Lee & White

Getting to know you, getting to know all about you... sounds familiar, but unfortunately, it has nothing to do with Rodgers and Hammerstein's musical The King and I, nor is there an ounce of good, wholesome fondness to that phrase.

Rather, the phrase is cloaked with an ulterior motive - Money, Money, Money (and this is not with reference to ABBA's song).

What's wrong with that? Everyone is entitled to pursue that ultimate goal, and surely everyone does - or at least tries to make more money.

True. Perhaps it is safe to say that every business is set up for the purpose of making money, and more money if possible. The question in any business case for an expense is whether there will be a profit to gain - apart from ensuring the customers' happiness and satisfaction, of course.

Alright, enough about the musical influences, and down to more serious business.

Businesses are trying to get to know you. They want to get to know you better. The better they know you, the better they can get more out of you. To do just that, they need your personal information - from your name to how you spend your leisure time, every bit counts. This desire to obtain personal information is not new of course. But how far is that desire corresponding with the individual's best interest? The privacy right?

By researching and analysing an individual's browsing habits on its e-commerce site, coupled with his/her personal information already obtained, an online retailer is able to advertise products/services which are most relevant to that individual.

It is also the case for those companies/retailers which seek to match the type of products/services/brands to the individual customer's taste. Shops with their own payment cards to facilitate quicker payments at the till (to obtain a card, just fill in your personal information in the given form) analyse the information obtained at every purchase (of the type and quantity of things bought...) to send catalogues relevant to the individual customer/household. If toys/stationery items are the most frequent products purchased, the customer finds a catalogue filled with the latest promotions on toys/stationery items in his/her mailbox.

To an extent, it does seem quite harmless as the individual gets what he is interested in and it does save his time and effort in looking for the 'right' or 'most suitable' product/service/brand. And better yet, businesses carrying out these forms of advertising are actually saving cost. No more unwanted, wasted printing materials. No more spending a fortune on advertising products which a particular individual will never take a second glance at.

A very recent report in the New York Times showed that companies can even make predictions about their customers.

Companies can learn your secrets. 

A statistician from Target, a large retailer from the US, divulged that two colleagues from Target's marketing department popped the odd question, "If we want to figure out if a customer is pregnant, even if she didn't want us to know, can you do that?"

Timing is essential in this case. As most new parents are almost immediately bombarded with offers and advertisements on baby products from the moment the birth records are made public, the key is to get this group before any other retailer knows that a baby is on the way. By being able to identify these mothers-to-be as early as their second trimester (the time when most of these women are changing their lives and buying pre-natal vitamins, maternity clothing and baby stuff) the chances of keeping them for years to come are great. These women are then likely to buy diapers from Target, pass by the baby food aisle and grab a box or two, and on the way to the till, add a few more items to the cart. Once the customers get comfortable with the offered products, they will keep coming back - and for more.

The questions for the businesses are:

• Did you tell the individuals clearly that you were doing/are doing/will do this?
• Did you give them a chance to opt out?
• Did you ensure that the individuals can always exercise their rights under the data protection law any time?
• Are you ensuring the security of their personal information both organisationally and technically?
• Can you ensure that if there is a transfer/sharing of their personal information to third parties, that these third parties will ensure an adequate level of protection of their personal information too?

Answer all these with a YES, and you're likely to be a trusted organisation and you understand the business case for privacy. Privacy is profitable. Personal information is an asset. You protect that asset and you will gain trust, the customers that go with it and the profit that comes from doing business with them.

The questions for the individual are:

• Did you ask for any of this?
• Did you ask for your shopping behaviour to be scrutinised? checked? spied on?
• Are you aware of all that they know about you?
• Do you mind that they can build your profile almost spot on?
  For example, Spying On You Mart knows that Mr.Joe Customer who lives at 123 No Privacy Lane and shops at Spying On You Mart, has an estimated salary of $$$. He has at least one son and one daughter (judging from purchases of boys and girls toys) of the ages between 5-8 years of age (judging from the age group of the toys purchased) and potentially has a wife/female partner who is a size 38 (EU) (again judging from the several pieces of female clothing purchased) and they like barbecuing in the summer and eat Activia yoghurts.
• And with this information that they have about you, do they share it with third parties?
• And if they do, what are those third parties going to do with it?
• Will they protect that information from getting into the wrong hands?
• Did you opt in without realising?
• Can you ever stop them if you wanted/needed to?

Answer all these with a YES, and you've consented with full knowledge and with full trust in that organisation. If you can truly exercise your rights as a data subject, and know that that organisation is protecting and will continue to protect your personal information,  then the protection of your personal information is upheld and the duty of that organisation to you is fulfilled.

But in all cases, think very carefully, read the fine print, and do not give your personal information out unless you know what you're in for, your rights and how to get out. Otherwise, it's Hush Little Baby, Don't Say A Word.

"Privacy law is not allowing us to do this", "We're not allowed to do that". But what can proper personal data management, protection and handling actually do for you... Create business!

On our many encounters we regularly have lively discussions with professionals of all backgrounds and all levels, not surprisingly quite often on our favourite subject, personal data protection and management.

Most feedback we receive however, is related to the repressive perception of data protection law, and how it does not align with the commercial goals and roadmap of the organisation, more likely to limit rather than to offer opportunities.

What we try to explain in such cases, is that the law on the one hand forbids and regulates, but on the other hand enables and guides.

The law forbids that you do anything illegal with the data and use it in a way that can harm the individual identified by the data. It regulates the way that the individual can keep control over his property, i.e. his personal data, and what purposes this data can be used for.

On the other hand, the law creates the framework that allows you to handle personal data and guides both yourself and the data subjects on how to interact in an official and transparent way. You stay in full control but if you mess up, the law is there to enable the individual data subject to exercise his rights.

The basis of the law is the relationship between you and the data subject.

• It needs to be a live relationship.
• Both parties need to be in control.
• New relationships with other parties only with permission and knowledge of the data subject.
• The relationship needs to be transparent.
• Once the relationship ends, the data is no longer of any use and should not be used anymore.

The benefits are many:
As a company, you have many individuals with whom you regularly interact and who support you fully. You do not waste time on stale or dead relationships and do not waste resources on it. Your investment in personal data yields the maximum return. You send out communications to people who want to hear from you and will hear what you have to say.

As an individual, you know which companies you are working with and what they are doing with your information. Once you decide to move on, you know your personal data is not retained and can never be abused.

The downsides of not following this guidance:
As a company, your databases, cupboards and backup tapes are clogged down with stale information of people whom you once worked with but might never work with again. The information of 'live' relationships is hidden and lost in the noise of 'stale' data.

As an individual, your data is lingering forever and you have no control over what will happen with it. Will it end up in the company's archive forever, or in a hacker's database, or somewhere on a hard disk on eBay?

In our personal data workshops, we help every department within organisations maximize the full potential of handling personal data, exploring new potential and advising on ways of using the personal data, within the limits and spirit of the several international data protection legislations. The combination of the detailed knowledge and experience of our team in all related disciplines (data protection law, CRM, marketing, online presence, social networking) together with the knowledge, experience and market savvy of your team, creates novel and powerful new applications with many quick wins and long term benefits.

More information on our Personal Data Workshops and other services can be found here.