The Impact of U.S. Privacy Laws on Enterprise Marketing
Many CMOs see social networks and mobile apps as the new grail of marketing, a golden ticket to fostering customer engagement. Whether or not this proves true, the rise of social-mobile means many companies are collecting massive amounts of information with the assistance of third-party software-as-a-service (SaaS) vendors.
These new engagement strategies and information storage models are creating important new challenges for enterprises, including those arising from the inappropriate use or disclosure of protected personally identifiable information.
In the United States companies must deal with several hundred state laws governing the capture of personal data, including social-mobile data, and an alphabet soup of federal regulations. But marketing programs using new technologies typically push the boundaries of these legal frameworks and challenge customer expectations around personal privacy.
In 2010, for example, The Wall Street Journal examined one hundred and one popular smartphone apps and found that more than half transmitted the phone’s unique identifier to third parties without user permission, and forty seven also sent the phone’s location. Five apps even sent gender, age, and other personal data. Similarly, Opperman v. Path Inc., a class law suit filed in May of 2012, asserts that apps from more than eighteen companies “surreptitiously harvest, upload, and illegally steal the owner’s address book data without the owner’s knowledge or consent.”
Data breaches are also raising the ire of citizens and regulators. Brands who engaged the email marketing firms Epsilon (Target, TiVo, Capital One, and others) and Silverpop (McDonald’s, Honda, Play.com, and others) faced PR nightmares when hackers broke into these third-party systems and exposed the personal information of millions of customers. According to a recent Ponemon Institute survey, the average loss in brand value from such data breaches, assuming an average starting value of $1.5 billion, ranged from $184 million to more than $330 million. This is between a 12% and 25% average loss.
As a result, we are now seeing significant increases in class actions related to privacy violations, an escalation in scrutiny by government agencies, and increased public and political attention on data privacy and security issues. Fortunately, there are some key strategies to consider in any marketing program that involves the collection or storage of personally identifiable information. Here are seven.
1. Develop a clear plan about the information you are collecting, how you plan to collect it, and store it, with whom you plan to share it, the type of consent you have to use it, and how long you will keep it.
2. Communicate clearly with customers through license and use agreements how you will use the data you collect. Ensure these agreements conform to current regulations, are updated regularly, and are appropriate for the types of devices users will use to interface with the program. For example, on mobile devices, agreements should be short and easily readable, while for standard web browsers they can be more detailed.
3. Remember your brand. Are you a security company? Do you claim to put customers first? If your full social-mobile strategy and activities were made public, would your company be embarrassed?
4. Communicate clearly with legal and IT on business goals and current and planned social-mobile customer engagement activities. When legal and IT express concerns, work together to resolve the issues. Keep in mind that legal is not just a speed bump slowing down marketing. It is an important ally in trying to avert liabilities that could damage your brand.
6. Recognize that to minimize the risks associated with costly compliance failure and e-discovery sanctions, you must support legal’s records and retention program.
7. Become an information technology junkie. Understand the sources and structure of the information you collect. How is it sourced and aggregated? Who has access to it at each point throughout the retention life cycle? Will it be used for multiple purposes? Will it be sold, bartered, or shared with third parties? How and when will it be disposed? This last point was driven home recently when several online movie rental and cable TV providers were sued under federal law that mandates such service providers retain records of which movies their customers watched or rented for no longer than needed to provide services. The simple act of storing this information — often collected via mobile apps — after subscribers terminated their accounts opened each company to millions of dollars in legal liability.
Social-mobile media may be the grail of marketing, but CMOs who want to protect their brands while creating new customer engagement programs must work closely with legal and IT to ensure proper storage, use, and destruction of customer data.