Navigating the Murky Boundaries of Privacy

Saddled with stiff competition and a tight advertising budget, RhinoSoft is the type of company that has to make the most of each of its customer interactions. So the Wisconsin-based software firm recently rolled out a data mining system to help drive sales and encourage product upgrades by using confidential customer information.

The technology divides customers between buyers most likely to make a new purchase and those on the brink of attrition. Next, RhinoSoft sends these customers targeted promotions based on where they are in the customer lifecycle.

But while gathering and parsing customer data is critical to the company’s bottom line, Jonathan Lampe, RhinoSoft’s VP of product management, says knowing where to draw the line between data-driven marketing and consumer privacy is an even bigger concern for marketers today.

“These days, it behooves advertisers to watch where they tread and make sure that they’re leaving people’s private lives separate,” Lampe explains. “So when we target customers, we make sure that we only use business-relevant data. We stay away from some of the landmines of personal data mining.”

Indeed, the marketing field today is riddled with explosive matters ranging from shoddy privacy practices to highly publicized security breaches. Legislators, privacy advocates, and chief marketers alike are more concerned than ever about business’s use of customer data. And for good reason: The increasing popularity of online shopping is making it easier than ever for marketers to collect customer information like home addresses, purchase history, and credit card numbers.

With Forrester Research estimating that e-commerce sales in the U.S. will reach $278.9 billion in 2015, up from $176 billion in 2010, many marketers are struggling to keep pace with the changing face of data collection and consumer privacy. According to a new study from Edelman, 57% of respondents think their organization doesn’t consider privacy and the protection of personal information to be a corporate priority, and 61% of companies do not strictly enforce all levels of compliance with laws and regulations.

Standards and practices

Legislators are stepping up with security frameworks, such as the Payment Card Industry Data Security Standard (PCI DSS), but it’s still up to marketers to develop best practices on data mining and security. For example, companies must establish policies on how and when to notify customers in the event of a security breach or risk leaving consumers vulnerable to a host of problems, including identity theft and credit card fraud. Worse, marketers who lack preparedness in protecting consumer data and responding to data breaches can face sweeping legal liabilities, media scrutiny, a tarnished brand, angry customers, and even disgruntled stockholders.

“Dealing with privacy risks is about more than just dealing with the legal implications of a security breach,” says Peter Strempel, a Brussels-based strategic consultant with Edelman. There are brand reputation repercussions, as well. “The problem is that privacy has been driven internally in companies from mostly legal departments and privacy officers, who mainly dealt with the compliance side of things.” Aiming to benchmark businesses’ privacy risks, Edelman, in concert with the Ponemon Institute, created the Edelman Privacy Risk Index study that highlights where companies are most lacking in preparation for avoiding privacy violations.

Customers are speaking up against privacy violations, too, putting unprecedented pressure on marketers and industry regulators alike to better protect sensitive information.

According to the Edelman Index, 85% of consumers around the world say that companies need to take data security and privacy more seriously, and 70% say they’re more concerned about these issues than they were five years ago.

Fortunately, savvy marketers are taking a proactive approach to balancing privacy and leveraging personal data. RhinoSoft’s marketing and sales efforts have never been more targeted, yet the company is extremely cautious about what customer data it collects and uses. For example, when a customer requests a quote online, the company’s new data mining system uses a built-in algorithm to determine what a particular customer should be paying for a product or service based on his or her unique purchase history and behavior.

What’s more, RhinoSoft now keeps tabs on how customers arrive to its website (e.g., via a banner ad or Google search), what software they’ve downloaded, any post-sales engagements, and how they prefer to interact with customer support. Lampe says that RhinoSoft is also considering introducing third-party data such as industry benchmarks on regional buying behavior patterns to better refine its targeting efforts.

Selecting data sources carefully

But with every new entry point into precision marketing, Lampe says RhinoSoft has carefully erected fail-safes and firewalls. For one, “we don’t use USB keys,” he says, noting that the prohibition of external storage devices prevents employees from walking out the door with confidential data.

The software company also relies on Microsoft SQL Server’s built-in security controls to control database access and ensure adherence to compliance policies. And from a pure data perspective, Lampe assures, “We don’t pull any information from our customers’ private life sphere, such as Facebook. And when we do aggregate data [with market research and industry benchmarks], we aggregate at a level where we avoid personally identifying the person and avoid comingling data that would be potentially embarrassing, such as a customer’s Facebook posts.”

Customers about to download a RhinoSoft software product are first instructed to read the company’s privacy policy in the interest of full disclosure. “We reiterate that privacy policy in all of the communications we send via email,” Lampe says. “It’s a fairly short policy and includes items on not sharing personal information and the aggregate usage of data.”

A little creative ingenuity also helps allay consumers’ privacy concerns, Lampe says. Whether delivering a promotional email to a long-time customer or targeting a prospect with a product discount, the company’s marketing department makes a point of “introducing at least a plausible amount of fuzzing to make it sound as if we’re not stalking that person.” According to Lampe, promotional offers featuring precise figures, such as how many software purchases a customer made in a single month, reflects “a creepiness factor” that is likely to prompt consumers to “seek out anonymity tools like proxy servers that will only put all of the advertising community back to square one.”

Driving sales with data

Not all marketers shun the use of personal data like Facebook profiles for the sake of preserving consumer privacy. Take, for example, When customers make a purchase at, the pet food and supplies e-retailer asks shoppers to fill out an exit survey to gather data like gender, age, and previous preferred shopping destinations. Through these surveys, has discovered that 70% of its customers are dog owners, 30% are cat owners, and 85% are women over the age of 48.

In addition to its exit survey, relies on its formidable Facebook presence to target and communicate with its customers. A single post can generate as many as 30,000 likes and 20,000 shares, and 30% of the company’s sales stem from interactions on social media channels.

One personal slice of consumer information PetFlow. com was able to use to its advantage was the discovery that a large percentage of its customers reported driving an average of 20 to 30 minutes to the nearest Petco prior to switching to The e-commerce retailer then mapped all areas of the country within a 20- to 30-mile radius of a Petco and sent flyers to everyone in those areas. “These are the customers who have the highest pain point, so we had a great result from advertising directly to them,” says Alex Zhardanvosky, PetFlow. com’s founder.

Mapping city circumferences is one thing; overstepping consumers’ privacy boundaries, however, is a recipe for disaster, Zhardanvosky warns. To ensure confidentiality and safe storage of data, the e-retailer doesn’t store credit card numbers on any of its own servers. The company doesn’t share data with third parties. And a detailed privacy policy can be found on its website. “We try to be as secure as possible using all of the best practices that are available today,” he says.

Additionally, customers can easily opt out of PetFlow. com’s email subscriptions, contests, and promotions with the click of a mouse. Not only does this feature give consumers the sense that they’re in control of their personal information, but it also helps the company maximize its marketing spend. “It costs money to send out one extra email,” Zhardanvosky explains. “So if I can send out less email to people who aren’t actually interested in hearing from me, then that’s great.”

Indeed, marketers today are going to great lengths to collect all kinds of consumer data, and then turn these facts and figures into direct marketing campaigns. But failing to recognize consumers’ growing privacy concerns will only result in pushback and penalties. After all, says Zhardanvosky, “You can get a whole bunch of data from all kinds of places but, it’s what the customer is most willing to share with you that’s most important.” And consumers will only share if they believe their secrets are safe with marketers.

Related Posts