Home / Let’s Get Personal: Personalization and Privacy

Let’s Get Personal: Personalization and Privacy

Personalization is as old as marketing itself. Give each customer what they want, how they want it, when they want it. New technologies, platforms, and devices give us the tools to reinvent this venerable approach. In part two of this five-part series, we consider how personalization impacts privacy. The entire blog series is available in the "Let's Get Personal" ebook.

For many companies, personalization is an exciting prospect ... until they start worrying about privacy.

This is understandable. Just about everybody is worried about online privacy.

A recent survey conducted by Harris Interactive on behalf of TRUSTe, the privacy management provider, found that overall privacy concerns of U.S. online adults remain extremely high, with 89 percent worrying at least sometimes about their general online privacy.

The same survey revealed that 43 percent of online U.S. adults do not trust companies with their personal information, and 89 percent of consumers said that they avoided doing business with companies they do not believe protect their privacy online.

These numbers have not improved significantly over the last few years, primarily because new incidents of identity theft and security breaches keep refreshing people's apprehensions. However, years of vigorous debate and real-world experience have helped to define generally-accepted best practices for personalization and privacy. There's now plenty of room to implement sophisticated personalization strategies without violating the privacy of your customers.

Organizations like the Better Business Bureau, the Direct Marketing Association, and the International Association of Privacy Professionals have all worked to help companies define their privacy policies in ways that enable personalization without impinging on customer privacy. A "Privacy Policy" link is now standard in the footer of every site that represents a business.

The most up to date privacy policy is one that is built around five simple, central questions that you should answer for your customers:

What information are you collecting? Detail the types of personal information that you collect from customers, including: home address, e-mail, phone numbers and credit card numbers.

How are you collecting the information? Does your site install cookies on visitors' computers to track their activities? Most do. You should disclose that.

How are you using the information? Do you share customer information with third parties to process orders? If you sell customer information to marketers, explain what information is sold and how it could be used.

What control does the customer have over their personal information? Customers need a way to contact your business and control their personal data, whether it’s changing a password on their account or taking their name off of a mailing list. Plan to include a direct phone number or e-mail address that customers can use to manage their information.

How are you protecting the information? Explain how you protect customer data including, but not limited to: website encryption, limiting employee access to sensitive customer data, and server security.

Looking for a model? The next time you are visiting a favorite site that you respect, take a detour and click on the link to its "Privacy Policy." You may be pleasantly surprised to find documents that are straightforward, detailed, and relatively free of legalese.

For example, when I was researching this blog post, I clicked on the Privacy Policy link on the Internet information site GigaOm. It was so detailed, and frank, that I found myself reading it as if it was just another article.

Already have a privacy policy? If you ramp up your personalization efforts, it's important to keep it up to date. The U.S. Federal Trade Commission may take action if it believes that you are collecting and using data beyond what your privacy policy states.

It's also wise to seek legal guidance, and schedule regular reviews of your policy -- say once a year. This will keep your policy in sync with any new personalization initiatives, and it will also help you deal with the nuances of changing law.

Example: a lawyer can help you make appropriate updates to comply with the European Union Data Protection Directive.

So a privacy policy is a must-have. But it's not enough. A company’s privacy policy is only as strong as the staff that implements it. Be sure to train all employees — including your IT professionals, sales representatives, human resources specialists, and support staff — on how to protect sensitive data.

Also even if you are well within the law, and your stated privacy policy, it's important to stay keenly aware of how customers perceive your personalization efforts. As we'll see in my next post, powerful personalization techniques now require testing for "creepiness."

Next: Avoiding Creepy

Related reading: Are You Ready for Big Data?, examining Big Data’s role in creating the next-generation digital experience

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Filtered HTML

  • Use [acphone_sales], [acphone_sales_text], [acphone_support], [acphone_international], [acphone_devcloud], [acphone_extra1] and [acphone_extra2] as placeholders for Acquia phone numbers. Add class "acquia-phones-link" to wrapper element to make number a link.
  • To post pieces of code, surround them with <code>...</code> tags. For PHP code, you can use <?php ... ?>, which will also colour it based on syntax.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <h4> <h5> <h2> <img>
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.