3 Core Capabilities for Privacy Adherence

Where does the responsibility lie for customers’ privacy in terms of data used for marketing?

While customers have responsibility for deciding what information they provide to companies, the responsibility for protecting that data lies squarely with the company collecting and using the information. Once data is given, customers don’t have the power to ensure privacy adherence. And if one does not possess the power to ensure adherence then certainly, one cannot have the responsibility for that adherence.

With that said, the more challenging questions to answer are: 1) how can a company ensure adherence to privacy commitments made to customers; and 2) are companies using data only in the context of a customer’s expectation? With the exponential growth in digital activity customers are beginning to demand transparency into a company’s use of their data and whether that data is shared with others. One needs to look no further than pending legislation in California, The Right to Know Act of 2013. If passed, consumers will be able to monitor how personal information, including health, finances, location, politics, religious, sexual orientation, buying habits, and more, is being collected and disclosed in unexpected and potentially harmful ways. And this is just the start. The White House, Federal Trade Commission, and California Attorney General all call for data transparency and access for consumers.

What’s coming, and sooner than one might expect, is the need for companies to collect, manage, and provide access to all data collected about each customer. The processes, tools, and rigor required to create and sustain the level of transparency both expected by the customer and perhaps dictated by law will be both expensive and time consuming. There is little reason to believe that consequences for companies not adhering to privacy commitments will be anything except painful, perhaps punitive, and certainly damaging from a customer relationship standpoint.

There are, at a macro level, three core capabilities companies will need to ensure privacy adherence regarding customer data used for marketing.

1. Identity resolution: The first challenge is to identify each person. It’s easy if a company has one channel and customers’ names and addresses. But it gets complicated quickly when the same customer interacts via some combination of, say, Web, mobile, social networks, and physical mail. Each of those channels has its own identifying key (e.g., mobile is the phone number), separate databases, and varying access rules. Changes to names, phone numbers, and multiple email addresses just add to the complexity mix. Companies must be able to bring all of this disparate data together in an efficient way to resolve customer identity and sustain that identity over time with all interactions through all channels. Without the ability to resolve and sustain identity, companies will find it extremely difficult to adhere to customer privacy commitments.

2. Preference management: Part of a company’s ability to adhere to its privacy commitments is also directly related to its ability to effectively manage customer preferences. Every customer has preferences regarding how they want companies to market to them, service their account, and maintain their privacy. Customers should be able to choose their preferred contact method and the frequency and type of communication desired across all channels. The goal is for companies to satisfy customer preferences while ensuring regulatory compliance. Furthermore, managing preferences helps create a single view of a customer’s contact and privacy preferences, which eliminates data silos and helps with identity resolution. Companies using effective preference management processes and systems significantly reduce the risk of violating privacy commitments. Furthermore, a company increases its likelihood of using data about the customer in the context the customer expects.

3. Customer data disclosure: If your company was asked to disclose what data it has about the customer, how that data is being used, and where that data was shared, could it do it? The Right to Know Act of 2013, if passed, will require companies to do exactly that at the request of any individual at least once per year. Similar laws already exist in several European countries. Looking to the future, it’s not unreasonable to assume that companies may even be required to allow customers to self-serve tracking their data usage.

Companies must have the ability to efficiently access and disclose complete and accurate data about any customer. This will require systems, processes, and presentation of data most companies don’t have today. In an odd way, these very processes may inadvertently create new privacy issues. This could be the ultimate conundrum.


Dale Renner, RedPoint Global Inc.

Dale Renner has more than two decades of experience in the analytics software field. As CEO of RedPoint Global Inc., Renner has driven the company’s strategic direction since its founding in 2006. Prior to founding RedPoint, Renner was a global managing partner at Accenture where he founded the fi rm’s CRM practice and helped grow the business to $1.5 billion in revenue. Renner holds a B.S. in Business Administration from Iowa State University. Despite years of experience in corporate America, Renner grew up on a farm. “I like working outside with my hands in the dirt,” he says. Were he not building a company, he’d be cultivating a modest vineyard focused on boutique cabernet wines mostly for specialty restaurants. “There is something rewarding about having a hand in watching things grow, whether that is your kids, your company, or your garden,” he says.

Check out the other answers:

Related Posts