Claudia would like to thank John Geiger for his contribution to this month's column.

Think about how your mother would react to the following phone call from her bank: "Hello, we understand that one of your jumbo certificates of deposit will be maturing soon, and we would like to meet with you to discuss your options." Do you think she would be pleased to get this call?

The answer is that it depends on who is making the call. If her bank has already established a track record of discussing investment options with her in these situations and if her bank's investment advisor makes the call, she might be quite pleased to receive it. However, how would she feel if the call came from an independent investment advisor that she did not know? Receiving this call from anyone but her bank would cause her strong displeasure. If she suspects that the bank provided that information, the bank's relationship with her will be tainted at best and terminated at worst.

The distribution of confidential information to a third party without the express consent of the customer is a clear violation of the customer's trust in the organization. Trust is established over time through positive interactions with an organization. These interactions take place with the extended enterprise, which is at the center of the customer life cycle – the decision-making process that all consumers go through in making a purchase. Between the enterprise and the customer sits a key layer that is critical to ensuring that the customer stays in the your customer life cycle – trust. Trust embodies the customer's confidence in the enterprise's integrity.

According to Webster's Unabridged Third New International Dictionary, privacy is the "quality or state of being apart from the company or observation of others" and entails "freedom from unauthorized oversight or observation." The key word in the second part of the definition is "unauthorized." Privacy does not necessarily exclude oversight or observation, but it does require that such actions be properly authorized. Enterprises build loyalty when their customers trust them enough to give information that will enable the enterprise to provide personalized service.

Why is privacy such a big issue? Following are reasons why some individuals want to preserve their privacy:

People value their time. Most people do not appreciate receiving unwanted telemarketing calls, "junk" mail, "junk" faxes or unsolicited e-mail. These are forms of harassment and are an invasion of privacy.

People don't want to be incorrectly grouped. Demographic information is often combined with individually identifiable information to include – or exclude – people in specific groups, and decisions about how the people will be treated may be based on the group in which they are placed.

People want to avoid embarrassment. They may do some things in private that they would not do in public. For example, many hotels that provide their guests with the opportunity to purchase a movie indicate that the name of the movie does not appear on the bill. This provides an illusion of privacy, and people may feel that their movie selection is private.

People want to prevent unauthorized use of their credit cards. Credit card information is provided for e-commerce transactions, and people are often hesitant to provide the information without proper assurances. Amazingly, most people don't hesitate to give their credit card to a waiter who disappears from sight for a few minutes. Precautions against unauthorized credit card use should not be limited to e- commerce.

People want to feel physically secure. People often go to great lengths to hide their true worth. Public knowledge of a person's wealth combined with information about their children's school could place the children in danger.

Before e-commerce, the customer was in control of the information being provided. As a loan applicant, you can refuse to provide some of the information requested, recognizing that the absence of this information could jeopardize approval of your loan. To engender the trust needed to obtain information that enables the personalized service without the human touch, companies must provide an environment in which their customers are comfortable with the way that information about them is obtained, maintained, disseminated, used and secured. Any organization involved in electronic commerce needs to adopt, deploy and disclose a policy to protect the privacy of confidential information. Adopting a privacy policy demonstrates the enterprise's understanding of the importance of privacy and its commitment to protect that privacy as described by the policy.

Developing and deploying a privacy policy is no easy task. It requires involvement of employees throughout the company and entails a significant commitment of people and money. The required level of commitment may result in resistance. If this happens in your organization, you need to help the organization recognize the value of the privacy policy. One of the major objectives of a privacy policy is to enhance your customers' trust in you. This helps attract customers, and it also helps retain and expand their relationships.

The privacy policy requires consideration of many departments, all of which need to understand the customer's perspective. Each business unit with direct customer contact should participate in the development of your privacy policy. These business units typically include sales, marketing, customer service, fulfillment and any independent agents who sell or broker your products. Each has a unique perspective of their customers and the privacy requirements of these customers. These business units should identify the individually identifiable information that they will want to collect and use as well as the importance of this information to their daily operations. Collection and use of individually identifiable information may impact the complexity of the privacy policy. Note that your HR and legal departments must also participate in the creation of the privacy policy.

An effective privacy policy must be visible and clear. People completing a loan application at a car dealer should be able to obtain a copy of the company's privacy policy. Similarly, people logging onto a Web site should be able to immediately access the privacy policy. The policy itself must be written in a way that the average consumer can understand. It should delineate the actual policy in plain language and explain why certain approaches are being adopted. It should describe what information is collected, how it is collected, how it will be used, who is collecting the information, who is receiving the information, how the information is kept secure, how the accuracy of the information is assured, how the information can be corrected and how the customer can complain and seek resolution of perceived violations. It is important to note that these attributes of the privacy policy are not dependent on the sales or service channel. They apply to face-to-face, telephone and e-commerce equally.

Your privacy policy is designed to bolster a customer's trust in your company. Just because you gain that customer's trust does not mean that the customer trusts all of your partners. The next area that needs to be addressed by the privacy policy is "who." Relating this to the customer life cycle, the question to ask is what other members of the extended enterprise are involved in collecting and using the customer data? If others are involved, then we must convey the reasons that we share individually identifiable information with them; and we should provide the customer with a choice on participation.

Introducing a third party into the privacy equation brings with it some complications. From our perspective as the supplier, we need to be careful about the information we share because it may lessen our competitive advantage. From the customer's perspective, we need to ensure that the customer has the same level of trust in the extended enterprise as he has in our company. At a minimum, if the information being shared might be considered confidential by the customer, we need to provide the customer with confidence that the third party is also obligated to protect the customer's privacy.

The length of time that information may be retained is also of interest to some customers. Customers may be willing to provide information for use in a particular transaction, but may not be willing to have that information permanently stored. If information is only needed for a transaction, then alerting the customer to the retention policy may further the trust the customer has in your company.

Providing choice to the customer makes execution of the privacy policy substantially more complex; it also improves the customer's trust in your company and promotes recognition that your company is genuinely interested in protecting the right to privacy.

Ownership of the customer's data is another area of sensitivity. When a customer makes an online purchase, the customer willingly provides the seller with information. Further, the transaction itself consists of mutually provided information. Regulations do not grant the customer ownership or, more importantly, exclusive ownership of the transaction information. If the seller is interested in building a long- term relationship with the customer, however, the seller may wish to enable the customer to retain some level of control about how the information is used. For example, the seller may permit the customer to dictate whether or not the transaction can be made public.

Even if the customer trusts your company with private information, he may not be confident of your ability to guard that information. This aspect of the privacy policy goes beyond a company's use of the information. It demonstrates the company's willingness and ability to implement safeguards that prevent access to the private information by unauthorized parties – both inside and outside the company. There are three critical elements to be considered here – physical security, procedures and education, and data distribution.

CRM is built on trust. As we move customers through the customer life cycle, we use that trust to strengthen the relationship and the customer's loyalty.

Privacy protection is no more an option now than it was fifty years ago – it's a necessity. Companies need to recognize the electronic age has brought with it improved ways of meeting the customer needs and has expanded the exposure to information use abuse. Customers are very concerned about this. As a supplier, you have a responsibility to protect your customers. A key step in that protection is the establishment of a privacy policy that encompasses the key areas described in this column.

A policy encompassing these elements is a differentiating factor among some companies today. In the future, this may become an entry ticket – something companies must have to even be considered as viable contenders. To succeed in any marketplace, companies must demonstrate that they value the relationships with their customers, that they only collect individually identifiable information that is relevant to providing personalized service, that they have and follow a clear privacy policy, and that information is used in a manner consistent with the principles of permission marketing.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access