Privacy issues are everywhere in business. Like dandelions in summer, Chief Privacy Officers are popping up among the Fortune 1000 and beyond, tackling compliance issues, deciphering new legislation, cultivating the "privacy brand," and keeping up with competitors. But CPO or otherwise, most execs only do what's necessary to avoid litigation. Their goal is to achieve compliance, using privacy strategies to protect the bottom line rather than boost it. It also positions privacy protection as a cost center rather than a customer-based revenue generator.

Decision makers must implement privacy strategies that act in the customers' best interests as well as protect company interest. In doing so, firms can become trusted agents able to capture revenue. A good place to start is the familiar opt-in vs. opt-out policy debate.

"Opt in" gives communication control to the customer, allowing him to check a box if he wants to be contacted by a company. If he doesn't check the box, he'll never hear a thing, even from a company he's already doing business with. The opt-out system, however, acts as a "tacit yes." It lets customers decide not to receive further communications; but until the customer explicitly requests a cessation of contact, a marketer can bombard her indefinitely. It strikes us that companies that limit themselves to these choices aren't effectively serving the needs of customers or themselves.

When black and white gets fuzzy
In other words, consumers must often choose between accepting a full-scale, marketing assault or a "lights-out" approach in which they're never informed of relevant offers. With such strict choices, it should come as no surprise that Forrester Research reports only 18 percent of customers respond to opt-in or out-out requests. Such low response hurts the company and possibly the customer. Why? If the 18 percent opt in, then a company is limited to contacting less than one-fifth of its customer base -- even though many customers just never got around to letting the company know they want to be contacted. If the opt-out route is taken, key customers may become annoyed about receiving communications they didn't ask for.

From lose-lose to win-win
Peppers and Rogers Group has long advocated letting customers determine the style and pace of a relationship. So why not translate this to privacy policies as well? Customers should be able choose what they want, when to be contacted, and across which channels. The solution may be a tiered opt-in system that gives the customer more choices when it comes to communication.

For example, a customer might say, "It's okay to email me three times a month for product 'A', but don't ever call me." Companies that honor this request will provide relevant and timely messages based on customer needs, cutting through the marketing noise to achieve better results. Instead of opt in or opt out, companies can focus on customer choice and company policy disclosure.

This begs an important question: Why would anyone bother with the tiered system if only 18 percent of customers opt in or out? Here's one solution: Pay customers to provide information. After all, firms pay list brokers top dollar for valuable customer information, and competitors sometimes share their lists for a price. By going directly to the customers, companies can cut out the middleman while simultaneously learning each customer's interaction preferences. Technology barriers would emerge at first -- especially campaign and database management issues -- but the ROI would be well worth the investment.

From the courtroom to the boardroom
Perhaps the biggest challenge is the change in executive mindset that would be required. Most companies haven't thought about customizing their opt-in policies because privacy decisions rattle around legal departments rather than customer strategy areas. Until that vital shift is made, privacy protection will remain an untapped, relationship-building resource.

Source: INSIDE 1to1, September 2002
© Peppers and Rogers Group