the need for compliance, and are confused about the privacy rights of business consumers. Some have expressed frustration about their lack of ability to control the actions of business partners who influence their customer relationships. The security measures don’t necessarily have clear channels to high-level executives, or support beyond the initial implementation. And some haven’t connected their actions regarding customer privacy to their brand or image, or indeed to any strategic vision.

How should firms go about doing a “privacy audit”? A good place to start is by “knowing thyself,” according to Matt Leonard, a customer information policy executive with IBM Corp.

To Leonard, this means not only being aware of how an organization gathers data, but who touches it during the collection process, how it is stored, and who has access to it.

“It’s good database management and good privacy management,” said Leonard.

With the rise of home-based offices and single-proprietor businesses, Leonard cautioned that the line between consumer and business privacy practices has blurred, and will continue eroding. As that happens, consumers will become more wary about entities that might have access to their business information files, such as physicians, law enforcement agencies or potential employers, and will continue to demand more privacy safeguards for this data.

Leonard also warned against grandiose privacy promises, such as “we will never share your name with anyone.” This promise can be violated in a number of way, such as a bankruptcy filing in which customer information is considered a company asset subject to sale. But sometimes violations occur under less-dramatic situations, such as times of economic stress.

“You can forget a lot of those promises you made in the fourth quarter,” Leonard said.

Even activities that are permitted under privacy permission statements might not be advised. As Leonard put it, “If someone used the term ‘technically correct,’ it usually involves doing something your customers aren’t going to like.”

His final caution was to look over information gathering practices on business leads or customers by sales force members, and monitor who has access to it and how it might be used or disseminated.

“They are the wild card,” Leonard said. “They may make notes that they use to facilitate relationships that aren’t appropriate to an outer envelope, such as ‘Party Animal!’ Yet this information is essential to building relationships.”

Harriet Heyman built on the idea of recognizing consumer attitudes toward privacy in a business setting. Heyman, vice president and senior strategic consultant and vice president of privacy and compliance at Harte-Hanks Inc., wondered if employees view their offices as their castle, and were reacting to marketing promotions received at work with reactions similar to those received at home.

“If I am selling servers and a customer tells a persistent salesperson, ‘Don’t contact me,” should the company make an offer to him when it is promoting storage devices?” Heyman asked.

She further cautioned that the privacy leads set by Europe stand a pretty good shot of crossing the pond to the United States. For instance, according to the European Union Electronics Communications Directive, companies wishing to send unsolicited direct marketing e-mail messages must have prior consent from the recipient.

Additionally, EU businesses will soon be able to block cold callers by registering telephone numbers with the Telephone Preference System, an option currently available only to residential user.

Back in the U.S., B-to-B e-mail marketing faces an increasing amount of legislation on four fronts: Labeling, such as subject line cautions, mandated do-not-spam lists, Internet service provider regulations, and anti-fraud legislation.

“Privacy is a dangerous term when applied to B-to-B marketing,” Heyman said. “Most sales strategies begin with a phone call.”

Heyman, Leonard and Poneman spoke during a panel discussion moderated by Pat Faley, the Direct Marketing Association’s vice president of ethics and consumer affairs, at the DMA’s B-to-B Marketing Conference in Arizona.