Large Databases Bring Large ResponsibilityWhile attending the IAPP privacy conference in Washington last week, I decided to stop by the Senate hearing on identity theft. The hearing was prompted by a number of recent events, including: the information breach at a division of LexisNexis; the loss of several data tapes by Bank of America; and the emerging scandal at data broker ChoicePoint.
The line into the hearing room was long. It was so long that several people who had waited for hours found themselves unable to get into the hearing, myself included. Apparently, all this talk of new privacy legislation has gotten our attention.
John A. Greco Jr., president/CEO of the Direct Marketing Association, also was in Washington that day to address the conference of privacy professionals. He emphasized the DMA's focus on the consumer and noted the consumer's desire to have greater control over his relationships with the companies he patronizes. I support the DMA's new philosophy and look forward to seeing how this mantra plays out in light of recent events.
Historically, large database companies have been free to operate with little governmental oversight. Yes, laws exist that regulate the data used to compile consumer credit reports. But there are notable loopholes in much of that legislation. If Social Security numbers, Federal Employer Identification numbers, bankruptcies and lien information are not considered to be credit report data, then I'm not sure what would be.
Many of the privacy principles that we have in place were conceived in a much simpler time, a time before the onset of massive, relational databases. Back in 1970, lawmakers and policy experts could not have imagined our industry's current ability to collect, store and use enormous amounts of consumer data. And I'm not sure we as an industry have fully grasped those capabilities. In some ways, our eyes are bigger than our stomachs - our capacity for data has outpaced our ability to safeguard it.
Implicit in the concept of consumer control is the notion of having control over one's own data. If the direct marketing and data collection industries are going to offer greater control, some of us will need to make structural and cultural changes to the way we do business. If we are going to suggest that our industry has a right to maintain massive amounts of sensitive consumer data, then we need to take extraordinary measures to protect that data. With large databases goes large responsibility.
The true question is how to provide that control to consumers. At this point, it is likely that one method will be to enact specific legislation. Congress is considering bills modeled on California's S.B. 1386, and which require that companies notify consumers in the event of a data breach. In an era of consumer control, notification of a data breach should fall under best practices. And the idea that many companies have not and would not notify customers of a breach without this legislation is troubling, to say the least.
More than a few states are talking about enacting credit freeze laws to let consumers prevent companies from accessing their data for the purpose of providing them credit. Our industry already has been hit with the do-not-call registry. We've withstood threats regarding do not e-mail. Will we soon need to reckon with a do-not-collect-my-data list? Can you imagine the effect on the industry if even half of the 78 million who've signed up for the DNC list took advantage of a national credit freeze law?
As marketers, we can all recognize how precious a commodity that data is. It kills me when I think about the number of firms that are not doing enough to use data effectively to enhance their customer experience. Data should be cherished. It should be protected. It is the absolute lifeblood of our industry.
It's hard enough already to get consumers to willingly provide marketers with their data. To take an active role in their relationship with companies. To open themselves up to forging a better, more in-depth relationship with the brands they trust.
Our industry has a chance to take a leadership role on these issues: by embracing legislation that puts the consumer in control; by acknowledging the tremendous responsibility inherent in the stewardship of our customer's personal information; and by going to extraordinary lengths to protect that data. These are heady challenges. Our collective response will affect our business for the next decade.