CUSTOMER PREFERENCES AND PRIVACY CONCERNS
Data privacy for big data is a serious business, and is causing regulators around the globe to set up a variety of policies and procedures. We have witnessed debates regarding the use of location data for monetization as well as other commercial and government uses. The US Federal Trade Commission settled a case with Facebook that now requires the company to conduct regular audits. Facebook, Inc. agreed to submit to government audits of its privacy practices every other year for the next two decades. The company also agreed to obtain explicit approval from users before changing the type of content it makes public.30 Similar processes have been put in place at MySpace and Google. Under certain opt-in conditions, the collection and storage of location information may be permissible. Also, some of the data can be made anonymous and used for statistical analysis. Two bills introduced in the US House of Representatives and the US Senate limit how the government and private companies can use information about customer location. Both bills await approval by the House. The bills are among multiple efforts in Washington, DC, to update digital-privacy laws, particularly as they relate to location. One bill, sponsored by Democratic Senators
Al Franken of Minnesota and Richard Blumenthal of Connecticut, requires companies such as Apple and Google, as well as the makers of applications that run on their devices, to obtain user consent before sharing information with outsiders about the location of a mobile device. The other bill, by Senator Ron Wyden (D., Oregon) and Representative Jason Chaffetz (R., Utah), requires law enforcement agencies to obtain a warrant in order to track an individual’s location through a mobile phone or a special tracking device. This follows an earlier bill introduced by Senate Judiciary Committee Chairman Patrick Leahy (D., Vermont) that imposed a similar requirement and also required law enforcement to obtain a search warrant in order to retrieve old emails stored on servers. The latest public relations uproar over the use of location data by the National Security Agency (NSA) has created a fair amount of public clamor.31 The laws concerning when the government can track someone’s location are murky. One key law dates from 1986, before the widespread use of cell phones or global positioning satellites.
This leads us to several interesting possibilities. Let us say that a data scientist uses the channel-surfing information from cable viewing to characterize a household as interested in sports cars (for example, through the number of hours logged watching NASCAR). The search engine then places a number of sports car advertisements on the web browser used by the desktop in that household and places a web cookie on the desktop to remind them of this segmentation. Next, a couple of car dealers pick up this “semi-public” web cookie from the web browser and manage to link this information to a home phone number. It would be catastrophic if these dealers were to start calling the home phone to offer car promotions. When I originally opted-in, what did I agree to opt-in to? And is my cable/satellite provider protecting me from the misuse of that data? As we move from free search engines to free emails to discounted phones to discounted installation services, all based on the monetization of data and advertising revenue, there is money for everyone if the data is properly protected against unauthorized use. Many technology providers are selling data obfuscation processes to protect customer privacy. Most of the time, marketers are interested in customer characteristics that can be provided without privately identifiable information (PII)—that is, uniquely identifiable information about the individual that can be used to identify, locate, and contact that individual. We can possibly destroy all PII, which may still provide useful information to a marketer about a group of individuals. Now, under “opt-in,” the PII can be released to a select few as long as it is protected from the rest. In the preceding example, by collecting $10, I may give permission to a web search engine to increase sports car advertisements to everyone in my Zip+4, while at the same time expecting protection from dealer calls, which require a household-level granularity. We can provide this level of obfuscation by destroying PII for house numbers and street names, while leaving Zip+4 information in the monetized data.
I have banking/investment accounts with five major financial institutions. One of these banks recently approached me about consolidating all my bank accounts with them. As we were going through the details, I was being asked to share a fair amount of private information. I wondered how much the bank already knew about me since I have dealt with them for over a decade and given them access to credit reports and mortgage applications. Also, a data scientist at the bank could correlate information authorized by me, information that is publicly available, and self-provided personal information. How is this full and complete view of my customer profile stored and accessed at the bank?
We have heard about data security breaches. Recently, the Wall Street Journal published an article about a Yahoo! security breach that exposed 453,000 unencrypted user names and passwords.35 Is all this data that the bank is collecting about me safe? Often, we assume a large global brand is safe; however, the recent data breaches include a long list of famous brand names.
The technology is continuing to evolve in their use of web tracking information. Since most of the information sharing on the Internet is stateless, “web cookies” grew as informal mechanisms to track a user of a website. Unfortunately, cookie data was not well protected, and a number of companies began to analyze cookies to look for private information. Cookies are also not as reliable source of data, as they are often deleted and are not used by the mobile platforms. Other ways of tracking customer data, such as fingerprinting the device are being developed.36
Data privacy is an important concern, and is often discussed in the context of consumer targeting. Even if I suppress PII, I may target an individual or a group of individuals with specific marketing messages that may be considered to be violation of privacy by the customer. How do we draw the line, and how do we still converse with customers? It is all about customer context and trust. As customers, we trust some relationships and are willing to open up. As long as the trust is maintained, information or marketing propositions can be freely exchanged. However, if the trust is broken, it creates irreparable damage not only for that relationship but also for many other relationships. It is like a marital relationship. A couple comes together with a “trust” that lets them relate to each other. If the trust is broken, it impacts not just the couple’s, but many other relationships. As marketers, we owe it to our brands as well as to the rest of the marketing community to build and maintain trust with customers, which allows the exchange of information and marketing offers.