Why You Need a Privacy Strategy
Category : Marketing
Online retailer toysmart.com went bankrupt after including its customer database on a list of assets to be sold. Internet advertising company DoubleClick Inc. was accused of compiling and selling customer information without proper disclosures — and later became the subject of a class-action lawsuit and complaints to the Federal Trade Commission (FTC).
Pharmaceutical company Eli Lilly blamed a “programming error” when it publicly displayed the email addresses of approximately 600 Prozac users.
These are only a few examples of high-profile privacy debacles. Throw in the vast amount of new privacy legislation on the horizon, not to mention lawsuits pending against many online retailers, and the message is clear: Privacy is no longer a choice or a concept. It’s a reality – part of the cycle that affects a company’s brand and shareholder value.
To be successful, a company must develop, build, and execute a global strategy to protect individuals’ information, as well as brand privacy as an ethical foundation of the organization. This strategy must specifically deal with privacy legislation and be consistent and compliant with an organizations adopted privacy policies, procedures, and ethics.
To be effective, the strategy should follow best practices for the organizations geographic regions and include ways to prove or build trust in its privacy measures and policies with hard data. Organizations must also clearly communicate their strategies to their customers and employees and frequently review their current state of privacy.
CUSTOMERS DEMAND IT
As recently as three years ago, companies thought a privacy strategy was nice to have – not a necessity for business success. In today’s marketplace, however, it’s nonnegotiable. Consumers demand it, and leading and ethical companies must deliver it.
In a survey conducted by The Wall Street Journal and NBC News, 29 percent of people polled said they were more worried about threats to their personal privacy than overpopulation, war, and global warming. Although more consumers are increasingly buying goods and services online, they still distrust companies with their personal information. A Forrester Research report stated that $15 billion per year of projected e-commerce revenues could be unrealized because of consumers’ privacy concerns. This is a huge number in the wake of the market slowdown and low consumer confidence numbers provided by the US. Government.
A recent survey conducted-by thirdparty research firm Harris Interactive echoed these findings. The survey, “Privacy On and Off the Internet: What Consumers Want,” included feedback from 1,529 people interviewed online in November 2001.
The survey revealed three major consumer concerns regarding the way online companies handle personal information:
- Companies might provide information to other companies without permission
- Transactions might not be secure
- Hackers might steal personal data.
Businesses must give consumers more assurance than typical privacy policies to earn their trust. To succeed, organizations need to be able to develop, build, and maintain trust with consumers through a more strategic, concerted education and branding effort.
HOW TO BEGIN
To develop a successful privacy branding strategy, companies must first gather baseline data on their privacy policies and issues. They must ask themselves: How is customer information currently used?
Who has access to this information, and how and why do they use it?
Another important part of this initial step is assessing the private legislation in the company’s geographical regions. The United States has more than 500 pieces of pending privacy legislation, while other regions throughout the world have more established and stringent privacy legislation and restrictions on the use of data.
In Europe, for example, a substantial amount of privacy legislation has been in place for more than 10 years. Australia and Asia-Pacific regions have rigid privacy legislation that requires employers and companies to protect the information they have on individuals, and continue to hold companies responsible for the privacy and security of that information.
A U.S.-based company with operations in other global regions is certainly affected by the privacy laws of those regions. US. law tends to focus on protecting children, as well as a person’s health care and financial information. Other countries focus on these as well, but are also far more rigorous in other areas. For example, a marketing company in the United Kingdom may have to acquire customer approvals before sending a direct mail piece.
COMMUNICATE, COMMUNICATE, COMMUNICATE
Lesson learned: The company didn’t communicate the change, or if it did, consumers didn’t effectively hear the message. Consumer and government perception inflated the reality, and Amazon.com paid the price in negative publicity and public perception.
Branding a privacy strategy involves making it real both inside and outside an organization. This branding can only be achieved through communication, education, and a company’s commitment to doing the right thing. Once the privacy strategy has been established, it must be communicated to employees, customers, and the world at large.
The company must also provide adequate training for employees and customers. The policy should be posted for all to see. But keep in mind that just because a company does all this hard work doesn’t mean that the world automatically understands the organization’s position and commitment to privacy.
A privacy strategy needs to permeate all areas of the company – from marketing and sales to R&D and engineering. When all the key players are aware and thinking about the company’s privacy stance, the organization can be proactive in dealing with privacy issues. This strategy makes privacy a fundamental thought pattern of each employee and clearly and concisely communicates the overall strategy and values to all.
Everybody in an organization is responsible for understanding the concept of privacy and implementing it in daily activities. Every employee should follow the policies and base business actions upon it. When it comes to privacy, organizations must make sure that what they say they’re doing with an individual’s personally identifiable information is in fact what they are doing.
After all, privacy is no longer a choice. It’s an expectation and a requirement. Companies that develop and communicate their privacy strategies accordingly will reap the business rewards.