Too often, companies treat privacy policies as a compliance cost. Instead, think of managing consumer privacy as a way to give people a positive experience with your brand.
How many privacy policy updates does your credit card company send you each year? How many of them do you read through — and how many get immediately trashed? Companies often “manage privacy” and “keep consumers informed” by drafting their privacy policies as broadly as possible and consider their job done if they change the policy 10 times a year to fit with changing practices within the company.
However, there is a difference between informing consumers and respecting them.
Managing privacy should not be seen by businesses as a burden. Instead, it can be a valuable way to generate and maintain a good relationship with your customers. Companies should view the establishment of a framework of consumer privacy controls as a key marketing and strategic variable that conveys considerable benefits.
There are three strategies that companies can follow to transform touch points around privacy into a positive customer experience:
- Develop user-centric privacy controls to give customers control.
- Avoid multiple intrusions.
- Prevent human intrusion by using automation wherever possible.
As an ancillary benefit, organizations will be better able to leverage the better-targeted products and services enabled by customer data if their customers will welcome, rather than fear, such innovations. However, this will only happen if companies shift from thinking about privacy as a compliance burden to thinking of treating data with courtesy as a fundamental part of the relationship with their customers. Privacy policies should be organized around managing customer data courteously, in accordance with consistent principles that customers feel comfortable with.
1 Comment On: Why Managing Consumer Privacy Can Be an Opportunity
By and large I agree. I encourage my clients to think about how their privacy practices are a customer relationship opportunity. However, there are a few things in this article that bear some comment. First, your legal department cannot insulate your company from legal risk. That is particularly true in this area, as the law is not black and white. What a good legal department should do is work with the other stakeholders to develop a approach to this matter that balances customer relations goals with legal risk. You cannot protect yourself to success, and good lawyers understand that.
This brings me to perhaps the more important point. If your company is changing privacy policy 10 times a year you’ve got bad management, and possibly bad lawyers. Here’s the thing that almost never gets considered when putting together a first privacy policy – your privacy policy is a contract with your customers with respect to their personal information. If Tuesday your privacy policy says you will never share customer information with third parties, then everything you collect on Tuesday is subject to that rule. If you change your policy Wednesday to one that allows disclosures to third parties, (subject to applicable law) you can disclose to third parties the information you collect on Wednesday – but NOT what you collected on Tuesday.
Dealing with this requires internal controls that segregates data gathered under different policies. This is why many lawyers (like me) suggest starting with a privacy policy that gives the company broad rights to use and disclose information. You can always reduce those rights when you figure out how you want to deal with the issue. If you take this approach you also have less concern about data segregation, because you can treat all the information you collect in the most conservative manner you have communicated to your customers – without breaching any of your various privacy policies. It just doesn’t work the other way around.
Let’s ease up on the lawyer stereotypes. They’re no more fair than any other stereotype.