Just a thought that hit me today as I read the Twitter Trends related to the Epsilon breach. I was a bit surprised that many of the end-users who have received an alert email/letter from those brands affected by the breach say that they did NOT know their data was hosted elsewhere other than who they trusted it with. Many asked who Epsilon was and why they had their data.
Why is that? I asked myself. Well, as the thought sat with me most of the day it began to occur to me that the average end-user thinks that Best Buy (who was affected by the breach) only holds their email address in their data center and sends them those nifty little iPad 2 announcement emails when it is time to. Many don’t understand that service providers or third parties are usually the primary way for companies to support their technology and communication needs.
So what does that tell me – or you, for that matter? Well, ask yourself the subject line question…Are you being a hyper-transparant brand? Are you being as open as you can to your customers about what you’re doing with their data? Do you tell them that your brand might be using a third party service, as us privacy experts define it, to process their data? Probably not.
I discussed this idea of hyper-tranparency in my What marketers might expect in 2010 piece, explaining that as the amount of data the consumer provides increases, so would the number of choices the marketer must allow for said consumer. The consumer would be provided with more information about what will be done with the personal details they are disclosing as the sensitivity of the information rises. This means the more data that you need to perform your job of catering your marketing plan to them, the more you will have to tell them about how you are going to safeguard and effectively use their information. You will need to be “hyper transparent” when you’re collecting, transferring, and processing Personally Identifiable Information (PII).
So what does this mean for you, the brand?
- When your needs as a brand changes, you need to notify the user that at the time of their acceptance of your policy you had said X would happen with their data and that now Y will take place.
- When you tell them that Y will now take place, you should give them the opportunity to opt-out of that change and either stay with X or leave altogether.
When you look at Eloqua’s privacy processes we are transparent that we use services like AddThis to help us spread our content across the web by making it easy for visitors to bookmark and share content to their favorite social destinations, or Jive Software to serve the Eloqua Community. We want to ensure that customers and visitors who entrust us with their data know that we will be working with third parties, and to give them the right to choose where their data goes.
Don’t be afraid to be public with your customers about what will happen with their data when they entrust it with you. I know not all your customers will read these policies, or even the simple bullet points at the point of collection, but making the attempt can save you in the long run if someone points out correctly that they either were lied to about their data and how it was processed or that your brand didn’t take the right precautions in protecting their rights.
Don’t Just Send, Deliver!
P.S. Hats off to Epsilon for attacking the issue head-on and notifying the public vs. hiding it.