March 27, 2000
Politics of Privacy
Online shoppers value their privacy but will give it up if it's good for them
Exactly how much do online shoppers value their privacy? From the storm of criticism and several lawsuits that recently hit the online advertising firm DoubleClick after it announced plans to merge information about Internet users' online activities with their off-line buying habits, one might conclude they care more than they do.
In fact, says marketing consultant Martha Rogers, Ph.D., most consumers will allow marketers to have and use quite a bit of information if and this is a significant marketers simply explain what they intend to do with it and offer benefits for cooperation.
"Companies that ask their customers for personal information must form an explicit bargain with them that their information will be used within the company only on a need-to-know basis," said Rogers, coauthor of the One-to-One Fieldbook, a guide to interacting with customers. "Companies that fail to protect their customers' information are asking for trouble."
Collecting information is a vital and legitimate business function. According to a 1999 Georgetown University study of 364 top Web sites, 93% gather information. What's important, said Rogers, is how they do it. Of the studied sites, 87% explained how they collect data and how they plan to use it; 77% offer consumers a choice on how their information would be used; 66% posted at least one privacy disclosure statement; 49% let customers contact the company; 46% securely store data; and 40% give consumers some access to their own data.
According to Rogers, every company that maintains a Web site or collects personal information about its customers should establish an explicit privacy protection policy that covers the following points:
1. Itemize the kind of information collected about individual customers.
2. Specify how personal information will be used. If your policy is to use this kind of information only within the company on a need-to-know basis, and not to make it accessible to unauthorized employees at any time, explain this policy explicitly.
3. Make whatever commitments you can make with respect to how individual customer information will never be used (such as personal information is never sold or rented to others, or never used to change prices or insurance premiums).
4. State the benefits an individual customer can expect as a result of the enterprise's use of his or her information (faster or preferential service, reduced costs).
5. List a customer's options for directing the enterprise not to use or disclose certain kinds of information.
6. State how a customer can change or update personal information you've collected. For example, can the consumer access his or her profile or account information online and modify it?
7. Identify events that might precipitate a notification to the customer by the enterprise. If, for example, a court subpoenas your customer records, will you notify any customers whose information was subpoenaed?
8. Name the corporate executive whom you've assigned as the "data steward," charged with overall responsibility for assuring the adherence to company information and privacy policies.
9. Specify the situations in which your company accepts or denies liability for damages incurred through the collection and use of customer data, such as through credit card fraud or misuse.
10. Provide specific procedures allowing a customer to order you to stop collecting data about him, or to purge his information files at the company.
For sample privacy policies, see:
- by Mark Dixon