This month's column was contributed by Kim Martin, senior consultant.

Usually, customer relationship management (CRM) equals big money ­ large investments in sophisticated computer systems, consultant fees, analysis and training. However, one of the most important and effective investments does not have to carry a hefty price tag. That investment is the time, effort and commitment to protecting your customers' privacy. While not requiring a significant financial investment, protecting privacy can produce a very high return on investment.

Concerns about privacy are rampant among consumers today. The advent of easy and fast data collection on the Internet has heightened awareness of personal privacy online and offline. In a recent Forrester survey of online consumers, over 65 percent were very or extremely concerned about maintaining their privacy after giving information over the Internet. If privacy concerns are not addressed completely and openly, trust in your company can be diminished or even eradicated.

Your customers are your greatest assets and should be carefully guarded. Protecting the privacy of customers' information is a key component to guarding those assets from the competition. It also builds trust, thus creating a favorable atmosphere for dialog with your customers (see our January 2001 column). Until you have gained the trust of your customers, you cannot capitalize on all the marketing programs that sophisticated CRM systems can provide. This means taking the high road with privacy ­ customers' information is not sold or given away. While selling customer data may be a current revenue stream, protecting this information can increase customer trust, thereby increasing lifetime value of those customers and your profitability in the long run.

You already have a privacy statement, but that isn't enough. Protecting your customers' privacy goes beyond a mere privacy statement. Here's a step-by-step plan for making the best investment in CRM:

  1. Develop privacy procedures and policies. These are the backbone of protecting customers' privacy. These are not written statements you post on a Web site or put in a company newsletter. Specifically, you need to determine how you protect customers' privacy in the transmission, storage and use of information. This includes evaluating:
    • Who is in charge of privacy and how much authority they have.
    • Technical and operational security measures currently in place.
    • Notice to customers of what information is being collected and how it is being used.
    • Best practices of opt-in.
    • Appropriate uses of the information.
    • Information transfer to third parties. (What is the purpose? Do the contracts include privacy conditions?)
    • Employee education and training regarding company privacy procedures.
    • Methods of communicating the privacy policy to customers.
    • Dispute resolution procedures if the privacy policy is violated.
  2. Implement the procedures and policies developed in Step 1 by setting formal privacy standards, developing any necessary technical solutions, conducting security and privacy audits and, most importantly, educating employees. It is at this point that you write the privacy statement based upon your privacy procedures and policies. The statement should not be written until there is consensus on the underlying standards. The privacy statement will be the public manifestation of your internal procedures and policies.

    Some new technology may need to be employed to adhere to your privacy policy. For example, you may need to improve database security software or upgrade encryption technology.

    Security and privacy audits involve reviewing each step of the information flow to make sure the information is being protected at each point from data collection through data usage. This can be performed internally or by specialized privacy audit firms.

    It is critical that each employee be aware of how the company's privacy policies protect your customers and how his or her specific job is affected. Protecting customers' privacy necessitates different behaviors from each area of the company.

  3. Communicate the privacy statement to your customers. To benefit from the investment you have made in Steps 1 and 2, customers need to understand and believe your privacy statement. This is an excellent opportunity to build trust with customers. There are many ways to communicate the privacy statement ­ Web site, e-mail, direct mail, sales calls and newsletters. The message should be simple, focus on the benefits to your customers and emphasize that you understand your customers' privacy concerns and value their business enough to take a stand.
  4. Continuously monitor your privacy policies and procedures. Perform periodic privacy and security audits to maintain system and employee integrity. For the investment in privacy to be realized, it must become part of the company's culture and standard operating procedures, rather than a short-term project that is forgotten as soon as the final report is issued.

Few of the steps above involve a substantial outlay of funds, but they do involve a substantial internal commitment. To maximize the overall investment your company has made in CRM, make the investment in a strong, fully implemented and well documented privacy policy.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access