| |
 |
|
|
|
 |
|
|
|
|
|
ExpertPOV
Scott Nelson, Vice President and Research Director, Gartner Research
David Holtzman spoke with Gartner analyst, Scott Nelson to discuss some of the specific privacy and ethical considerations for corporate CRM systems.
In a recent report, you noted that privacy would become a major concern to CRM processes in 2002. Tell us a little bit about the nature of the problem.
In many organizations, there's a trend to try to even pull information and consolidate it at a higher level—say within a holding company—for related companies. So you end up with a customer who feels like their relationship is within one entity [within that holding company], not realizing that their information is being shared more broadly within the family. As these systems start to communicate with each other, there's real difficulty sometimes with respecting the visions that the customer expects there to be between these particular companies, while the parent organization is trying to get the maximum economic benefit of cross-selling across multiple lines of business.
One of the things you're talking about is a gap between the expectation of a customer and the reality of the operations, as driven by the nature of the systems integrating infrastructures.
Correct. And the funny thing from the customer's point of view is that they're expectations can be inconsistent—because on the one hand they want a company to consolidate information so that every time you come in contact with them, you can use the information you gathered before to build upon, rather than having the customer give all that information again. Yet, on the flipside, they don't want you sharing information about themselves internally. So it becomes a double standard that's nearly impossible for firms to monitor.
Do you believe that the customers are starting to feel that CRM systems are almost a false front on marketing database systems collections?
I don't think that's the popular perception yet, although certainly there are some who believe that. Some people view that with the Web site, especially as sites start to ask more questions in the name of surveying and things of that sort, there is suspicion. If you require registration at your Web site, the odds are that the number one client you'll have will be Mickey Mouse, because the clients try to hide who they are, and that's the most popular name they like to use. So there clearly is a group out there who feel that way. We've seen it with loyalty cards at supermarkets—the desire to trade these cards to make sure you can't possibly track who they are because you're using someone else's card or applying under a false name.
One of the problems that firms have—I think—is that they start to view the entire customer base as being monolithic with regard to privacy. The reality is that you have a spectrum from people who are super secretive and don't want you to know the first thing about them, all the way to the other end, where they're very lasse faire and trust that you're not going to do anything with the information. There's a spectrum in between—a bell curve on how firms need to start thinking about this and start to identify what segment a customer probably fits into and then have different privacy strategies for those different segements.
Are you talking about automatically categorizing people psychographically?
Yeah, basically. And some things you can do through technology. If I detect that you're doing cookie blocking, for example, it's highly likely that you're more secretive than someone who does not. Other things are going to be more through watching behavior—customers specifically opting out, or things of that sort. Customers are different, and you should have different strategies.
Wouldn't customers start feeling sort of Big Brother-ish about that?
That's why I say that it all comes down to how you position this. The issue is how much information you really have on the customer on one axis, versus how much information the customer feels you have about them on the other axis. The key is to have a lot of information but not to make the customer feel like you have a lot of information, so that it seems very serendipitous—as opposed to waving it in front of them and saying 'see what we know about you, this is why we're doing what we're doing.' That's when customers become very uncomfortable. What we want is to have the customer say 'what a coincidence, this product is exactly what I was looking for.' As opposed to the 'we've looked in our database and know you're about to buy a new car' approach.
Are you advocating a centralized view of the customer?
I do believe in a centralized view of the customer. Part of the reason that's important is that you have to have a centralized place to administer privacy policies as well. If it's not centralized, you run the risk of individual departments being too lax or too aggressive on the privacy policies. The key becomes—again—how you use that information and having cohesive strategies that allow each of the individual touch points to use the information in a way that shows proper respect to the individuals involved.
I think a lot gets back to the client's expectation of who this entity is they're dealing with. An example in financial services is Citicorp. I may deal with Citicorp but may not be conscious of their broader umbrella. To me—as a customer using them—I view Citibank as very different than Travelers, and don't expect that information is going to be readily shared between them. However, if I'm dealing with Citibank as an entity, I expect that within Citibank, you do have a comprehensive view of my information and can use that effectively. I think the key to this gets back to starting from a customer and working your way back into a corporation of what's a logical grouping of information and how you present that to a client. Citicorp as an organization may want to do statistical analysis and marketing strategy at the entire holding company, but they have to be very careful at soliciting Citibank customers with Traveler's products if it becomes apparent that they're using that information that the customer doesn't necessarily feel that they're entitled to.
It sounds like you're suggesting that the guideline to executive level to decision making is that you follow the expectation path that consumers appear to have. How do you think that the brand of a company relates to this?
A lot pundits have said that in the Age of CRM the brand is dead. I argue the exact opposite—the brand becomes more important in the Age of CRM. CRM is your ability to deliver on the promise that you make when you create your brand. You create this brand and say 'if you do business with me, this is what will happen and this is the good experience that you'll encounter.' If you don't do CRM effectively, you drop the ball when the customer contacts you. So in that sense, privacy fits in very nicely. You make this promise to the customer about what your brand stands for. If you then turn around and don't respect your privacy in a way they're comfortable with, you undo all the branding that you've tried to create around that product. So I think it's very important that you view privacy as a continuation of your branding strategy. And especially in certain industries—like financial services—where privacy and the brand are really going to go hand in glove, because it's the fiduciary role that you serve in the products that you sell.
Do you have an opinion about opt-out, opt-in, and how to deal with privacy policies?
In some cases, legislation requires you to do opt-in. And so opt-out becomes the more preferred, because it gives you the biggest net. The issue a lot of firms are still grappling with is when you say 'opt-out,' how opt-out do you really mean? I was talking to Proctor and Gamble about this, and they said well if we let somebody opt-out, are we letting them opt out of a brand, or are we letting them opt out of all of P&G? So if I say that I don't want to be contacted about Tide, does that also mean that I don't want to be contacted about Pampers? And if indeed I don't want to be contacted about everything in P&G, that's a real pain to say that here's every product we've got and to go in and specifically opt out of these products. So I think that both opt-out and opt-in are effective strategies, but can't be applied in a blanket sense across the entire customer base. A lot depends on the industry you're in, the products you're talking about and the history you've got with your customers. I think the real key, though, is that they're two effective strategies that you should be aggressively utilizing as part of your broader part of your broader privacy strategies to show clients that you've got a strategy in this area and that you're giving them the opportunity to control the flow of information to their satisfaction.
You referenced some of the specific damages that inadequate privacy policies can have on a brand. Are there any other direct consequences that you've seen through mismanagement of privacy concerns in CRM?
There are financial penalties that you can suffer—especially under legislation—that many firms are ignorant of. Especially in the Age of the Internet, a lot of firms don't realize that they're being affected by privacy laws at a state level or at a national level that they never thought about before, because now they're doing business with them. And I don't want to downplay the financial concerns, but I think that the bigger risk is PR. I often half-joke with clients that if you don't do this right, you're going to end up on the front page of your local newspaper. And that's something that you don't want to have happen. Back to the brand concept, you betray the trust in the eyes of the consumer, and that's when you start to see a serious economic impact to your business. I think there are serious ramifications that need to be taken into account on this.
Are you warning people that you expect to see more harsh legislation?
Yes, I've warned clients that if they don't self-police themselves in this area, people will step up and impose stricter legislations. We've seen this already in Germany, Canada and Australia—increasing legislation. And even in the U.S., email restrictions in states like Washington and California have started to clamp down. There are people out there who will force this issue if clients aren't going to step up to it.
Can you point to especially good or bad industries in this area?
In general, I would say that we've seen good practices in financial services. They're used to dealing with things in the fiduciary role and they realize how damaging it would be if the information got out. One industry that I think is actually kind of weak—and by that argument they should be good, but they're really not—is many of the health care providers. They have not been very good at protecting their information. They haven't really abused its use yet, but that's really through lack of sophistication in their CRM strategies than any kind of cohesive strategy put in place. I think retailers, in general, have also been kind of weak in their privacy work and have a ways to go to improve.
Are there specific data and policy recommendations that you would suggest?
Early in your CRM process, you need to be thinking privacy, and have the privacy concerns of the organization integrated into the project plan of the broader initiative to make sure that those sorts of things are addressed. You probably are going to make mistakes along the way, and so you want adapt and learn as you go, but if you don't include those two early on and couple them together, you are going to run the risk of making substantial mistakes that are very hard to recover from.
Do any of the vendors provide some sort of native support for making the process easier?
Not that much. We're seeing some emphasis on process start to emerge. Oracle is starting to emphasize what they call 'Business Flows,' and they have some privacy related aspects in their solution. Some of the other ERP vendors who have financial packages as an extension of their CRM are starting to look at this as well, but for the most part, it hasn't been well addressed.
Who needs to own this in the enterprise?
Ideally, there should be a chief customer officer who's a senior-level individual, probably reporting to a CEO that has responsibility for this area. A lot of firms don't have that kind of position. A number of firms I talk to say they view their CEO as their chief customer officer. If that's the case, they should have a significantly powerful privacy officer that reports directly to them and has some ability to make impact in these areas.
Do you think that this is such a problem that people should be dealing with this now, or is it a wait-and-see kind of thing?
I think it's better to deal with it earlier rather than later, and I'm recommending to firms that they address it now.
As a consumer, how does it make you feel to know how extensively your information is being sliced and diced? And how has that changed your buying habits or the way you interact with companies?
Not particularly. I guess part of it is I'm also cynical because I know how poor most firms are working with the information, so it doesn't overly concern me what they might do with it. Also, I probably have better knowledge than most about what I could do in order to deal with companies that misuse it. I'm not an overly concerned individual on privacy unless my trust has been violated. I don't tend to change my behavior. If anything, I maybe gravitate a little bit to firms that I feel use information effectively, but it doesn't keep me up at night.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
