If you are like a lot of people, you snickered when you read about the hijacking of Paris Hilton’s Sidekick in 2005. But as the former chairman of the Joint Chiefs of Staff, Gen. John Shalikashvili, learned when he, too, was the victim of identity theft, this type of data abuse is serious. And it might very well lead to a serious loss of trust between you and your customers.
Recent publicity around data theft has finally moved the issue of data privacy and protection from the server room and the legal beagles to the boardroom. What consumers are learning from Betsy Broder, identity theft expert with the Federal Trade Commission, (who’s everywhere in the media, from The Washington Post to CNN) is that one’s data is only as safe as an institution’s safeguards.
|What you can do
With bottom-line factors looming, what can your company do to incorporate privacy and protection into your business and customer strategy? First, understand the connection between privacy and customer retention. Next, look to the role of a company’s privacy officer. Is your officer connecting privacy and the brand? Typically, this begins by implementing a variation of the golden rule: Think about how you would want to be treated if you were the customer.
In Shalikashvili’s case, thieves used his identity to open 273 new credit cards and ran up $2 million in charges, according to Lynn Brenner in the Parade magazine article, How To Guard Your Identity, July 31, 2005. The danger for your customers is growing exponentially. Cybercrime, according to Valerie McNiven, U.S. Treasury adviser (Who’s Stealing Your Identity? High Tech Crime Is Getting Worse—Here’s How to Fight Back by Brian Krebs, Popular Mechanics, February 2006), is now more profitable than illegal drug trafficking. Phishing—sending an email purporting to be from a legitimate company in an attempt to glean private information from victims—affected 2.4 million Americans and cost consumers, banks and merchants $929 million, according to Krebs. And now there are even web sites that cater to identity theft criminals (Cybercrime Crackdown: The Secret Service Fights Phishing and Online Fraud by Ephraim Schwartz, InfoWorld, March 7, 2005).
With all this in mind, consider what might happen if your customers’ trust in online banking, web sites and contact center purchasing declined dramatically. Those revenue sources could dry up in an instant. Worse yet, research by CoreBrand shows that a negative incident has a direct affect on brand equity and shareholder value (Privacy Means Good Business for Eastman Kodak, Microsoft, Best Buy, by Elizabeth Clampett, Inside 1to1, March 28 2005). In fact, upward of 10 percent of shareholder value can be tied to brand. These are the kinds of financial concerns that are propelling identity theft from a compliance issue to the bottom line.
As companies strategize how to use customer data, thieves are creating new ways to steal it. One of the prevailing myths about identity theft is that it is easy for a customer to clear his or her name just by denying the charge. A report by California Public Interest Research Group and Privacy Rights Clearinghouse shows that it takes 42 to 480 days and $800 to $40,000 for a person to prove he or she was not guilty of the fraud (Privacy Rights Clearinghouse, Nowhere to Turn: Victims Speak Out on Identity Theft, by Janine Benner, May 2000). What’s worse? The person may face higher insurance rates and credit card fees or be rejected for loans, mortgages and jobs.
The HP story
One company that takes its brand, its customers and their data seriously is HP. For HP, compliance isn’t just one department’s job. Ninety-one percent of the company’s employees told HP in an internal survey that they felt personally responsible for protecting personal data, stepping up to the plate to answer, "What do I need to do to deliver on this business strategy?"
In 2004, HP created an enterprise-wide initiative called "Design for Privacy." Because the differentiating features of its products—such as digital cameras and printers that automatically order ink—required the use of personal identifiable information (PII), HP executives wanted to give customers control over their level of data sharing and had product engineers incorporate privacy into product and software designs.
The success of the HP initiative required the support of many division privacy managers as well as from HR, CRM and the marketing and legal departments. HP’s B2B and B2C privacy managers stated, "The process starts with acknowledging we don’t own customer data; we are just stewards"(HP’s Winning Strategy: Design for Privacy, by Don Peppers and Martha Rogers, Inside 1to1, Feb 10, 2005). Even HP contact center agents receive training on privacy, teaching them to record the customer’s privacy preferences.
The goal is to have fewer support calls and an increase in customer satisfaction, which then can translate into revenue as the company retains more of its customers and turns more customers into HP evangelists. Design for Privacy is a long-term, enterprise-wide strategic initiative with lots of phases. HP will leverage the process from the product divisions into marketing to ensure that new campaigns consider customers’ privacy needs and provide an appropriate level of choice and personalization to build loyalty.
Marketing is a good example of how a department lives on a double-edged sword with respect to data. On one hand, it needs data to segment and target the company’s market. On the other hand, campaigns need to provide an appropriate level of choice and personalization. Marketers often fear customers will opt out if given the choice. Eighty-nine percent of the 1,041 U.S. consumers surveyed in a 2004 study on privacy by the Ponemon Institute (commissioned by Electronic Data Systems and the International Association of Privacy) said that if they trusted a merchant, they would share their personal interests to increase the quality of products and services (Consumers Choose Convenience Over Privacy, by Mike Spinney, Inside 1to1, Dec. 8, 2004).
Customers stop sharing only when they don’t feel a company is protecting them. With the need to gain customer confidence and the rise in media coverage of identity theft, your marketing department can turn customer protection into a competitive differentiator by creating marketing messages that highlight your company’s privacy and protection policies.
In the Data Age, companies are realizing that respecting privacy while using personal data to benefit the customer can be a difficult balancing act. But if customers are your company’s main source of value creation, then maintaining their trust is imperative.