In marketing, the more information you know about your clients, the more effective and targeted you can be. There are plenty of ways to get this information as well — from loyalty programs and email marketing to social media. The Internet makes collecting information about customers easy. At the same time, when do you cross the privacy line? For that matter, when might legal concerns become an issue? Complying with the law is fairly straightforward. Judging the emotional and ethical concerns is less so. Therefore, let’s consider the legal questions first.
Complying with Australian privacy law
While it’s always a good idea to put an attorney between you and the endless legal jargon of the law, there are four things you can do as an email marketer which will make your lawyer much happier.
Second, avoid collecting unnecessary information. The law is fairly clear that you should not collect personal information which you do not need for your business activities. If someone is just buying a product from you, there’s no need to ask for their driver’s licence number.
Third, ensure you’re compliant with the Spam Act. While it’s been in place since 2003 and so compliance should already be a matter of course, if you’re unfamiliar with it, then spend a few minutes reading up on the subject and check to make sure your email marketing is in compliance.
Finally, look at where you are storing customer data. Depending on what kind of business you are, and other factors, Australian law means you have to be careful about disclosing the personal data of your customers to overseas companies. In particular you must be sure the overseas firm (such as an outsourcing firm) handles the data in keeping with Australian privacy law.
The ethics and emotions of marketing and privacy
Besides the strictly legal considerations, there are also the personal ones. For example, while we all understand credit companies might analyse your purchases to spot fraud, did you realise they can also use these techniques to predict when you might be getting a divorce?
Modern data analysis techniques have unlocked a great deal of potential business wealth, but also raised knotty privacy concerns. This is true even offline: retail chains examining customer purchase habits have found they can predict personal details as intimate as pregnancy… and predict it accurately so early that the mother herself may not yet realise she is expecting.
When we realise modern technology is capable of monitoring us so closely, we as the affected customers are often unhappy about it. Google was the target of a class-action lawsuit in the US last year, brought by non-Gmail users who were unhappy that Google was reading their emails sent to Gmail users, using it to target advertisements to them, and also selling this data to Facebook. Google defended themselves with the argument that Gmail users did not have any “reasonable expectation” of confidentiality in their emails — and Google won in court.
The more data companies collect on their customers, the greater the level of insight they can gain. This principle tends to lead businesses to view personalisation systems as repositories which are allowed to grow infinitely. After all, the larger the repository, the better their ability to mine it for usable conclusions. Unfortunately, this often leads to a ‘collect it all’ mentality that crosses the line in privacy terms. It can also lead to non-compliance with data privacy laws — and to the question, what happens if the data is compromised and released to a third-party hacker, or even to the public?
As a result, we need to be vigilant both as customers and as marketers. As customers, this means being aware of what data is being collected about us, and careful with the information we volunteer. As marketers, this means understanding the level of trust we are asking customers to place in us when we collect data about them — and ensuring we perform to that standard of trust. Not only does this mean being clear and transparent about the data we collect, it means avoiding the temptation to collect data unnecessarily and ensuring the data we do collect is kept secure and private.