Database Marketing: New Rules for Policy and Practice

Although a relatively recent development, database marketing (DBM) programs are already forcing important choices by companies, consumers, and legislators. These choices are changing society’s view of what constitutes good marketing practice in the United States and other countries where the conjunction of new technologies and selling requirements accelerate the use, and potential abuse, of information about individuals.

From a marketer’s perspective, DBM uses information about consumers in order to improve the efficiency of what might be called the Three Ts: targeting, tailoring, and tying.

• In work with a defined customer or prospect list, DBM can improve the targeting of current and potential buyers. Even if the messages and products remain constant, the process allows companies to waste less effort, money, and other resources by not promoting to individuals who are unlikely to respond.
• Going one step further, DBM allows companies to tailor marketing messages and products more specifically to customer groups. As a firm learns more about the heavy users of its product or service through DBM campaigns, it can provide different variations of the product mix to more customer sets. In some cases, this process can reach the level of the individual household.
• By taking advantage of relationships the company has created through targeting and tailoring, it can develop and maintain better ties. What some dismiss as “junk mail,” many marketers legitimately view as the initial building blocks of a long-term buyer-seller relationship. Over time, customers can receive more relevant messages and products, and the vendor can lower selling costs and increase retention rates.

Companies have thus far focused on the operational details of this process, becoming more adept at finding lists of potential customers, focusing the message, and making the contact.1 Marketers repeat a number of DBM success stories: catalog firms target groups with customized catalogs and thrive while traditional channels for these goods languish; a telecommunications firm uses its database of households and phone numbers to score a major success with a new credit card offering; supermarkets track shoppers’ purchases and offer electronic coupons and other incentives tailored to household-specific buying patterns.

But while the operational tasks are being perfected, DBM programs have also generated powerful negative responses:

• When Lotus announced its “MarketPlace: Households” product — a laser disk containing demographic and lifestyle data about American households — certain groups protested, claiming that it violated privacy. MarketPlace became the focus of extensive negative publicity and was a topic of discussion in House committee hearings. Concomitant with this negative attention, over 30,000 people demanded that their names be deleted from the database. Less than nine months after the initial announcement, convinced that the product could not be made acceptable to privacy advocates without excessive expenditures and redesign, Lotus canceled the product and took a multimillion-dollar loss.2
• It was reported that Blockbuster Video was planning to sell lists of its customers, categorized according to the types of movies they rented. After the report received much media attention, many of the chain’s customers reacted strongly. Within days, Blockbuster’s chairperson announced that a vice president “misspoke” while discussing the plan with a reporter.3
• A Georgia furniture store targeted residents of upscale neighborhoods in Atlanta suburbs with offers of free credit and a 25 percent discount on initial purchases, but it did not offer the same deals to residents of less-prosperous adjoining suburbs. Because the targeted neighborhoods were primarily white and the nontargeted neighborhoods primarily black, the Southern Christian Leadership Council charged the firm with racial discrimination.4
• Major U.S. credit bureaus have used information from their files to create databases that they have made available for purchase. In recent years, however, the policy has become the focus of federal and state legislative hearings. One bureau, Equifax, announced in 1991 that it would no longer use credit information in this manner because it is “inconsistent with fair information practices.” In early 1993, another bureau, TRW, reached a settlement with the Federal Trade Commission (FTC) in which it agreed to limit its use of data from credit files in this manner. The remaining large credit bureau, Trans Union, has refused a settlement with the FTC and reportedly “intends to fight the charges.”5

The current situation is highly charged and ambiguous. The benefits — to companies and consumers — of DBM programs can be undercut by regulatory or public-relations backlashes. Further, it is not clear which kinds of DBM efforts will elicit criticism. Relevant U.S. laws, many of them created in an earlier era when today’s marketing activities were unanticipated, offer disjointed guidance. In practice, companies utilizing the new data available to them have created their own guidelines before the law (or customer feedback) defines external boundaries on appropriate actions. Later, as consumers, the media, and legislators sift through their perceptions of DBM practices, companies often find themselves on the defensive. The result has been a number of costly, embarrassing, and potentially precedent-setting reversals.

Yet, in our experience, most managers have given little systematic thought to the social issues inevitably implicated in DBM programs. Our interviews with consumers, individually and in focus groups, suggest that they are still largely unaware of how information about them is gathered and used, but that, once made aware, they express standards for information use that are typically higher than most company guidelines or the current legal standards (see the appendix for the details of the study). In fact, some legislators and a growing number of consumer advocates are proposing sweeping restrictions without sound knowledge of the legitimate motivations for DBM efforts, their promise for useful exchange, and the important societal choices inherent in the expansion or restriction of these efforts.

What questions should all of us be asking about the opportunities and pitfalls of DBM developments? How can managers handle the apparent tension among marketing efficiencies, intrusion, and exclusion posed by DBM technology and techniques? These questions cannot be addressed usefully by simply appealing to the individual’s “right to be left alone” (as privacy advocates typically do) or to a company’s inalienable “information property rights” (as managers often do). Few people really want to be left alone, as indicated by increases of sales through telemarketing, direct mail, direct response, and related channels. Between 1979 and 1989, consumer mail order sales grew more than twice as fast —and business-to-business mail order sales about three times as fast — as retail sales in the United States, while the proportion of U.S. adults who shop by mail or phone grew from 36 percent in 1983 to more than 51 percent by 1989, a total of about 92 million people.6 Rather than being left alone, most people want protection against unwarranted uses of personal information with minimal damage to their increased choice and flexibility as consumers. Similarly, no company has an interest in spending money on marketing efforts that annoy or alienate potential customers. Most companies want access to pertinent consumer data so their products and marketing programs can respond to dynamic changes in demand.

We believe there is a middle ground between the extremes of the debate that can provide better guidance to company policies and public policy. In this article, we examine the motivations behind DBM efforts and the key social issues that are redefining the meaning of good marketing practice. We discuss the conflicting perspectives on these social issues and their potential for counterproductive company and public policies. Finally, we recommend rules for improving DBM practice and implementation suggestions for marketers and public policy makers.

Good Marketing Practice and DBM Social Issues

DBM efforts should be viewed in the context of forces — technology, selling efficiencies, and demographic changes — that are reshaping marketing emphases in many industries. Technological progress during the 1980s made it more economical to build databases, and new software made it easier to cross-classify information from different sources. Meanwhile, computer networks have become more common, allowing organizations to share data more easily and launch joint marketing efforts. More organizations can create proprietary customer databases, and access to such data is becoming necessary for effective marketing.

In consumer markets, for example, A.C. Nielsen’s SCANTRACK service monitors more than 41,000 U.S. households. It can measure a brand’s sales by distribution outlet, by how often a household has been exposed to commercials, and by purchase behavior at different times of the year or day (important for many seasonal and impulse items). Such information is becoming vital to marketing at most packaged-goods firms. Tracking household behavior over time helps to make products, services, and the marketing process itself more relevant to more groups. The SCANTRACK Hispanic report, for example, identifies neighborhoods, retail outlets, viewing habits, and product preferences in the fastest-growing population segment in the United States. In an increasingly multi-ethnic society, marketing efforts driven by such data have, in addition to profit-making appeal, a positive social value. They make sure that marketers offer consumer choices to groups that may have been missed or ignored. This is an aspect of DBM efforts ignored by those who would restrict companies’ use of much data while exempting political, religious, and nonprofit groups.7

While technology provides the means, changes in communication and distribution channels provide the motivation for firms to use DBM programs. Personal selling costs in the United States rose more than 160 percent between 1975 and 1986, a pace much higher than inflation and nearly twice as high as the increase in sales per salesperson during this period. Between 1986 and 1990, the median cost per sales call increased more than 75 percent in consumer goods businesses.8 Hence, many companies have good reasons for targeting potential buyers more precisely. At the same time, a key communication vehicle, network television, is less cost efficient as its viewership shares decline and specialized cable channels gain viewers. The medium itself may also be significantly less effective: by 1990, more than 60 percent of U.S. households owned remote control devices that allow viewers to easily switch television channels during commercials. Thus, marketers find that traditional communications vehicles are eroding at a time when DBM technology offers more capabilities and promise.

These changes make it likely that DBM efforts will increase and, absent legal restrictions, accelerate over the coming decade. As DBM programs become more prevalent and visible, moreover, they are implicitly altering society’s view of what constitutes good (or ethically acceptable) marketing. In an earlier era of primarily mass marketing efforts, key social criteria for evaluating marketing practice included product safety, pricing policies, truth-in-advertising, and other elements of the seller’s offering to customers. Within broad limits, it was assumed that the buyer, “free to choose” among sellers, performed the bulk of the selection in the marketplace exchange. Therefore, the criteria focused on the seller’s terms and claims for its products.

These criteria remain important, but DBM developments broaden the scope to include the means by which customer segments are identified and chosen for marketing efforts. Sellers now have a greater ability to choose certain groups for customized offerings and messages. With increased selectivity comes added responsibility: the manner in which marketing information is gathered and categorized becomes salient. To date, most concern has centered around privacy issues, but there is reason to believe that other issues will (and should) become just as prominent.

Privacy

With the publication of such books as Privacy For Sale (which details a reporter’s exploits in uncovering the intimate details of celebrities’ lives)9 and campaign pledges by President Clinton that his “Consumer Bill of Rights” would include a “right to privacy” in the marketplace, many increasingly equate DBM practices with “intrusive” behavior. In a 1992 poll, 78 percent of Americans said they were very concerned about threats to personal privacy, as compared to 64 percent in 1978.10 Responses to supposedly intrusive activities can take a number of forms: (1) a media-led revolt, in which negative media attention muddies a firm’s reputation or a brand’s image, as with MarketPlace; (2) a consumer revolt, often fueled by the media, in which consumers boycott or otherwise withhold patronage because of the firm’s marketing practices, as seemed to be developing in the Blockbuster situation; (3) a competitive response, in which another firm uses the issue to gain a marketing advantage (one large bank marketed credit cards by emphasizing its “privacy protection plan,” which promised that “we will never give your name and number to one of those telemarketing firms”); or, most commonly (4) a legislative response: in 1992, about a thousand bills restricting DBM activities were pending in U.S. legislatures.11

But rarely considered is that, in the DBM context, “privacy” has two discrete components: physical privacy and information privacy. As one observer notes, “The privacy invasion of a telephone call can be distinguished from the computer information which resulted from or led to the telephone call.”12 The first form of privacy invasion is generating a flurry of new laws and regulations, some of which threaten to dampen unnecessarily the market economies and consumer choice inherent in more efficient uses of customer data.

Many state laws and regulations protect physical privacy from unwanted telephone calls, mail, and faxes (see Table 1). Most of these laws concern telemarketing practices. At the federal level, the Telephone Consumer Protection Act of 1991 requires telephone solicitors to avoid calling individuals who have chosen to be on “do not call” status. Robert Bulmash, a resident of Warrenville, Illinois, has successfully sued several companies that called his household after being requested not to call. A sympathetic judge recently ruled in his favor by admonishing the defendant: “I was called twice during yesterday’s football game by people like you.”13 Perhaps because written messages are deemed less intrusive than phone calls, legal action in this domain has so far been comparatively small. But once the boundaries on telemarketing are more clearly established, direct mail will likely receive more attention. Note that Bulmash has successfully demanded that mailers compensate the time he spent opening mailed solicitations.14

Physical privacy issues concern outcomes of DBM processes and, in a country where stockbrokers alone make an estimated 1.5 billion telemarketing calls annually, many of us probably feel like the judge quoted above. In contrast, information privacy issues concern the inputs, use, and control of data (see Table 2). The situation regarding information privacy is more complex, but we believe that it is ultimately the more important area, from the perspective of both marketers and public policy makers, and we concentrate on information privacy in this paper. The situation is complex because people disagree about who “owns” the data and what kinds of trade-offs are acceptable in different situations. In our interviews, both managers and consumers were very concerned about the intended uses for data. A banking executive argued that consumers provide information about themselves “so that we can better serve the customer’s needs,” and she interpreted this to mean the use of the information for subsequent DBM efforts. But consumers typically viewed this data as necessary for a specific transaction, and most were surprised to find it being used for other purposes. Similarly, consumers expressed much concern about use of credit card purchase data; many believed that the sole legitimate use of such data was to “process the charges.” But credit card executives viewed the same information as a key means of providing “a full customer service package, including targeted offerings” that increase the value of the card as a shopping vehicle.

These groups focus on different dimensions of the same exchange. Because they have purchased address lists or otherwise incurred information-gathering costs, marketers have traditionally assumed that the data they collect about customers belongs to their companies. From a legal perspective, it has traditionally been safe to assume that the finding in the landmark U.S. v. Miller (1976) case regarding banking records — that a bank customer “has no legally recognizable expectation of privacy in records maintained by a bank”15 — also applies to all other consumer transactions with respect to their use in DBM. But our interviews indicate that consumers do not necessarily share this view. In addition, recent developments call this assumption into question. In 1992, the attorney general of New York State forced American Express into an agreement under which the firm must notify its cardholders of its use of purchase data for psychographic profiling and of sales of lists in various profile categories.16

Meanwhile, information ownership issues are emerging among the many organizations that have access to data about consumers. In 1991, AT&T announced that it would use its records to create lists of frequent callers to certain toll-free “800” lines. It would then target these frequent callers with service directories. The first offering was the “Gift and Specialty Directory,” targeted to individuals who frequently used toll-free numbers to order gifts and specialty items. Subsequent releases were to include traveler, senior citizen, and health enthusiast directories. AT&T assumed that it owned these data because the calls pass through the phone network and are tabulated by AT&T’s computers. But many of AT&T’s commercial customers who offer toll-free numbers —and a major association of database marketers — have objected; they consider information about who calls them to be their data.17 Similarly, a major bank has announced that it will sell lists of its credit cardholders sorted by purchase propensities. But many companies have objected. They claim that information about their customer transactions belongs to them, even if the customer used the bank’s credit card to make the purchase, and they fear that their competitors will purchase such customer information. One catalog marketer has complained that such data are “the most valuable asset [we] have.”18

These conflicts will erupt more frequently as DBM programs alter competitive rules of the game. The information search costs associated with locating consumer differences are dropping rapidly, and this information is worth more to marketers, especially in many mature product categories operating in an increasingly fragmented marketplace. Further, consumers themselves are not homogeneous in their views on marketing activities. Some people use cash for most transactions in part because they do not want purchase or credit information about them to be disseminated; other people have been willing to pay $199 each to National Consumer Research, a Kentucky-based firm, to have their names and purchasing habits stored in a database that is made available to database marketers.19

The fact is that “information privacy” is an ambiguous term, and consumers have different privacy thresholds depending on the information collected, how it is collected, and who collects it. In our interviews, most consumers deemed medical and financial information about themselves to be especially sensitive information. But they were less concerned about records of their purchases, especially if the organization scrutinizing the data was the organization from which the purchases were made, and if they had agreed to the scrutiny. Alan Westin of Columbia University distinguishes among three groups: “fundamentalists” (about 25 percent of the population), who generally choose privacy controls over customer-service benefits when these compete with each other; “unconcerned consumers” (18 percent), who are generally willing to forgo privacy claims for service benefits; and “pragmatists” (57 percent), who weigh the benefits of various consumer opportunities and services against the degree of personal information sought.20

A saying among DBM practitioners is that “direct mail is junk mail only when it misses its target.” Ironically, the impact of much pending legislation —particularly at the state level — could be more junk mail, as companies working under restrictions that bar access to pertinent consumer information are forced to blanket all groups, not just purchase-prone groups, with solicitations. In this respect, both public and company policy makers should have similar goals: to identify the best means of determining acceptable and unacceptable uses of personal information in a society with heterogeneous preferences.

Exclusion

Privacy issues currently fuel attention to database marketing, but we believe that exclusion issues will soon become prominent. By definition, targeted DBM campaigns exclude certain groups. Two kinds of exclusion need to be considered.

First, as practices develop, the pertinent technology is becoming an integral part, not only of customer identification, but of the buyer-seller exchange itself via direct-response media, electronic-mail systems, magnetic cards that automatically tabulate a household’s store purchases, and other means. People have more or less access to the electronic coupons, rebates, product information, frequent-buyer incentives, and other economic advantages of these programs depending on their incomes, zip codes, categorization in a given consumer cluster — or any other criteria. The danger is that exclusion from DBM exchanges will be systemic and socially negative. In practice, income and zip code are the most prominent variables in the segmentation schemes that drive most current DBM efforts. Using sequential selection rules, firms typically cross-tabulate income and geography (and other variables) in gauging whether a segment is worth the effort of specialized products, promotions, or marketing communications. But in our society, as in most Western societies, people from different races, religions, and ethnic groups tend to live in distinct areas, and income and education are also highly correlated. Hence, DBM segmentation criteria are not socially neutral. Certain groups can be substantially underrepresented in targeted campaigns, in effect widening the gulf between lower- and upper-income groups. The marketing efforts of the Georgia furniture retailer described earlier were criticized on this count. More generally, questions about so-called characteristic-based discrimination, especially where ethnic differences are part of market segmentation schemes, are being raised by a variety of sources that influence the regulatory and legislative agenda.21

Exclusionary dangers are particularly salient in marketing channels intimately tied to information technology. Marketers target customers with economic incentives because they expect the cost to be more than offset by the profits from a longer-term relationship. But if individuals in lower-income areas have less access to the relevant information services, they may have a new kind of marketplace disadvantage. Conversely, DBM campaigns based on past purchasing patterns and tied to future discounts can become a self-fulfilling prophecy, targeting upscale consumers with economic incentives while excluding poorer clusters from increasingly important sources of product information and exchange. In banking, one form of market segmentation (essentially based on income and zip code data) has long been known as “redlining.” What is the potential for a more subtle but broader form of information redlining in the evolution and use of DBM programs?

Second, exclusion concerns also embrace competitive issues. Small businesses and nonprofit groups, seeking to bypass expensive mass media channels, were among the first organizations to build databases of their repeat customers or donors so they could focus on their core constituencies. For many smaller firms, lower distribution costs via mailings and telemarketing campaigns often mean the difference between making a profit or going out of business. These firms and nonprofits, geared to a wide variety of causes and lifestyles, have generally increased consumer choice and distribution efficiency for many goods and services. For example, despite widespread claims about growing mountains of junk mail, the average number of mail pieces received by Americans decreased slightly between 1984 and 1990, the era of emergent DBM efforts. And this correlation is not just coincidence: mailing list trends indicate that while sales of general demographic data grew by about 4 percent, sales of more targeted “response names” (e.g., people who have purchased from a given vendor or in a product category) increased more than 22 percent.22 Good marketers are interested in talking to people who are interested in talking to them.

Yet some responses to DBM efforts — whether from the media, consumers, or legislatures — would raise entry barriers for database development and usage, thereby altering competitive forces. Typically, per-unit acquisition and search costs decrease as a database grows larger and is used to generate a higher volume of transactions with each targeted customer. Smaller companies are at a disadvantage to the extent that the acquisition or use of the data becomes more expensive or complicated. Some products, like Lotus’s MarketPlace, would effectively level the playing field in DBM. Although that product was abandoned, essentially the same information is used by companies (generally large corporations and catalog houses) willing and able to pay current industry fees for it. The MarketPlace product raised privacy concerns for many. But it would also have made this information accessible to more small businesses. By forcing MarketPlace out of the market, advocates have widened the gap between large and small players.

In another case, federal legislators recently attempted to protect physical privacy by restricting most telemarketing calls using automated dialers and prerecorded messages. A suit by the owner of an Oregon chimney sweep firm has blocked the law’s enforcement indefinitely, as of this writing, however. Because the law allows live telephone pitches — which can be better afforded and managed by large corporations — but outlaws recorded ones, the plaintiff has successfully argued that the law discriminates against owners of smaller businesses.23

Hence, just as marketers must realize that their DBM programs are not socially neutral, legislators and advocates should recognize that information safeguards and barriers are not competitively neutral. They can exclude smaller firms and other groups from data available to larger companies, and both large and small firms may have less incentive to invest in the creation and maintenance of this information. The longer-term impact can be a dampening of competition, innovation, and product customization.

Conflicting Perspectives

Unfortunately, the debate about DBM efforts is polarized. Many consumer advocates depict any collection and use of personal information by companies as a “big brother” invasion and ignore the economic benefits of such activities. Meanwhile, many companies’ spokes-people equate DBM efforts with fundamental free speech rights, assuming that personal information is just another commodity to be traded — an assumption many in society do not share.

This polarization is exacerbated by management’s tendency to embrace an outdated paradigm with respect to these issues. Many companies move through a predictable sequence of events. Initially, working with a traditional understanding of good marketing practice, they focus on the operational mechanics of database marketing and ignore the social issues. Then they often find themselves the focus of a backlash from consumer, media, and legislative parties with different and quickly changing assumptions about good marketing practice. Well-intentioned but puzzled executives find themselves asking, “What happened?” By this time, however, the company is usually in a defensive posture, and the job becomes one of damage control aimed at mending strained customer relations.

We observed this scenario at one credit-card issuer where DBM efforts spurred several telemarketing and direct mail campaigns to current cardholders. Managers were so involved with finding new ways to use their extensive customer data — forging contracts with telemarketing firms and managing the logistics of cross-referencing and transferring of data — that they ignored the societal implications of their marketing plans. In implementation, however, the company experienced a fourfold backlash: (1) media stories appeared that were critical of DBM in the credit industry; (2) customers complained about the telemarketing efforts; (3) a competitor began an ad campaign promoting its “privacy protection plan” and (4) DBM practices received attention in U.S. House of Representatives hearings about uses of credit information. The firm eventually assigned an executive the responsibility of creating a privacy policy for the organization, but it was also forced to scale back telemarketing, direct mail, and joint marketing programs that had taken much money, time, and effort to create. Further, the long-term damage to consumer relations and brand image is unclear.

For their part, public policy makers seem to be adopting a similarly ad hoc, reactive approach to DBM legislation. When a particular situation has come to their attention, usually through hyperbolic media coverage that makes no distinctions between physical privacy and information privacy, lawmakers introduce new laws and regulations. For example, when Supreme Court nominee Robert Bork’s video rental records were printed in a Washington newspaper, legislators (probably realizing that their own records, as well as their constituents’, had no protection) reacted swiftly with the Video Privacy Protection Act of 1988, which placed constraints on all uses of video rental records. Similarly, stories about arguably inappropriate uses of certain types of personal information and certain DBM techniques have led to many state laws during the past few years. But the aggregate result thus far is that these initiatives, aimed at a specific aspect of data usage, result in a disjointed morass of legislation affecting many other uses of customer information. Companies considering DBM programs thus face increasing uncertainty. And while pressure is growing for the federal government to take an omnibus look at the regulatory framework relevant to these activities, there is a good possibility that some federal regulators, in their zeal to stop specific perceived abuses, may ignore the benefits — to companies, consumers, and the economy — of better marketplace information. Certainly, a reading of the transcripts of recent government subcommittee hearings on the topic often suggests an unclear appreciation for the benefits of DBM.24

To avoid these scenarios, managers must realize that privacy and exclusion issues inevitably direct attention to the firm’s marketing process itself and, in particular, to the firm’s criteria regarding usage of customer information. They must consider, in developing and implementing these programs, a new set of rules for DBM policy and practice.

New Rules for Policy and Practice

Trust has always been an important element of good marketing — trust in the product’s quality and consistency, in the salesperson, in the supplier’s ability to remain innovative in product development and delivery. With the increasing diffusion of consumer databases and technology that can access them across organizations, additional dimensions of trust become prominent: trust in a company’s ability to keep personal information in the hands of those who have the consumer’s consent and to use that information in a fair manner. Moreover, the breadth of trust required by DBM developments implicates others besides the specific buyers and sellers, for not only do current customers need to trust the information assemblers but so do prospective customers or any other individuals whose personal information resides on the relevant database.

To help companies build trust with consumers and improve information exchange without counterproductive intrusion, we have developed a series of rules for DBM fairness, which are summarized in Table 3. We have focused on information management issues such as data collection and data sharing rather than physical privacy issues because the latter is increasingly subject to its own regulations and because technological and competitive developments increase the scale and scope of the former.25 We have used as a benchmark the “Fair Information Practices” (FIPs) developed two decades ago as part of a U.S. Department of Health, Education, and Welfare (HEW) study.26 The FIPs formed the basis for many 1970s privacy laws — mostly affecting government databases — that were passed at the federal level. The FIPs have often been used as a baseline for other information privacy codes. We have adapted the original FIPs to DBM concerns in four areas: collection, cross-referencing, data management, and categorization.

Collection

In general, all data collection should operate according to a “sunshine principle” the practices should be able to withstand the scrutiny of interested consumers in the light of full disclosure. Thus, Rule 1 is that data users must have the clear assent of the data subject to use personal data for DBM purposes. Most information privacy laws and challenges from privacy advocates stem from concerns about improper uses of data. But when companies clearly explain both primary and secondary uses for data to individuals before they give their consent for collection, later charges of “improper use” become spurious. Data that are collected through less than straightforward means can be expected to produce a backlash. Thus the first corollary to Rule 1 is: Companies should avoid deception and secrecy in data collection.

Deceptive techniques would be those that elicit information from individuals by misrepresenting the uses of that information. In direct mail and telemarketing circles, one such practice is known as “sugging,” the use of contests or fictitious surveys to gain data about consumers for subsequent selling activity. One study found that sales pitches disguised as market research involved about 22 percent of such “surveys” in 1988 and were the second most-cited reason (after inconvenience) given by consumers for refusing to take part in data-gathering efforts.27 The nonprofit fundraising equivalent is called “frugging.”28

Secretive collection techniques may not be deceptive, but they are largely hidden from the consumer, and this in itself often raises concerns. “No one really knows what information these marketers are collecting,” a privacy activist complained to us. “They are very close-mouthed about these activities, and that makes me more suspicious.” In contrast, in referring to legal but hidden data collection methods used by their firms, more than one executive told us that “customers never even know, so there is no intrusion and no problem.” But as DBM efforts increase, an attitude that “what they don’t know won’t hurt them” becomes less acceptable and extremely risky.

One bank recently found that it could send a computer tape of its customer list to an outside vendor, which added demographic and household information for each customer where it found a correspondence with other data sources (about 80 percent in this case). The bank received information about each customer’s age, marital status, dwelling unit type, and estimates of purchasing power, household income, and shopping preferences. It used this information to target customers for specific financial products. But when we presented this scenario to focus groups, most consumers indicated great concern about the practice — even if it is legal and results in a better fit between the seller’s services and the buyer’s preferences. The following comment was typical:

Maybe there are companies out there that legally sell this information, but I would be pretty mad if I found out my bank was buying information about me.

[Question] Would you move your account?

I’m not sure, but I would certainly complain if I knew they were doing it.

The very “secrecy” of the collection process breeds resentment. In Finland and Sweden, laws now require direct mailers to indicate the source of the addressee’s name and address. In our view, such clear and visible collection practices introduce increased accountability into firms’ data-gathering procedures and decrease consumer fears and suspicions. Therefore, the second corollary is:Targeted consumers should know the marketer’s source for information about them. By providing this information, companies not only avert charges of deception and secrecy but also force marketing managers to consider their research goals and methods more rigorously.

The third corollary is that individuals should have the opportunity to opt out of subsequent uses of data. In Europe, emerging European Community (EC) rules on information privacy tend toward “opt in” guidelines. That is, firms may not use the data for subsequent purposes unless overt permission is granted for each use. But we see many benefits to much less expensive and more implementable “opt-out” guidelines (informing consumers that, unless they indicate to the contrary, the data may be used for subsequent DBM purposes) as long as the company clearly describes the types of subsequent uses and the opt-out process. A good example is W.M. Green, a mail-order firm that includes with each catalog a “Help Us Mail Smarter” statement. Green codes its mailing labels so that customers can easily deduce the source of the customer’s name and address (e.g., “If the first number in your Source Code is 1 or 2, your name is on our mailing list because you have recently purchased from us. . . .”). Green also asks customers to indicate on a simple checklist whether they wish to be removed from the mailing list, have their name made available to other companies, or have their name used for other marketing purposes. As well as adhering to good information collection practice, this helps Green keep its customer list up to date, separate suspects from real prospects in the customer base, and optimize its distribution budget.

This practice should be extended to other areas. Credit card issuers could note emphatically on each application that “in addition to using this information for billing purposes, we may also use information regarding your purchases in our marketing programs. Through these programs, we provide you with convenient information about products and services that may be of particular interest. But if you prefer not to have this information used in this manner, please check here.” The message could also be repeated on billing statements. Similarly, all mail-order firms could state on their order forms: “Based on the products you order, we sometimes make information about your interests available to other firms for their marketing activities. Through this process, you can learn about other products that may be of special interest to you. But if you prefer not to have purchase information used in this manner, check here.”

Some companies are considering implementing this policy with economic incentives. If customers provide the data and sanction its intended uses, the company provides them with a discount or coupon. In a sense, such practices mean that some consumers would pay more than others for enjoying privacy (as they define it). But we see nothing wrong with such a system, which recognizes the fact of consumer heterogeneity regarding these privacy issues while providing an opportunity for both companies and consumers to “vote with their feet” regarding the relative value of the information being solicited.

With or without incentives, however, such statements would be a big improvement over most current practice. Most marketers now simply assume that consumers do or don’t approve of various data-gathering practices and are surprised by the reaction when practices become public. Many legislators have similarly broad assumptions about consumers’ desires to be “left alone.” All parties may be acting in good faith, but they ignore the truth in the old sales aphorism: “The only one who really knows the customer is the customer.” Only when information uses are explained and opt-out provisions offered can marketers and public policy makers know what diverse groups of consumers really want in different situations.

Cross-Referencing

The difficulties of ensuring appropriate data collection are exacerbated by the increasingly interorganizational nature of the database marketing web. Linking consumer data from multiple sources provides strategic advantage in many DBM programs. Witness, for example, the benefits some firms have reaped by linking credit card usage with airline frequent-flyer rolls and the similar use of such data by many firms and nonprofit organizations in the form of “affinity cards.” Several services have emerged that match customer records across companies, and the large consumer databases of organizations such as R.R. Donnelley, Dun & Bradstreet, and Polk can be matched against other firms’ files to provide a more holistic picture of individuals’ purchase behavior across product categories. Moreover, academic marketing studies are improving the methodologies for filling information gaps by “ascribing” (inferring information about an individual from the existing data) and “fusing” (combining data from different sources).

But the exchange of information among organizations aggravates concerns about DBM efforts. Such concerns are at the heart of the recent controversies and lawsuits surrounding the use of credit information. Credit grantors such as retailers, credit card issuers, and banks report payment histories to credit bureaus that, in turn, keep files on anyone who ever buys on credit — about 90 percent of adult Americans. In all, more than one thousand local credit bureaus operate in the United States, linked to the computers of the “big three”: Equifax, Trans Union, and TRW. From this information, databases have been created for marketing purposes, a practice that has come under attack by privacy advocates. Similar data sharing occurs after many other transactions. Consumers buying insurance, applying for a mortgage, or opening brokerage accounts supply information that is later merged with other data about them. The U.S. Postal Service regularly provides data from change-of-address cards to DBM programs and is developing an electronic address directory called the Delivery Sequence File for sale to companies. Data-sharing developments in health care are likely to attract more attention as firms subcontract the processing of health claims to companies that can lower processing costs while building databases. In our interviews, one industry executive noted that pharmaceutical firms might buy the names of people taking certain kinds of medications and that hospitals with specialized facilities might target individuals being treated for certain illnesses or disabilities.

Such shared uses of the data were probably unforeseen and unintended by those applying for a credit card, opening a brokerage account, filing a change-of-address card at the post office, or completing their health insurance forms. This situation underscores the importance of explaining to consumers the intended uses of the collected data and providing them with the option to opt out of secondary uses they find unacceptable — especially when those secondary uses include sharing with other organizations. This leads to another important corollary: A consumer’s assent to data use by one company does not automatically transfer to companies sharing that information. The customer’s assent must be secured before data are shared.

At the same time, public policy makers should remember the societal advantages of data sharing and take care not to overreact. Brokerage firms ask for detailed information about potential clients’ assets in order to provide appropriate investing advice. Postal officials believe that use of their electronic address list can help to reduce the 6 percent of third-class mail (about four billion pieces) that is thrown out annually because incorrect addresses make it undeliverable. Better targeting by medical suppliers might well help to increase consumer knowledge, widen choice, stimulate comparison shopping, and ultimately lower costs and improve service in our health care system.

In other words, there is nothing inherently wrong (and many things potentially beneficial) with these secondary, cross-referenced uses of information. But such uses should not be made without the sanction of the people from whom the information was originally obtained.

Data Management

Database marketing can reduce ad clutter and other marketing-related “noise” by targeting consumers most interested in the specific products and services. But this promise is often unfulfilled due to poor data management practices. If marketers overlook the quality of their data or allow the database to remain static as the phenomenon it models changes dynamically, the database may become more of a liability than an asset.

Many consumer databases, although initially useful, degrade rapidly over time — especially in the United States and Western Europe where job changes, geographical relocations (an estimated 20 percent of the U.S. population moves annually), and other aspects of social mobility have accelerated over the past two decades. Other databases were not properly formulated to begin with. Hence, the phrase popularized by the computer industry — “garbage in, garbage out” — applies equally well to many DBM efforts. In our research, for example, we encountered one bank using a database for a pre-retirement mailing in which 35 percent of the customer birth dates were wrong. In our focus groups, many consumers were concerned about the accuracy of the data used in DBM campaigns. A consumer who perceives that he or she has been targeted based on erroneous input is likely to react negatively and emotionally. However, consumers’ anger appears to abate when they are provided the option of verifying the data.

This brings us to Rule 2: Companies are responsible for the accuracy of the data they use, and the data subjects should have the right to access, verify, and change information about themselves. In our experience, improving data accuracy usually requires both improved management and a change in management values. Of course, accurate data not only increases fairness, it also provides for better targeting. The practice of some firms such as Warner Amex, which provides customers with the right to verify and correct inaccuracies, has important marketing as well as privacy protection benefits.29 But, despite the Direct Marketing Association’s provision for such a right in its own privacy guidelines, our corporate interviewees said they would be hard-pressed to provide such an option for consumers in their own databases, primarily because their databases were not designed with such a capability in mind. Hence, this rule looms as a major challenge to the DBM industry; it suggests a rethinking of, and reinvestment in, the data processing infrastructure. However, ignoring it leads to an increase in “mailbox clutter,” which exacerbates consumer concerns about DBM in general.

Categorization

After data have been collected and cross-referenced, they are usually categorized or segmented. No matter how they feel about specific DBM programs, most observers agree that the basic premise is valid: people who differ in terms of demographics, attitudes, or life circumstances are likely to purchase in different ways. Effective marketers recognize that this social diversity has implications for product policy, patterns of product usage, service preferences, and other aspects of buying behavior as well as the receptiveness of different groups to different marketing messages. But fairness dictates that Rule 3 be followed: Categorizations should be based on actual behavior as well as the more traditional criteria of attitudes, lifestyles, and demographics.

A thriving group of data providers has arisen, each provider proclaiming the usefulness of its list of names and addresses. These firms typically sell lists for one use only: the buyer gets a file or roll of printed mailing labels and is obliged not to duplicate or reuse the list without paying for it again. Hence, list compilers and brokers have an incentive to hype the relevance of an established list to as many firms as possible. In selling their lists, they tout the power of so-called psychographic segmentation techniques, which group people on the basis of alleged personality traits, values, and lifestyles. But many of these categorizations are essentially the private sector’s version of the infamous Willie Horton political campaign ads: abstracted stereotypes rather than legitimate attempts to make sense of the multidimensional nature of how people buy. There is precious little theoretical or empirical support for the view that these classifications can actually predict or model consumer behavior. As two market researchers note, “Heavy reliance on psychographic segmentation represents an overzealous faith in the sensitivity of psychological measurement — not to mention the stability of human personality.”30

In addition, such segmentation schemes raise consumer concerns. When we presented focus group participants with designations used in one of the most popular psychographic schemes on the market, many people objected. The following comment was typical: “It intrudes on my privacy when marketing people look at some facts about me and then say I fit a certain psychological profile. . . . I resent having that label attached to me.”

The best response is for marketers to use more, not less, data in their segmentation schemes. Most consumer product companies still rely primarily on attitudinal data about customers.31 This approach developed because behavioral data were unavailable or prohibitively expensive to gather and because those trained in market research techniques since World War II have largely been trained in a U.S. social science paradigm of samplings, surveys, polls, and controlled “laboratory” experiments. The key assumption is that such techniques simply make respondents retrieve their previously formed opinions and preferences. But there is now much evidence to indicate systematic differences between how consumers respond in these settings and how they behave in the marketplace.32 Meanwhile, scanner data, household diary data, and other developments have made accessible information about what consumers actually do with their money at the point of purchase.

Effective DBM campaigns require both types of information: data about actual purchase behavior and attitudinal data that can help to explain that behavior. They also require marketers to provide the subjects of this data with the opportunity to access and verify the categories being used. Otherwise, the result can be wasteful inferences about current or potential customers that raise concerns, alienate consumers, and subvert the opportunities inherent in the technology.

Implementation

Implementing these rules will require specific actions from several groups: the firms engaged in database marketing, industry organizations, and lawmakers.

Companies using DBM must audit their current programs for adherence to these rules and subject future projects to similar scrutiny. Managers must avoid their tendency to think they are exempt from this scrutiny because “customers haven’t complained” (customers may not be aware of the firm’s DBM activities) or “we’re only doing what everybody else in the industry does” (the industry’s practices may not be able to withstand future scrutiny). Our interviews suggest that most people have given little systematic thought to the ramifications, both positive and negative, of DBM practices, but awareness is growing, and the ground rules are shifting. Whether or not they realize it, many companies now face real risks in continuing their current approaches to database marketing.

Industry groups must also play a more active role. Organizations like the Direct Marketing Association (DMA) maintain listings of people who prefer not to be the targets of various DBM efforts. But a recent survey found that only 53 percent of mailers used these listings.33 Our suggested rules will be difficult for any company to implement in isolation, especially given the increasing amount of data sharing among firms, usually without any provisions for ensuring that informed consent has been secured. Industry groups must find ways of applying visible marketplace pressures for compliance. One method might be the creation of a “Good DBM Seal” (analogous to the “Good Housekeeping Seal”), provided only to firms that adhere to the guidelines and actively promoted to Consumer Reports, the media, and other outlets for frequent public dissemination.34 Conversely, industry groups must also publicize and ostracize bad practice. Without a price for noncompliance, claims of industry self-regulation become lip service, not customer service, and bad DBM practice will cause a regulatory reaction that shuts down good practice as well.

Finally, lawmakers — both state and federal — must expend more effort on educating themselves about the risks and benefits of DBM practices. Thus far, some states allow almost unfettered practice while others have passed excessively restrictive prohibitions. Companies and consumers do not gain from a patchwork approach. Federal regulations have focused on individual industries — credit reporting, cable television, and video retailing; they threaten to be precedents for more sweeping legislation that would apply in very different information contexts. Many proposals, moreover, would require a costly enforcement structure that will serve neither taxpayers nor consumer choice. In crafting potential legislation, lawmakers must remember that, used properly, DBM means improved efficiencies for companies and consumers as well as useful competition when smaller firms have access to data already available to most large corporations. At the same time, the threat of regulation does stand as one of the few societal levers that will prod DBM practitioners into adhering to rules of fairness. Although we hope that legislators will pull the lever thoughtfully and sparingly, we also agree that additional regulation is inevitable if DBM practitioners refuse to voluntarily police themselves. To the extent such a response is required, we favor a federal — rather than state — approach in order to provide a consistent framework.35

Privacy advocates and public policy makers should recognize that our proposed rules do not mean an “erosion” of personal privacy. They mean the development of more informed consent and dissent among a public with very different preferences concerning privacy-exchange tradeoffs. Conversely, marketers should recognize that our rules, although potentially costly for some firms, do not mean an end to database marketing. They mean an end to bad database marketing practices that are stimulating regulations that can negate the advantages of better information for both buyers and sellers.

These guidelines can also remind managers that, in the end, the database is not the marketplace. Companies are fooling themselves if they believe they can get “close to customers” through cross-tabulated compilations of names, addresses, and past purchases in a handful of product categories. Good marketing involves a broader view of consumer research. It requires the willingness of managers to refine and adapt their assumptions about changing consumer needs and preferences and the ability to translate this information into innovations in product, packaging, or service enhancements. During the past two decades, companies computerized their cost accounting systems, and, in the process, many unwittingly automated increasingly obsolete methods for allocating overhead and determining true product and investment costs.36 A danger facing some firms is that their growing investments in DBM efforts will likewise “freeze in place” obsolete classifications and interpretations of consumer behavior. Behind the many DBM lists stand real people whose perceptions of good marketing practice are being redefined. Making the changes required to implement these rules can help to ensure that, amid new marketing techniques, companies stay focused on ends as well as appropriate means.

Appendix

Our study consisted of 152 interviews between January 1990 and July 1992 with executives, managers, and nonmanagement employees of seven organizations either currently involved in or planning DBM activities. We selected the organizations because of their uses of varying types of personal information about current and potential customers (e.g., financial information, medical information, and purchase transaction information). We promised anonymity to all organizations and individuals in the study.

At each organization, we conducted interviews with both marketing and nonmarketing managers and covered a range of topics related to DBM practices including: the types of personal data in the company’s databases; how those data were used, protected, categorized, and (where applicable) provided to other organizations; how data accuracy was maintained; and the development and implementation of any policies concerning information privacy.

We also conducted interviews with consultants, trade association representatives, self-identified “privacy advocates,” and members of the Data Inspection Board in Sweden. Further, we conducted two focus groups with consumers in Boston and Raleigh, North Carolina, and interviewed six additional consumers individually in Winston-Salem, North Carolina. Finally, we developed a number of detailed case studies about specific issues.

Because so little empirical research has been done concerning companies’ information privacy practices in DBM activities, our major objectives in this study were exploratory: to understand companies’ practices and policies in this area as well as the views and responses of consumers and other external groups.37 Hence, the aims were primarily descriptive and comparative and not intended to test hypotheses or define “best practice” from the viewpoint either of companies or of any one of the external groups interviewed.