Are You Ready For A World Of Consumer-Managed Data?

It has been a few years since Forrester delved deeply into the issues surrounding consumer privacy, and in that time, an awful lot has changed:

  • Facebook Connect, Google ID, Yahoo Identity, and Sign In With Twitter have emerged as a whole new way of being recognized across a myriad of websites across the Net. As little as a decade ago, most adults online couldn’t have imagined the convenience of single sign-on.
  • At the same time, data capture methods have not only proliferated, they’ve become exceptionally sophisticated. Tactics like Flash-based cookies and deep packet sniffing surreptitiously collect behavioral data about online consumers, while loyalty and membership cards provide more insight into consumers’ purchasing habits at the line item level than ever before.
  • All that extra data is hard to protect without big changes to governance policies and technology stacks, and when data breaches happen, they're public and ugly.
  • Finally, legislators have forged ahead with regulations to protect consumer data. Europe's answer is the Data Protection Directive – a regulatory framework that governs the capture, management and use of consumer data, while in the US, congressional leaders, egged on by consumer advocacy groups, are introducing bills designed to limit data capture and to provide remediation in cases of data and security breach.

In the face of all these changes — and the panoply of changes yet to come — a new model of consumer data management is necessary. Some advocacy groups and academics are calling for a concept called vendor relationship management (VRM). Think of this as CRM turned on its ear: traditional push models of marketing go away entirely as consumers manage the relationship with vendors and marketers. But advertising is a $300B business in the US — the global market is even greater — and it’s not feasible for that entire industry to simply disappear overnight.

A model is needed that is mutually beneficial for both marketers and consumers, and we think we’ve identified it. We call it personal identity management (PIDM) and define it as:

The rules, standards and processes by which individuals and organizations manage, use, and share personal data and identity with other individuals and organizations.

With PIDM, consumers decide what data they’re willing to share and with whom. Marketers who want access will need to a) explain in clear, straightforward language what they’re going to do with consumers’ data; b) protect, be accountable for, and be respectful of that data; and most importantly c) provide value and/or convenience for consumers who agree to share data.

I encourage you to read my recent report, "Personal Identity Management: Preparing For A World of Consumer-Managed Data," and weigh into the discussion either here or on our message boards. PIDM represents a seminal change in how marketers and consumers build relationships and communicate with one another, and I look forward to hearing your opinions.


Important for VRM

Great report! And an especially important development for Vendor Relationship Management. A poorly named but revolutionary transition to a more customer focused approach to marketing. See Doc Seals Cluetrain Manifesto or

Thanks for the comment, Skip!

Thanks for the comment, Skip! I look forward to discussing this next time we speak.

Doc's work is seminal, and really laid the groundwork for what we've outlined here. PIDM is a rethinking of those concepts that balances the relationship between industry and consumers (and yes, it does still consider individuals "consumers") as opposed to moving control fully into the latter's hands.

I believe that the advancement of semantic web technologies combined with a reduction in effort on consumers' end will drive faster adoption than VRM might otherwise experience.

I think that your definition

I think that your definition of VRM is way off the mark. Firstly - it is not and has never been One or the other (CRM or VRM) - i think if you were to engage with some of those groups you would find that they say the same thing.

Hi Mark - Thanks for your

Hi Mark -

Thanks for your comment. We very specifically did not reference VRM in the primary research report because we didn't feel that we had enough representation from that community, though we did attempt to schedule interviews. I hope that will change as this thread of research continues.

Your note that it's never been "one or the other" makes me hopeful that, in fact PIDM really does represent the combination of CRM and VRM to create a balanced ecosystem that's not 100% push OR pull. There's nothing inherently wrong with pushing content and offers to consumers even if they're not explicitly "in the market" for a good or service -- years of research have shown that intent is not a foolproof indicator of future behavior. But if we can combine intent with past behavior patterns to respectfully push marketing messages, then customers and industry alike win.

I invite you to reach me on fkhatibloo at forrester dot com if you'd like to chat about where we see the convergence (and divergence) between VRM and PIDM.



i agree - there is nothing inherently wrong with pushing content and offers to consumers - as long as they have a seat at the table and they are explicit in their acceptance of this type of relationship with the business.

Customers are going to get the seat at the table. its an absolute inevitability. This is going to force things like PIDM as you describe it - to the fore, and ask serious questions of marketers regarding the inverse of the relationship they believe they have with me today.

Ofcourse this will also create massive disruption and opportunity. a $300 billion dollar a year industry may not go away over night, but i'll hazard a guess that the tectonic shift potential in PIDM/VRM and other concepts within this area of thinking are going to shock a few people.

As jobs said - dont accept Dogma! in this case - why cant we take some control? why cant we choose not to be interupted?


Hi Fatimeh,

Mark is right. Your description of VRM is way off the mark. I think you need to distinguish between two levels of debate: the ideological and the practical.

At the level of 'ideology', VRM does indeed turn CRM on its ear. The corporate quest for control over customers - companies 'managing' customers - is toxic and counterproductive, especially when translated into the hoarding of personal data and stalking customers across the internet.

At the level of practical tools, things like personal data stores help individuals assert more control over who has access to what personal data. This brings greater balance to the ecosystem and is of mutual beneficial because it encourages more trust-based information sharing.

You can't get to the practicalities until you clear the ideological baggage out of the way. But if you leave it at the level of ideology, it's all just hot air. Both sides need to be tackled.

It's easy to get caught up it

It's easy to get caught up it polemics and politics on this topic but what I see here for the first time a major and influential organization articulating clearly how consumers and brands can meet in the middle in a practical way. It could just be the begining of a beautiful relationship.
Thank you Fatemeh for what could be a watershed report.