Over the weekend, one of the most reputable online retailers in the US, Zappos, broke the news that its database was hacked and that the information for about 24 million user accounts was breached.
How do stories like this affect consumers’ attitude toward online privacy? In our August 2011 Community Speaks Qualitative Insights report, “Consumer And Online Privacy: How Much Information Is Too Much?” (available for Community Speaks subscribers only), we found that online privacy is one of the most concerning topics in online users’ minds. Two-thirds of US online consumers report being very concerned about the recording and collection of their personal details by websites.
Most marketers and customer intelligence (CI) pros tend to lump together most types of customer data. Sure, things like passwords and social security numbers are considered more "sensitive," but for the most part, the systems that protect all the data -- and the privacy policies that communicate their capture and governance -- are largely the same.
Individuals see different types of data differently -- they're most worried about what we consider individual identity data, and far less concerned about the capture and use of their behavioral data.
Most consumers are willing to share their data in exchange for value. But, what they consider "valuable" is very age-dependent -- in other words, the same consumer isn't equally motivated by discounts and cash rewards.
The ad network ecosystem will ultimately be forced the pull back the curtain of Oz to reveal to customers the machines and levers behind targeting technology. As illustrated in my paper, the predominant approaches are full targeting vesus opt out, but this is not enough choice. Segmentation strategies and targeting techniques used by ad tools are hidden within engines and will need to be surfaced to customers so that they may verify, modify, and importantly play with them.
This isn’t easy, however, as the mathematical vernacular of targeting technology with confusing terms such as graphs, nodes, and vectors are unintelligible to most. Metaphors will be needed to distill the complexity for customers. One of the approaches to take will be similar to how optometrists work by showing the customer different "lenses" (perceptions) held about them and subsequently allowing them to choose. These "lenses" may not just be rich segmentation concepts but will include social and individual assumptions too.
Where does this transparency and explanation rationale take us?
Carrier IQ software, which consists of embedded software on mobile devices and server-side analytics applications, enables mobile operators and device OEMs to understand in detail a wide range of performance and usage characteristics of mobile services and devices. These include both network-facing services such as core voice and data offerings, as well as non-network-facing capabilities such as music players, cameras and other side loaded media, in order to assist with product and service development and roll-out [emphasis added].
Customer Intelligence is not a spying operation. The promise of CI is not reductively commercial. Instead, proper CI practices help businesses – with their customers' consent – to understand the preferences and needs of their customers. Firms also use CI processes and technologies to determine and enforce an optimal and respectful relationship with customers.
What lessons does the Carrier IQ incident highlight?
CI pros have an ethical responsibility to customers.CI pros are customer advocates after all. They cannot truly represent customers unless they also help their employers understand appropriate boundaries for data capture. Helping customers also helps businesses, protecting firms from the risk of public outrage and litigation. CI pros: Help your employers understand when data capture goes too far.
It has been a few years since Forrester delved deeply into the issues surrounding consumer privacy, and in that time, an awful lot has changed:
Facebook Connect, Google ID, Yahoo Identity, and Sign In With Twitter have emerged as a wholenew way of being recognized across a myriad of websites across the Net. As little as a decade ago, most adults online couldn’t have imagined the convenience of single sign-on.
At the same time, data capture methods have not only proliferated, they’ve become exceptionally sophisticated. Tactics like Flash-based cookies and deep packet sniffing surreptitiously collect behavioral data about online consumers, while loyalty and membership cards provide more insight into consumers’ purchasing habits at the line item level than ever before.
All that extra data is hard to protect without big changes to governance policies and technology stacks, and when data breaches happen, they're public and ugly.
Finally, legislators have forged ahead with regulations to protect consumer data. Europe's answer is the Data Protection Directive – a regulatory framework that governs the capture, management and use of consumer data, while in the US, congressional leaders, egged on by consumer advocacy groups, are introducing bills designed to limit data capture and to provide remediation in cases of data and security breach.
Maps and navigation are not yet mainstream, but they are more useful as product features anyway. This means that location is no longer a service like maps or navigation but is increasingly an enabler of new product experiences.
Location and maps are increasingly becoming features of new mobile products and services.
Location will happen automatically, behind the scenes. Adjustments will be invisible from a user perspective (think about the automatic weather update on your home screen widget).
Relevancy of local data will improve quickly. The era of basic point of interest (POI) information is over. Enriching addresses with more accurate information on opening hours, real-time data (traffic information, promotions, etc.), product/brand data, dynamic data (consumer reviews, inventory information) will deliver greater consumer benefits.
New algorithms will bridge the physical and digital worlds. Coupling more accurate local data with user context and other sources of information will foster the development of crowdsourcing and predictive analysis (e.g., predicting traffic congestion or air quality monitoring). Moving forward, these new algorithms will have far-reaching consequences well beyond mobile.
I have had the opportunity to contribute to a brand-new piece of research led by my colleague Julie A. Ask, vice president and principal analyst at Forrester.
We both believe mobile has the potential to be even bigger and more disruptive than the Internet.
That’s a bold statement! Today, few of the numerous professionals we interviewed are developing digital strategies that leverage context and make the most of the phenomenal technology packed inside mobile devices. Even fewer are anticipating the opportunities that will emerge tomorrow, with technology innovation driving capabilities around the user’s context.
Indeed, the fancy features, such as GPS and NFC, embedded in mobile phones will become common, while new sensors like barometers will reveal more about the user’s environment. The phones will also act as modems, relaying or interpreting information from other machines or from attachments with sensors. In a few years, mobile will be divorced from the PC. While a mobile device may have the ability to act like a PC, it has the potential to do much, much more. Product strategists must step into the leadership role, driving the development of user-context-based products. Increasingly, voice and motion will control devices and applications. There will be an entirely new generation of products and services delivered on mobile platforms that will not originate online.
At the end of the day, who knows you best? Your mobile phone! Why?
Because it will become the device you use to interact with the world around you — your hotel room, your shopping cart, your TV, your bank, your parking meter, your car, your running shoes, and many other aspects of your life. You won’t be able to keep anything secret from your mobile phone.
Frank Gertsenberger, VP of Product Marketing for Audience Science wrapped up day one with an excellent update on privacy concerns and expected changes due to FTC and congressional work on behavioral advertising policy.
The concern is that even though data is being collected anonymously, when enough anonymous data points are collected, is an individual still anonymous?
Four entities are running concurrently to tackle this challenge:
The FTC began investigating data practices about two years ago and determined that the risk with behavioral marketing is that consumers are not aware of what data is being collected; current privacy policies are insufficient at explaining how consumer data is employed with behavioral marketing.
Congress – A subcommittee was convened last year to quantify the value of behavioral marketing in order to determine its value in the online economy. Through studies supported by the NAI (the network advertising initiative), Congress now understands this and is outlining a policy outlining what the baseline protections should be for consumers.
NAI– A membership organization which now represents more than 80% of all online ad spend, and created studies focused on answering Congress' need to value behavioral marketing. Also helps audit member sites to aid compliance efforts.
The Associations – This is a collection of online advertising associations like the DMA (direct marketing association), the IAB (interactive advertising bureau) and the ANA (association of national advertisers). This group is taking a pass at developing requirements for providing enhanced notice to consumers.
On March 30, 2010, Yale University placed a migration to Google Apps for its email services on hold over privacy and security concerns, especially regarding a lack of transparency about in what country its data would be stored in.
Michael Fisher, a computer science professor involved in the decision, said that “People were mainly interested in technical questions like the mechanics of moving, wondering ‘Could we do it?’ ,but nobody asked the question of ‘Should we do it?’” and went on to say that the migration would “also makes the data subject to the vagaries of foreign laws and governments, and “that Google was not willing to provide ITS with a list of countries to which the University’s data could be sent, but only a list of about 15 countries to which the data would not be sent.”
This closely aligns with our January report, “As IaaS Cloud Adoption Goes Global, Tech Vendors Must Address Local Concerns” which examined security and privacy issues involved in moving data to the cloud, especially when it’s no longer clear what country your data will reside in. In this report, we offered that IaaS providers should give “guidance on where data is located and location guarantees if necessary. Rather than merely claiming that data is in the cloud, tech vendors must be prepared to identify the location of data and provide location guarantees (at a premium) if required.”