InformationWeek
Defining The Business Value Of Technology
March 6, 2000
 Printer ready |
Companies rethink their privacy policies as public concern grows
By Rick Whiting
| Related links: |
|
|
| And from our sister publications: |
|
|
| TechEncyclopedia |
 Send Us Your Feedback |
he long-simmering issue of customer privacy has come to a boil, with several big-name Web companies already getting scalded. Many others are scrambling to protect themselves--even as they invest in new technologies to gather and analyze customer data to improve their online marketing techniques.Recent high-profile breaches of consumers' privacy have raised public concern about data gathering on the Web--and have led to lawsuits by consumers and investigations by government regulators. Some companies with online operations are rethinking their privacy policies because the issue is so potentially explosive. "The privacy issue has definitely been elevated," says Michael O'Dea, chief technology officer for BuyandHold.com Inc., an online brokerage firm in New York.
O'Dea warns fellow Internet business managers that data privacy "needs to figure prominently in your business planning." BuyandHold.com aggregates data on Web-site usage for design purposes, and it's considering collecting personal data for use in online marketing campaigns. But the company intends to do so only with customers who give their permission.
Such policies alone don't protect companies. The privacy statement on Intuit Inc.'s popular Quicken.com Web site says customers have the option of refusing the software cookies used to gather information and Intuit "will not willfully disclose" customer data without a customer's permission. However, Intuit acknowledged last week that information on some customers' income, assets, and debts was leaked to DoubleClick Inc., which serves ads to Web users. Intuit blamed the problem on a flaw in the mortgage-calculation and credit-assessment software on its site.
Tax specialist H&R Block has stringent privacy rules in place. A statement on its site says: "All financial information collected on our site will remain absolutely confidential and will never be disclosed to any nonaffiliated companies." But late last month, a botched software upgrade of the company's online tax-preparation system made a mockery of that policy by exposing some customers' financial data to other customers. Like Quicken.com's problem, this one was quickly corrected--but the damage to customer confidence had already been done.
Even as the controversy over privacy rages, Web operations are collecting unprecedented amounts of information about their customers. For example, Oracle says it's building a data warehouse for Amazon.com that will hold 3 terabytes of customer clickstream and sales data. That warehouse could grow 1,000-fold--to 3 petabytes--in the next few years, according to Oracle.
Tools for analyzing all this information and using it for targeted advertising are proliferating and becoming more sophisticated. Hyperion Solutions Corp. and Engage Technologies Inc. said last week they'll link Hyperion's E-business Analysis suite, which analyzes clickstream and online transactional data, with the Engage ProfileServer, for generating profiles of Web-site visitors. That will give Internet marketers the ability to understand online customer behavior and optimize one-to-one marketing campaigns with one platform.
Demand for such applications shows no sign of waning. Vendors such as BroadVision Inc., a leader in personalized marketing, are seeing sales double every year. That's because one-to-one marketing works. Targeted E-mail promotions using detailed customer data can generate a response rate as high as 35%, according to Zona Research analyst Jack Staff, compared with 5% or less with blind E-mails.
Businesses are wrestling with the question of where to draw the line when it comes to collecting and using customer information. "They tend to be walking a tightrope: What's the proper amount of information that can be used and how?" says Staff.
The answer to that question is critical. A recent Forrester Research survey of online consumers found that 67% were concerned about data privacy. The survey concluded that those fears resulted in $2.8 billion in lost sales for Internet retailers last year. "It's become a huge issue," says Forrester analyst Christopher Kelley.
Crossing the line--knowingly or unknowingly--has serious implications for companies. Amazon.com and DoubleClick have been hit with suits that allege misuse of personal data they've collected. The two companies and several other sites, including HealthCentral.com and iVillage.com, also face inquiries by the Federal Trade Commission about their use of customer data.
Faced with criticism from consumer groups, DoubleClick last week backed away from plans to match names with data about user activity across Web sites. Matching the data would have given DoubleClick an unparalleled profile of individual online users. DoubleClick's decision to scrap the plan is the most visible example to date of privacy concerns forcing a company to rethink its data-collection strategy.
Other companies are bolstering their privacy policies, asking customers for permission to collect and use data, and limiting the use of cookies. These precautions aren't just a matter of avoiding lawsuits and the prying eyes of regulators; startups vulnerable to lawsuits risk losing financial backing. Steve Markowitz, CEO of MyPoints.com Inc., a 3-year-old San Francisco company, says he was quizzed about his company's data privacy policies "in literally every meeting" with institutional investors recently. "For us, it was an opportunity to talk about the privacy issues we've been mindful of since we began."
MyPoints.com gives users points that can be redeemed for merchandise in exchange for voluntarily sharing personal information on the site. But Markowitz says his company sells the information it collects only in aggregate form, so there's no way to link specific information, such as income, to an individual.
A majority of Web sites collect data without asking. Some offer mechanisms to let their customers "opt out" of the collection process. But like BuyandHold.com, a growing number of companies are adopting more proactive "opt-in" policies, in which they collect data only from customers who give their permission in advance.
Some companies are also reevaluating their use of cookies, which can speed log-in procedures and benefit users in other ways. But Yahoo Inc. and its Broadcast.com subsidiary are the targets of a $50 billion lawsuit in Texas that charges Yahoo's use of cookies violates the state's anti-stalking law.
E-Loan.com avoids using cookies on its Web site. When the company recently discovered that the auto-loan area of its site, which was purchased from another company, used cookies, it stopped using them. E-Loan CEO Chris Larsen says cookies shouldn't be used unless they enhance a customer's experience. For example, E-Loan is preparing to use cookies with personalized accounts. The site will disclose what the cookies are used for--streamlining the log-in process--and customers will have to choose to receive them. "We've tried to balance consumers' desire for ease of use with their concerns about privacy," says VP of marketing Sharon Ruwart.
TowerRecords.com Inc. in Sacramento, Calif., conducts E-mail marketing campaigns based on its customers' shopping patterns. The company used to require customers to accept cookies so it could monitor site usage and tailor online sales offers. But it's backing away from that approach. "We've had a fair amount of people expressing their preference to shop without cookies," says Internet technology manager Kevin Ertell. "If they've got them turned off, we'll allow people to shop without them."
A major concern of Web users is that sites will sell information about them to a third party, such as a marketing-database vendor. But few dot-coms say this is a good idea. "We don't sell or rent our customer lists," says Bill Schlough, CIO for baseball's San Francisco Giants, which sells tickets through the Sfgiants.com and Tickets.com Web sites. "It's a very sensitive issue with our customers."
Stricter regulation may be on the way. Last month, the United States and the European Union signed a tentative data-privacy agreement that will require U.S. companies doing business online in Europe to notify customers when data is being collected, give them a choice to opt out of data-collection efforts, and provide customers with access to data about themselves. These privacy protection standards are tougher than most U.S. businesses use. Since many companies don't have the resources to maintain separate systems and policies, some may adopt the stricter European policies across the board, says Gartner Group analyst Arabella Hallawell.
The data privacy-related lawsuits raise the question of whether the federal government will enact laws and regulations governing the collection and use of online customer data in the U.S. Surprisingly, a number of executives say they would welcome it. "This is one area where self-regulation hasn't been successful," says E-Loan's Larsen. "The industry got lulled into a pretty comfortable position. But there was never a next step in terms of reliability and accountability."
With additional reporting by Beth Bacheldor, Elisabeth Goodridge, Matthew G. Nelson, and Diane Rezendes Khirallah
Back to This Week's Issue
Send Us Your Feedback
Top of the Page
