Part two: don't be a stalker - get permission to engage

Gaining trust and reducing risk is the first rule for collecting and using customer data. To achieve that, you must understand the cultural mores and regulations of data privacy and security in all the countries you deal with and operate in (see You have permission to talk to my wife). The risk of not doing so is growing.

The Nationwide was recently fined £1 million by the UK Financial Services Authority for keeping personal customer details on a laptop that was stolen. The damage to Nationwide’s reputation amongst customers is likely to be at least the same again. Littlewoods has been fined for a breach of permissions, and Orange for compromising data security following the revelation that call centre staff shared data access passwords. This is on top of the huge disquiet amongst consumers when the news came out that contact centre staff in India have been accessing their personal details.

In response to the lax attitude too many companies have to data privacy, the UK Information Commissioner is seeking ‘stop and search’ powers to swoop into organisations to impose data audits. Other upcoming changes in the UK, that already exist in the US, include telling customers when there has been a security breach in data, which will come into force in 2009 for ISPs and Telcos. Meanwhile, data-reliant companies such as Google are pushing for international laws on data privacy for online data, knowing that their businesses are at stake.

Other growing areas of concern for customers are:

• How long their data is retained – an issue the UK Information Commissioner is looking into. However, a sensible data strategy would be to automatically set rules on data retention and use that as an opportunity to refresh data with customers as part of ongoing engagement.
• The use of cookies on the web.
• The ever growing issue of identity theft, made worse by the advent of social networking sites such as Facebook which are fairly easy to data mine by the unscrupulous, even though there are privacy settings.

Some companies, however, are turning data compliance into an engaging customer service. They are moving to blanket opt-ins for contact, don’t write data regulation notices in legal language, say what will happen to the data they collect and show customers the value the get from the company having their data. Tescos is one such company following this strategy, and one which also has a listening and learning empire through its loyalty card processors dunnhumby.

All of this goes to show that data governance is a serious matter, but can be a competitive advantage. It should have a dedicated team to strike a balance between commercial risk and reward from data use. They should monitor trends and regulations, ensure compliance as a customer service rather than a chore, and alert employees and customers quickly if a breach of security has occurred. They may also be needed to hand over data to authorities who ask for it!!

Part three, you can't listen with hearing impediments, click here.