Live from the Gartner CRM Summit: Consultant Predicts Privacy Enron
Get ready, it’s coming: Sometime over the next two years, a major U.S. company is going to do something so bad that it will make all prior privacy scandals look tame by comparison.
“People will freak,” said Adam Sarner, research director for Gartner. “It will be the Enron of privacy.”
And the reason will be because most firms place privacy way down the list of things to handle while customers place it near the top. A poll done by UCLA showed that 90% of all consumers think privacy is at least somewhat important while only 11.2% said it does not concern them.
One common error is for firms to lump privacy and security together.
“Eighty percent of the budgets people are allocating for privacy and security are going to security,” Sarner said, speaking at the Gartner CRM summit. “But the real exposure is going to be about the money that didn’t go into privacy.”
First there is the hard impact from loss of customers and revenue that can come from a single episode. Then there is the real threat of civil liability.
For example, U.S. Bankcorp paid $2.5 million for sharing customer data with third parties. Eckerd Drugs paid $1 million for allegedly misusing data. And AT&T paid $760,000 for an internal do-not-call violation.
And those were “minor mishaps” compared with the coming Enron-type scandal, Sarner continued.
Then there are other hard costs like wasted management time, decreased market capitalization, inability to perform international transactions and prison sentences. (Italy just passed a law to that effect, he said). There are also some soft costs like damage to brand and customer distrust.
Sarner estimated that the out-of pocket cost related to a single incident can run as high as $20 million.
How does one avoid that kind of hemorrhage? Revert to an opt-in model.
“You can do anything you want with customer data, if you ask them and they say it’s okay,” Sarner said.
He added that the “window is closing” on the ability to use opt-out and that marketers are facing a plethora of both international and domestic laws.
How do you get explicit permission?
“Communicate the value proposition first,” he said. “There’s nothing private about customer data that they won’t give away in exchange for something.”
But there’s more to it than simply requiring an opt-in.
Avoid changing the rules like Yahoo did when it contacted people on its opt-out list and told them that this was a new kind of marketing campaign.
Don’t break the rules, like Lycos did when it offered a contest to people who had opted out.
“A no is always a no,” Sarner said.
He added: “If you do something different than what you have written in your privacy policy, that’s fraud, and you will pay for that.”
And don’t bend the rules. Doubleclick tried something new with aggregate data and it “had to pay $500,000 when it didn’t do anything wrong.”
Sarner suggested five ways to encourage opt in:
*Offer selective opt-in
*Let customers manage their profiles and preferences
*Use multiple channels to communicate value
*Offer incentives
*Encourage online community
Finally, Sarner said, individual privacy preferences must be recorded and distributed where appropriate, and not left to the discretion of middle managers. They also should be communicated to all touchpoints.
