A practical approach to Internet privacy

At a recent database marketing conference, I had the chance to attend a session put on by Philip Anderson, assistant professor of business administration at Dartmouth College in the U.S. As both an educator and consultant, Dr. Anderson has spent a...

At a recent database marketing conference, I had the chance to attend a session put on by Philip Anderson, assistant professor of business administration at Dartmouth College in the U.S. As both an educator and consultant, Dr. Anderson has spent a considerable amount of time exploring how marketers should approach privacy on the Internet, particularly the proper use of ‘cookies.’ His five rules of Internet marketing offer a concise and practical approach to privacy that will benefit all e-marketers.

Rule 1: Ask permission to drop a cookie onto a surfer’s machine and make sure you encrypt it. The point of placing a cookie on the browser’s machine is to be able to identify them when they come back and, in some cases, to tailor their Web content. Placing a cookie on a browser’s hard drive without permission is common practice but that doesn’t make it right. Consumers are justifiably concerned about organizations that track their Web behaviour without their knowledge or consent. Moreover, by asking permission, you gain the opportunity to solicit a bit more information, such as name and address, which can make the cookie even more valuable. Of course, if the cookie contains richer information, it should be encrypted, otherwise other companies can read it and gain access to information to which they are not entitled.

Rule 2: Let users see their data. If you are going to ask customers for information that will help you serve them better, then give them the chance to review what you have on them. Under Canada’s new Privacy Act, this is more than a recommendation – it’s a requirement. Providing a simple way for customers to call up the data they’ve provided so that they can check it themselves will go a long way toward alleviating concerns about data accuracy.

Rule 3: Don’t over-infer. One objective of cookies is to build up a comprehensive picture of each browser’s interests and purchase patterns. But be cautious that you don’t abuse this information.

A common practice for Internet marketers is to utilize online analytical engines that make product recommendations for banner ads based on browser activity. The problem is that these tools are often blunt targeting instruments, at best. A common complaint can be heard from the non-parent who surfs the Net for a present for an infant niece or nephew and is subsequently inundated with banner ads covering everything from toys to diapers. The process is even more problematical when the cookie identifies the machine being used but not the actual browsers. In a family with multiple surfers that situation can generate some very strange ads indeed, all driven by the apparent profile of this rather unusual ‘individual.’

Rule 4: Allow opt-in for individual-level services. Dr. Anderson relates a number of complaints he has received from friends and colleagues about using past purchase data to drive individual-level promotional messages.

He mentions as one example a customer who received an e-mail from a flower shop reminding him that his wife’s birthday was coming up and asking if he wanted to send flowers again this year. While this type of activity has been touted in some circles as a great example of one-to-one marketing, the customer was incensed. He had not realized that his purchase data was being stored and used in this manner and demanded that he be removed from the retailer’s list. Instead of automatically enrolling the customer into what the retailer honestly believed was a valuable program, he should have sought the customer’s permission. Obviously, the customer thought this program was highly invasive, but may well have felt otherwise if it was properly explained to him at the time of his first purchase. While anecdotal, these stories reinforce the need to practice proper permission marketing.

Rule 5: Resell aggregate data only. Everyone is aware of the furor that erupted over both DoubleClick’s attempt to match Web-surfing behaviour to off-line customer data and the move by a defunct toy e-tailer to sell its customer file even though it had promised not to.

The simplest way to avoid this problem is never to sell individually identifiable information, broadly defined as any data that could be used to uncover the interests and purchase preferences of specific consumers by name and address.

But that doesn’t mean that aggregate data can’t be resold. Providing selected information to manufacturers, such as product bundles (i.e. what tends to be purchased together) or socio-demographic ranges (product X appeals more to consumers we know to be in the 20-35 year range but product Y appeals to an older audience), remains a legitimate use of information captured from Web activity.

These ‘rules’ reflect some basic Web-marketing common sense. And after the irrational exuberance and inflated claims made about Internet marketing last year, maybe a little common sense is exactly what’s called for.

Colin Tener is president of Tener Solutions Group, a customer relationship management consultancy based in Toronto. He can be reached at (416) 585-2900 or by e-mail at tenerc@tenersolutions.com.