December 2000   

The Pew study shows that only 10 percent of these users have disabled the Internet's tracking tool called "cookies" on their computers, and that 56 percent of 'Net users don't even know what these online monitoring tools are. Some businesses do abuse cookies, and many privacy services cite this as an enormous issue, because cookies not only store personal data provided by the user, but may also collect information through the user's actions -- without the user's knowledge. Cookies can be combined with existing databases of identifiable information, through what is known as "data aggregation" and "data triangulation." When this happens, companies can assemble comprehensive and detailed online profiles that can then either be sold to other businesses or used to manipulate the user's Web experience. Increasingly, customers are demanding a greater say in how their personal information is used and collected, and the privacy issue is heating up. To date, more than 50 individual pieces of privacy legislation have been introduced in the U.S. Congress, and privacy and consumer groups are promoting increased awareness and solidarity. While knowing more about your customers is important, letting your customers understand your actions and permitting them to set appropriate limits will become critical to holding on to those customers and to making them feel as though you have their interests at heart.

Educating Your Customers

Education is an important aspect of making customers feel informed and comfortable with the amount of information that you are collecting. If you choose to collect personal information and/or use cookies to help you help your customers, take a first step toward improving customer relations by providing an easy-to-read privacy statement. Be sure that your privacy statement tells your customers how you are collecting information, what information you are collecting, and what you will do with the information. In addition, let them know how to tell you that they don't want you to collect their information. Your customers need to feel as though they have choice and control. You may also need to help them understand the issues. The paragraphs that follow contain information that you may wish to post on your site.

Cookies are Internet tools that can:

• keep customers from having to repeatedly provide their names, passwords, or other, often-used information
• improve the level of service that you can give customers, by analyzing the sites or pages that they visit to determine their needs and interests
• find the perfect moment to offer help or personalized services by tracking what customers are doing

Assessing Your Customer Profile Needs

But cookies can provide the above services without picking up identifiable information like names, addresses, and phone numbers, because you control what they collect. You can set them to capture the pages visited by your customers, and then anonymously store an activity or interest profile for that customer. But when you ask them to register to be a member of your online community, sign up for a free subscription, or fill out a form for an online purchase, and you collect this information, you are asking them to provide a "self-reported" profile.

Statistics show that they may be willing to do so, if you give them something valuable in return. After all, their information is a commodity. As far as they are concerned, their self-reported information can be sold or placed into the public domain, unless you give them the opportunity to specify that it "should not be shared with others." Anonymous cookie data plus a customer's self-reported profile can be linked together to create an online user profile complete with name, address, contact numbers, sex, marital status, credit card numbers, income bracket, family size, hobbies, interests, and buying preferences. In addition, through "data triangulation" marketers who have access to public records as well as online profiles can effectively build personally identifiable dossiers of your customers and every other online user for target advertising. In effect, all online users may already have unwittingly thrown open the doors to advertisers, marketers, and maybe the rest of the world, and totally given up their privacy. If your customers sense that you are contributing to this practice, they will ultimately direct their anger at you, and studies show that the vast majority of consumers find this kind of linking both frightening and abusive.

As information about their online habits and preferences is combined with their personal information, the potential for "data aggregation" increases, and so does the value of that information to marketers who want to establish communication with similar shoppers. For many business owners struggling to make Web sites pay off, selling such profiles becomes a great temptation. But if you want to maintain the goodwill of your customers -- and their continuing business -- it's a temptation you should resist. Surveys indicate that having their personal information sold and triangulated is the issue about which customers feel most strongly.

Data Triangulating Public and Private Information

How do marketers gain access to private customer information? Every person who has ever purchased something online or completed a complex offline transaction, such as applying for telephone service, a driver's license, a social security number, medical insurance, a loan, a credit card or bank account, has a profile in the vendor's or service provider's computerized database. That profile stores the individual's personal and contact information, and other bits of information essential to the purchase or service. Some of these records are public domain but some are supposed to be confidential enough to be protected by federal laws. However, most of them can be accessed online, with some restricted individual records available to interested parties for a minimal fee. For example:

• USSearch.com claims to be the worldwide leader in public record information and has access to several restricted databases. Public record reports containing basic information such as addresses, spouses, civil judgments, bankruptcies, and property ownership are available for $39.95; criminal records are $25 per person per county; and to verify one's own public record, the fee is $50. Other online vendors of public information are Discreet Research, Inc., Information America, Inc., and Infotel Group. Some sort of legislative control of these services will likely occur in the next few years.

• The top three consumer reporting agencies (CRAs) that keep records of credit histories are Equifax, Experian, and Trans Union. According to rules stipulated in the Fair Credit Reporting Act (FCRA), CRAs can release copies of an individual credit report to third parties who have a "legitimate business need," which basically includes current and potential creditors, landlords, insurance companies, investors, and current or potential employers. Also, the FCRA is silent on the use of credit reports for the generation of targeted marketing lists, and not precise about the restrictions on the creation of lists of pre-screened consumers for offers of "pre-approved" credit and insurance coverage. Any individual who obtains a credit report under false pretenses is subject to penalties, of course. But determined data aggregators who already have a person's name, address, and credit card numbers can afford the mere $8 processing fee for a chance to either offer that person a new credit account or sell the information to list brokers. Again, this is an area in which consumers will not tolerate abuse much longer.

Online list brokers harvest and buy names, addresses, and personal profiles from various sources like phone directories, public records, surveys and consumer profiles, and sell them to companies and individuals who seek targeted lists for direct marketing. InfoUSA is one example. The company claims to be the leading provider of information for about 11 million businesses, 120 million consumer households, 575,000 physicians and surgeons, and and 3.4 million executives with business, demographic and lifestyle details. The company maintains profiled information that includes name, address, phone number, email address, income, age, occupation, marital status, number and ages of children, home ownership, credit cards, and hobbies and interests. Requests for specifically targeted sales lists and leads cost $1.00 per record for 1 to 24 records, and 8 cents per record for a sorted list of 25,001 to 100,000 records. Whether or not the individual sources of these records volunteered their private profiles would be difficult to ascertain, and increasingly, customers who find that a business knows too much about them may become less, rather than more likely to purchase from that business. Many customers are already so afraid of releasing too much information that they are deliberately providing false information to Web sites in an effort to protect their privacy.

Safeguards and Precautions

The online world has not only facilitated the breakdown of the individual's privacy; it has also promoted the agenda of entities that make money by selling personal information. And to add insult to injury, online users now have to go out of their way and spend considerable time and effort to ensure that they maintain a decent level of online privacy, or to try to restore the level they once had.

By employing a few simple techniques, you -- as an online business -- can take advantage of your customers' concerns to get a jump on your competition. Here are just the basic measures you can take to let your customers know that you are not harvesting their information, tracking their activities without permission, or profiting from their life styles:

• Cover their tracks. Let them disallow cookies on your site or prompt them to set their browsers to warn them when a cookie is being dropped into their system so that they can choose which ones they will allow. Remind them to clear their memory cache or history folder as well as their temporary Internet files folder when they're finished surfing the Web.

• Urge them to read your privacy policy. Every time you ask them to input personal information, remind them to check your privacy policy to see how that information will be used. Remind them that their information is safe and secure with you and will not be sold or otherwise shared with anyone.

• Get certified for privacy. Have your privacy policy checked by TrustE or some other privacy group, and make sure that your customers know that you have passed such an inspection by displaying the certification logo on all pages where you collect personal information. Make sure that you also tell them what that certification means.

• Make sure any forms that they fill out are secure. Use a secure address and explain to your customers what measures you are taking to ensure their safety. Many customers now know that a secure page starts with "https:" and the symbol of a yellow padlock appears at the bottom of their browser, but a good number still do not understand what happens and precisely what it means for them.

• Let your customers opt-in, instead of having to opt-out. Instead of asking them to uncheck a box giving you rights to use their personal information, let them make the choice about whether or not they want to participate. Provide tiered services so that they can choose whether or not to provide certain information or participate in specific sections of your Web site.

• Help them learn. For information on ways to control how their personal data is collected and distributed, let them know that they can check out a number of Web sites including:
• Americans for Computer Privacy
• The Center for Democracy and Technology
• Electronic Privacy Information Center
• Ohio State University Internet Privacy Home Page
• Operation Opt-Out

Price to Pay

Some online users don't mind sharing sensitive information with you, with marketers, and with other Web denizens; many even post the details of their lives on their home pages. Most individuals, however, value their privacy and would rather not be hassled by sales pitches, crank calls, and the like. There are also those who are particularly peeved at the idea that some businesses make money from their personal information, and have chosen to join privacy advocacy groups, if not go offline altogether.

The Internet is a venue that touts access, convenience, and instantaneous information. But at the same time, it fosters the abuse of these very features, and in the process the rights and privacy of its users are jeopardized. Whether the cyber-world ignores, condones, or challenges these privacy issues, in the end the online user still pays the price, and users are quickly becoming tired of paying. Let your customers know that you are on their side by implementing safety measures for their protection and giving them choice and control over how you use their personal information. In an environment where privacy is a problem for many of your customers, you may find that it will pay to make yourself part of the solution.