Apple Does The Right Thing To Defend Customer Privacy

By now, most of you have read about Apple's powerful public statement of refusal to comply with a court order compelling the firm to help the FBI gain access to the data stored in the San Bernardino shooter’s iPhone 5. Specifically, the FBI requires Apple’s help disabling the device’s data auto-erase function after 10 incorrect password attempts, and Apple is refusing to modify the software to enable this.

Over the past three years, Apple has hitched its brand wagon to privacy, because the firm believes that a) customers care enough about privacy to vote with their dollars and b) as the steward of people’s most personal, sensitive data, Apple has an obligation to serve their best interests. While this isn’t the first time that Apple has found itself targeted by regulators over privacy, this is the firm’s staunchest defense yet against government intrusion. Forrester believes that, with this move:

  • Apple is putting its money where its mouth is. Until recently, there has been plenty of debate about whether Apple has simply been paying lip service to privacy. But this move — along with its recent shuttering of the iAds business — proves that Apple is making serious product and business model changes in support of user privacy. Tim Cook is holding fast on the line he drew in the sand last year at the EPIC’s (Electronic Privacy Information Center’s) Champions of Freedom event in Washington, DC, where he said:
Read more

Understanding "Creepiness"

We've all felt it: a weird sense that information about you has been used in a way that just doesn't feel right.

Maybe you received a kids apparel catalog at your decidedly DINK home. Or maybe you saw an online ad at home for a product you'd been looking at from your work computer earlier that day. Or, perhaps your mobile device pinged when you walked into a store to tell you about specials for that store - even though your location settings were turned off.

Many of us in the privacy world have a strong dislike of the word "creepy" because it can't be quantified. And, practically-speaking, it's rather useless because what's "creepy" to one person might well be "useful" to another.

I'm working on research to quantify what we mean when we say something is "creepy," and to categorize the types of incidents that cause people to feel it. That means I need examples - lots of them. And I need your help.

If you've had a creepy marketing, advertising, or customer service experience, won't you please take a moment to tell us about it?

We've set up a short 8-question survey that you can complete anonymously, if you prefer. Your contribution will help us understand how we experience creepiness, and help us educate companies about how not to be creepy!

Consumer Privacy Attitudes: A 2015 Update

Back in 2013, my colleague Anjali Lai and I wondered how the "summer of Snowden" was affecting consumer attitudes about privacy. So, we fielded a survey and ran some qualitative analysis in our ConsumerVoices Market Research Online Community. A year later, we used that historical data, combined with Consumer Technographics and social listening data to see how perception and behavior were changing. It was a fascinating study

Fast forward another year: it's now pre-pre-primary season in the US, and candidates are talking about privacy and personal data protection. There have been three more major data breaches affecting millions of Americans. The adblocking debate is at fever pitch, while Internet giants make privacy a point of differentiation. Obviously, we decide to run our study a third time. And this time, we incorporate (opted-in, permission-based) data from our Consumer Technographics Behavioral Study.

Our findings? Consumers are more willing than ever to 1) walk away from your business if you fail to protect their data and privacy; 2) adopt technologies like tracker-blockers and VPNs to limit their exposure to data misuse; and 3) extend their protective actions to the physical realm. 

And the real kicker is that, if you're one of the marketers who's been counting on Millennials who "don't care" about their online privacy, you're going to be waiting a long time.

Read more

Get Your Privacy House In Order, or 2016 Will Hit Your Business Hard

Now that we’re firmly settled in the Age of the Customer, it’s time to take stock of the factors that are really going to drive business success -- or failure -- over the next few years. At Forrester, we’re betting our hats that privacy will be one a big one. In fact, we think that privacy is integral to each one of the 10 success factors in 2016.

Read more

Privacy & Personalization: two globally important initiatives, one tremendous opportunity

I'm just back from two weeks in Hong Kong, where I'd been invited to give a keynote at the 10th anniversary conference of the Business Information Industry Association. Since I was there, I took the time to meet with some fantastic Forrester clients in industries ranging from travel to insurance to retail to consulting. In nearly every discussion, whether I was speaking to a BT or a marketing exec, we eventually got to the topic of the "privacy-personalization paradox."

This is an issue I've explored extensively, and have written about before. It's a challenge that marketers in the US dabble with when they're considering investments in tools like retail beacons and cross-device identity resolution. But it was enlightening to hear about the challenges that firms in APAC face: antiquated privacy laws, a dearth of third-party consumer data, and even the incredible difficulty of compiling a single customer view across their own first party data. Interestingly, though, the solution in both markets is similar: preference management

I've just published a report about enterprise preference management, which Forrester defines as:

The business practice of systematically collecting, managing, and utilizing explicit customer preferences — about frequency, channel, content, interests, and intent — in outbound communications.

Read more

Safe Harbor is dead. What does that mean for your customer insights & analytics practices?

Yesterday morning, many of us in the United States awoke to some troubling news: the European Court of Justice (ECJ) had ruled that the Safe Harbor agreement is no longer valid.  Security & risk (S&R) and data management folks kicked into high gear. Customer insights and digital marketing teams...? Well, the news slipped past mostly unnoticed. That's a mistake. 

Let's start with a primer on Safe Harbor. If you're a multinational company doing business in Europe, Safe Harbor is the agreement under which you've been allowed to bring European customers' data back into your servers in the US for purposes of targeting, analytics, campaign management, etc. If you work with a US-based database MSP, digital or CRM agency to manage customer data, they've likely been relying on the same agreement. It's a nearly 20-year old agreement that was put in place to bridge the gap between Europe's strict data protection laws and America's relative dearth of them. 

Now, that agreement has been deemed invalid, which means that every company serving European customers needs to reexamine its data practices. Of course, this is primarily the purview of our technology management peers. But customer insights professionals need to partner closely with them on two fronts:

  • Speak up about your third-party data sharing practices. This includes sharing between business partners (for example, passing customer data to a firm that administers your loyalty program or manages warranties), sharing CRM data with digital marketing vendors, and even using third-party tracker on your website that collect IP addresses. Any third party data sharing could come under scrutiny from the European Data Protection Authority, so you'll want to have a consent-based model for collecting and sharing that data soon.
Read more

Is Your Privacy Organization Future-Proof?

Unless you're in a regulated industry, or headquartered in the European Union, chances are that your privacy organization has been limited to one or two lawyers, and maybe a data security expert. This small group has probably been tasked with making sure the firm is in compliance with local laws, and with writing and managing onerous and impenetrable consumer-facing privacy policies. In other words, these teams have worked to keep the company out of legal trouble.

But data privacy, collection, and use practices are becoming more visible, to regulators, to media and ultimately to individuals. And as a result, firms need a different kind of privacy organization to meet the need for transparency head-on. 

So tell us, has your privacy organization changed in the past few years? Are you staffing it with new skillsets? Creating more dotted lines to teams like marketing, product development, etc? Changing from a compliance-focused organization to one poised to capitalize on privacy as a market differentiator?

If so, my colleagues, Heidi Shey, Enza Iannopollo and I would love to hear from you for current research we're working on. Reply here, or email, and THANKS!


Privacy: Lessons Learned and Prognostications

Earlier this year, I had the pleasure of moderating a panel of leading privacy professionals for the Churchill Club.

During the session, we recapped the highlights—and lowlights—of privacy in 2014, discussed some of the major trends and issues in the space, and made some predictions for 2015 and beyond.

What stood out for me, as a customer insights (CI) professional, is how critical our teams are to the work of privacy and how much we must guide the process of contextual privacy. There is a lot of work to be done to build stronger organization-wide consensus around better privacy. Like they were the nexus point between business technology and marketing teams, CI pros are now the nexus between security, legal, and marketing teams.

I’ve linked the full session below. Please enjoy, and please consider getting involved in Data Privacy Day 2016 - the effort could use more marketers and business leaders.

Can people change markets?

As many of you know, the customer insights practice at Forrester traditionally focuses on the collection, management, analysis, and use of customer data to business practices. Over the past few years, I've been writing research about the changing face of the "collection" and "use" parts of that equation -- that is, how privacy and personal identity and data management tools will change marketers' access to consumer data, and how they're allowed to use the information they do have. Now I'm taking this research a step further.  

I've just started examining the history and future of consumer-driven market shifts, and would love to interview you if you have a position on this, theoretically or practically.

The hypothesis:

Read more

Oracle Gifts Itself Another Data Platform

Industry analysts know that major M&A deals, product announcement, and organizational changes can come at any time. But it still surprises us a little when a major player like Oracle announces a significant acquisition just days before Christmas. At any rate, Santa has come early for both Mr. Ellison and the Datalogix team this year.

We've just published a Quick Take on our perceptions of the deal, which holds a lot of promise. Our biggest concern? Realizing that promise requires some serious integration work, and so far, Oracle hasn't proven that it's especially capable of integrating the stack it's acquired for the Marketing Cloud offering. We also worry that Oracle's Data Cloud -- where Datalogix will sit -- is heading directly for a major privacy warzone. Whether Oracle is ready for that battle remains to be seen.

But the bigger picture is this: the Datalogix and Bluekai acquisitions, along with many others of the past year -- including Conversant by Epsilon, LiveRamp by Acxiom, and Adometry by Google -- are evidence of a fast-consolidating marketing and advertising technology landscape. 2015 will doubtless bring more M&A activity in this space, with a likely run on smaller technology and data vendors that have mostly been flying under the radar. What this race for the ultimate "marketing cloud" will mean to CI pros remains to be seen, but you should certainly anticipate plenty of shakeups in your vendor relationships over the next 18 months. 

Read more