Chapell & Associates

Tuesday, January 31, 2006

Will Convenience Beat Privacy?

BBC News - January 26, 2006
Remember the last time you shopped in your local supermarket? Did the freckly 18-year-old at the till demand that you tell him your birthday, where you live, your e-mail address, and whether you are interested in music or sport? And would you have walked out had he done so? But here we are, happily giving out this and much more information when we shop online, sign up for a newspaper's website or subscribe to an e-mail service. So should we be bothered? "Not necessarily" was the answer of most participants at a World Economic Forum session called "Privacy - it was nice while we had it". Because giving up your privacy can be great.

The Chapell View
Reporting from the Davos World Economic Forum, BBC's Business Editor, Tim Weber, has written an interesting take on what world business leaders think of the issues we in the online marketing biz talk about daily - what information is being collected from consumers, how it's being used, and the value in this use. In the (provocatively titled) session he discusses, the answers to these questions seem to be: lots of information is being collected, not enough is being done with it, and consumers really do benefit from the collection of their data.

Weber notes a number of ways private information is collected by businesses, but also agrees with the panelists that "it is actually surprising how little of the collected data is actually used." Moreover, he argues that "Ultimately, privacy may not be the issue. Rather, the point is whether all this data of ours is held securely - or can be stolen or used in a way you don't want."

I think Weber is right to point out the enormous amount of data collected by global businesses - and the importance of keeping it secure. Focusing on data security, though, doesn't alleviate all of the privacy concerns out there. If organizations are collecting personal data from consumers and then doing nothing with it, one important question is: why?

Providing information to companies can be a boon for customers, but only if they gain something in return - otherwise there's no actual exchange. The promise of "1to1 marketing" - in which consumers receive personalized and valuable advertising - pretty much falls apart without some focus on how data is used to a consumer's benefit.

Businesses that collection sensitive information aren't necessarily asking consumers to cede their privacy - as long as there's an up-front reason for the collection that benefits the consumer. So giving up personal information can be great, and consumers often do see real and tangible benefits in doing so. I'm less convinced that "giving up your privacy can be great," but maybe this is just a little broad for me...
posted by Isaac on Tuesday, January 31, 2006 | |

Wednesday, January 25, 2006

Consumers Still Aren't Careful Enough With Their Personal Information

DM News - January 23, 2006 A Chapell Article
Aren't consumers being more vigilant about their online privacy? There have been a number of recent reports detailing how consumers are spending less online, using fewer Web sites and being more aware of pernicious technologies, all signs of increased caution...But even if consumers are being more careful, we're still hearing about data breaches. Why is this? Well, many of the recent breaches occur through no fault of consumers.(more).

posted by Isaac on Wednesday, January 25, 2006 | |

Friday, January 20, 2006

Disclosure Doesn't Hamper Word of Mouth Marketing

Ad Age - January 19, 2006
As the Word of Mouth Marketing Association kicks off its conference today in Orlando, Fla., one hot topic is sure to be the issue of disclosure: Should the ordinary Joes enlisted to spread buzz about products and services tell others that they're part of a marketing program? The answer is a resounding yes, according to new research, from Northeastern University assistant professor Walter Carl, that culled data from more than 800 word-of-mouth agents and the people to whom they talked up brands.

The Chapell View
Disclosure has been a consistent question for Word of Mouth Marketing (WOM) - it was even suggested late last year that a lack of disclosure could make the whole enterprise somewhat illegal (which the Chapell Blog covered then). And there did seem to be serious concerns about consumers being retained by marketing agencies to drum up one product or another - and specifically, if consumers who were acting as "Word of Mouth Agents" were telling other consumers about their relationship with an advertiser (that is, when recommending a product).

On the other hand, the Word of Mouth Marketing Association (WOMMA) has, since its inception, emphasized the need for disclosure. And this recent report from Northeastern might appear to support WOMMA's position. According to the study, consumers will actually view product suggestions that come from someone associated with a company as positively as those that don't. Thus, disclosure wouldn't necessarily undermine WOM marketing efforts.

I must to say I'm surprised by the report's findings. Intuitively, we like to think of recommendations as just someone liking a product and then telling others about it - "here, try this brand of coffee, I really like it," not "here, try this brand of coffee, the company that makes it tells me it's really good." To be totally honest: I can't see why consumers, having been told that someone has a commercial relationship with an advertiser, wouldn't be more skeptical of that person's recommendation. But if it turns out Professor Carl's findings are accurate, then all the better for WOM - the least troubling approach would seem to be the most effective.

It's worth repeating our warning from October, however. Often what consumers object to in marketing is overexposure as much as a lack of disclosure (too many ads can be just as bad as not knowing why or how these ads are being delivered). There's a lot of attention being paid to WOM right now, and we should hope that part of this attention focuses on avoiding consumer inundation. As with any advertising platform, consumers might start to shy away from advertiser developed "recommendations" if they become just a little too prevalent.span>
posted by Isaac on Friday, January 20, 2006 | |

Wednesday, January 18, 2006

Marketers Interested in Small Screen

NY Times - January 16, 2006
Forget the 30-second spot on a 50-inch high-definition TV. How about a three-second message on the tiniest of screens? Television-style advertising is coming to a mobile phone near you...Marketers said they were particularly excited about the prospect of eventually using cellphones, many of which are equipped with global positioning systems, to send ads to consumers based on their location. With that information, marketers could, in theory, send pitches from retailers to cellphone users who might be in the vicinity of a store.

The Chapell View
In online advertising, we often pitch the idea that relevant advertising is a valuable exchange for the consumer - in exchange for a little information, marketers can provide information and offers that consumers will like or are even personalized.

In a broad sense, perhaps, Mobile Marketing is the hyperactive version of this trade-off. On the one hand, getting advertisements for businesses near a cell phone user is actually quite valuable. If someone is using a mobile browser to find a pan-Asian restaurant and receives an ad for one in their neighborhood - then the advertisement serves to provide them with exactly what they were looking for. On the other hand, consumers might not be too happy to know that an advertiser "knows" where they are standing at a given moment - and that it happens to be three blocks from a hardware store that is having a sale.

So I want to applaud the incipient mobile marketing industry - and the Mobile Marketing Association - for focusing on opt-in for ad serving. If consumers click on a banner ad, or send a text message as part of a promotion they are far less likely to object to the resulting advertising - either on the grounds that it's overwhelming, or too intrusive. Once the consumer has informed an advertiser that s/he wants more information or is interested in a service, there's no mysticism when an ad shows up. Think about it: I put out the information that I want a place to eat and get an ad for a restaurant. This makes sense. I don't take any action and get information on a store I'm standing in front of - that's a little scary.

New technologies can sometimes lead marketers to push just a little too far (there's a reason why consumers don't like pop-ups). It's important that mobile marketing avoid this scenario, and focusing on opt-in is a good place to start. However, it's not entirely clear to me that opt-in practices are universally adopted. After all, if cell phones companies are starting the sell phone numbers (and I've gotten at least a few telemarketing calls on mine) there are those who are going to see these numbers as a place to send ads. And "opt-in" can be sometimes a little broadly defined. If someone votes for American Idol, does this count as an opt-in for future advertising? Things could still end up going either direction...
posted by Isaac on Wednesday, January 18, 2006 | |

Friday, January 13, 2006

Apple's iTunes Raises Privacy Concerns

CNET - January 12, 2006
A new version of Apple Computer's popular iTunes software, released Tuesday, is drawing barbs from privacy advocates for sending information about computer users' playlists back to Apple. The new music software includes a "MiniStore" window, which provides recommended links to Apple's music download service when a listener actively clicks on a song in their personal playlist, including songs that haven't been purchased from the iTunes store. To provide those recommendations, the software sends information about the selected song, such as artist, title and genre, back to Apple. But the software also transmits a string of data that is linked to a computer user's unique iTunes account ID, computer experts have found.

The Chapell View
Creating "recommendations" isn't that unusual - in fact, a lot of online advertising is built around the idea of making ads relevant enough to be considered something akin to this. With the new version of iTunes, it's not the MiniStore itself that's being objected to; Apple's error, according to Kirk McElhearn, for example (who was quoted by CNET and has documented iTunes' practice), was to collect an account ID number along with song and artist information.

The worry is that this ID number, linked to a users' iTunes music store account, could be used to combine personally identifiable information (email address, credit card number) stored by the store with the non-personally identifiable data from the iTunes software (songs listened to, et cetera). There's generally an objection when PII might be combined with non-PII, and it's not entirely clear why Apple would need to link listening habits to a particular iTunes user or purchasing history. We might think the complaints to have some ground, if only because data is being collected without any necessary application.

That being said, I was thinking about this for a moment, and started to wonder: doesn't Amazon do exactly the same thing? When I log into, I get a list of "recommendations" based on the books I've bought and the books I'm currently viewing. Now, Amazon also knows my email address, credit card number and purchasing history. Assuming that there's no possible connection between the two, the complaint against iTunes doesn't apply. But to get these recommendations, I have to log into Amazon - meaning that the website now knows me as a particular user (i.e., probably gives me a specific account number). In fact, my purchase history from my user account is used, in part, to provide me with recommendations. This seems pretty close to the objections leveled against iTunes.

The real difference between the two seems to be that when I visit Amazon, it's very clear that my purchase history is relevant to the suggestions I see. On iTunes, this isn't explained, and there's no particular reason to believe that it would be necessary. Just as importantly, neither the new version of iTunes or the Apple website provides a full disclosure or explanation of the transferred information.

We've been working for some time to ensure that consumers fully understand the "essence of the bargain" prior to downloading software. Certain software functions are important enough to this bargain that they need be prominently displayed to consumers - and I would argue that what Apple is doing falls somewhere in that category.
posted by Isaac on Friday, January 13, 2006 | |

Wednesday, January 11, 2006

Fed to Banks: Put Security Policies in Writing

CNET - January 10, 2006
Even if federal law doesn't explicitly say so, all companies that handle personal information for their customers should have written security policies, a computer security attorney said Tuesday. Last month, the Federal Reserve Board, which governs the U.S. banking industry, issued a new guide stating that all banks and other financial institutions must take certain steps to safeguard the personal data they handle.

The Chapell View
By issuing new guidelines for financial institutions, the Federal Reserve hasn't actually made any new rules, just cleared up ambiguity over a 1999 act that determined data governance for these institutions. Even so, much of what a business under these guidelines is required to do is dependent upon the company, sector and a host of other factors. The only well defined new requirement appears to be that financial institutions have some process in place for data governance, and that they put this in writing - i.e., have a formalized privacy policy.

Although only one part of providing privacy protections, a written privacy policy is an important one. And often, it seems, an overlooked one. Chapell & Associates conducted a survey in December 2005 with the Cutter Benchmark Review where far fewer organizations than we expected reported having put a formalized privacy policy in place (look for specific survey results later this year). Moreover, although a new study by the Customer Respect Group found that a majority of companies had a posted privacy policy, not all of these were transparent or at all clear about the businesse' privacy practices.

Putting clear and accurate privacy policies in place is a good place to start for most organizations looking to improve their privacy practices. It can alleviate consumer worry and boost consumer engagement while also providing an incentive for businesses to improve their actual policies - since they are, after all, open to the public. Of course, the Federal Reserve's guidelines only apply to financial institutions. But if efforts to pass privacy legislation heat up in 2006 – as they look like they might - it's not a bad place to begin.
posted by Isaac on Wednesday, January 11, 2006 | |

Thursday, January 05, 2006

Poll: 60% Fear Data Exposure, 57% Say Info 'Overprotected'

Yomiuri Shimbun - December 27, 2005
Nearly 60 percent of people fear that overprotection of personal information may make [Japanese] society inconvenient and difficult to live in, while 61 percent of people are concerned their personal information could be exposed or misused, according to a recent Yomiuri Shimbun poll. Since the Personal Information Protection Law came into effect in April, a number of local governments, schools, police departments and other institutions have withheld or were reluctant to provide personal information, citing protection of privacy as the reason. The survey found such a practice invites public distrust and that people are concerned about increasing anonymity within society.

The Chapell View
Given that the US has yet to pass national privacy legislation, it's hard to compare this to what's occurred so far here. On the other hand, twenty-two states have now passed data breach of privacy legislation, much of it similar to the 2003 California law which has required a number of companies to disclose their data breaches. Some of these laws are stricter than CA's, which has given proponents of privacy legislation some odd allies - data brokers and others who would want a national law to trump state requirements.

At any rate, I don't think anyone would expect privacy legislation to go too far, as a majority of respondents seemed to think about Japan's privacy legislation. But it does, at least on from what I can tell, seem as though the Japanese law has been restrictive, with the Shimbun reporting that a number of government institutions have experienced problems since the law's passage in April 2005. Maybe this makes sense: the law restricts when and how personal information can be shared. Taken too far, this could restrict the information from the hands of those who might need it - those helping, for example, "elderly residents who live on their own and are in need of help at the time of a disaster."

The discussion over national privacy legislation may soon heat up, with MSFT and the CDT joining together to lobby for its consideration. As this debate grows - over whether or not it should be limited to informing consumers about data breaches, what restrictions there should be, if it should take the CA law as a model - perhaps we ought to consider Japan's example. After all, some Health Care providers have run into difficulty accommodating the restrictions of the 1996 Health Insurance Portability and Accountability Act (HIPAA). And while I don't think any national privacy legislation will probably go too far, it's worth remembering that collected personal information can be very useful to citizens and consumers. The idea is to keep it secure and used in the proper way – not stop it from being used at all.
posted by Isaac on Thursday, January 05, 2006 | |

© 2005 by Alan Chapell & Associates LLC