It is not just consent which companies need from customers - it is their trust in how data will be managed and used. As David Reed discovers, this means a whole new culture of data governance based on transparency and control.
Did the Cookies Law actually do the data industry a massive favour? E-commerce and the online customer experience did not collapse, despite the forecasts of many digital marketers. What did happen is that consumers became aware that websites routinely track their visits, what they use that data for and how they could exercise control over that usage.
Cookies are just one element of the data jigsaw which commercial organisations are trying to solve, albeit an important one. Revealing the inner workings of this data source has undoubtedly educated consumers - and shown how few of them actually prefer to turn off tracking and browse anonymously.
All of which could prove invaluable when (or if) the Data Protection Regulation ushers in a new era of consent-based data processing, marketing and profiling. Despite recent comments by Viviane Reding that consent does not solely equate to opt-in, some mechanism will be necessary to collect approval. The way cookies notices have been served - and clicking through them assumed to be acceptance - could form the basis of the new consent model.
If so, it will mark a new step in the unfolding journey towards maintaining consumer trust. Another major step will be developing new behaviours within organisations that rely on personal information. Data governance will have to morph from its current role as the realm of a few passionate, skilled practitioners into an enterprise-wide culture, given top-down support and rewarded from the bottom up.
James Frost, marketing director for Nectar, says this is how parent company Aimia views the issue. “Data governance is a behaviour. We go through an annual training programme to reinforce our understanding of the principles of the Data Protection Act,” he told DataIQ just one week before taking his own annual check-up.
“Clearly part of the organisation has to own and lead that - we have got a chief privacy officer who isn’t in the legal function,” he points out. “ It is very important that data governance is not just something that sits there and nobody understands. It has got to be expressed in terms that everybody understands properly.”
Aimia developed a set of core data values in 2011 which it calls TACT - transparency, added value, control and trust. Returning value to its 19.2 million UK collectors for providing their data is at the heart of the loyalty programme, of course. “We are capturing data on people shopping in Sainsbury’s and get a lot of information on the products they buy. The point is to be able to give offers that we think they will like or for products they might like to try. From our point of view, the value is fairly obvious,” he says.
Frost points out that what makes the principles work is the way they are enacted across the whole organisation, supported by training and measurement. Scheme members can also operate controls over that data. “Those are available for consumers to see, they can access them online or by calling our helpline,” he points out.
The requirement to deliver cookies notices may well have had a positive benefit, he believes. “Nectar did a lot of consumer research to understand the best way to approach them. Our position was explaining that cookies were there to make the customer experience better and also so members can earn points through commercial affiliates,” says Frost.
Without the tracking enabled by cookies across those third parties, online purchases would not be credited to members’ Nectar accounts. That makes the value exchange very transparent and builds a solid basis on which to collect both permission and data. Those loyalty scheme partners also sign up to the same standards. “I don’t think we would partner with them unless we knew that,” says Frost.
It is probably fair to say that no company is in business in order to demonstrate great data governance. Until very recently, it would even have seemed like an optional activity. Major data breaches, impending legislation and the data-savvy consumer have all changed that.
For leading organisations, data governance has now become embedded in the corporate vision, just as compliance is for any business in a regulated sector and traceability has become for food retailers. The very essence of a brand - its pledge to customers - now has to embrace the way data is captured, managed, used and secured.
“The importance of how Telefónica UK manages personal information is key,” says Rudi Leoni, information policy and governance manager at Telefónica UK and winner of the IQ Talent Award for Data Steward. “That vision is to be the most trusted provider of brilliant digital experiences. Data governance is a key component in how seriously the organisation views the trust agenda.”
As he points out, “an organisation can say it wants to be trusted, but it needs to understand the way the consumer thinks about that.” To this end, O2 backed a major research project by Populus among 5,000 consumers that led to a whitepaper written by Demos, “The Data Dialogue” , published in September 2012.
This identified some issues, such as that 72 per cent of consumers don’t share their information online because they do not understand the benefit. “When those benefits are explained, their comfort levels increased by 10 per cent,” notes Leoni. “For us, the goal is to promote confidence and demonstrate would be a clear benefit to the consumer.”
Much of this is driven by the intensive data governance efforts of Telefónica UK which several years ago created an Information Council for which Leoni is the secretariat, setting the agenda and providing items for its members to discuss. All parts of the business are represented and the council has delegated board authority. The goal is to drive its information strategy and “bake in” appropriate measures, such as data security, to any new initiatives undertaken by the business right from the start.
“One of our information principles relates to managing information as an asset,” says Leoni. “It has a value to the organisation like anything else.” An information landscape capability has been created which defines where informat ion resides, who owners and stewards are, where third parties are involved in processing, and so on. Policies are in place to guide the way the business undertakes any data-oriented activity, such as data transfers.
For Leoni, the important issue is that these internal actions should add up to something meaningful for the customer. “When we talk about trust, what does that mean? Key factors are transparency and control, but I’d go further - for transparency to be effective, the customer needs to have a real understanding of what happens to their data, as opposed to just presenting them with impenetrable, legalistic terms and conditions. Achieving customer transparency and control is our objective.” One likely outcome from this will be a suite of data tools showing customers what controls they can exercise over their data, something that will also align with the government’s midata initiative, of which Telefónica UK is a member of the strategy board.
Creating consumer trust is easier for some sectors than others, whether it is for providing core products and services or more complex issues like data governance. As the DMA Financial Services Tracker Report 2013 revealed, if you are a charity, you currently enjoy nearly twice the level of trust which consumers have in financial services, while mobile phone companies are steadily rising in status and utilities seem to be moving in the opposite direction. (Government and media, needless to say, enjoy the lowest levels of trust overall.)
Graham Flower, CEO of Intelligence Delivered and author of “Banking in search of relevance”, published by Matador, argues that a sea change is required in how organisations view personal information. “Compliance is the minimum you need to do - it stops you going to jail. You have to realise it is not your data, it is the customer’s.”
He believes that the link between consumer trust and data governance gets made through showing what the organisation is doing with data. “Trust is a nice by-product of being relevant. A lot of work I am doing at the moment is around the fact that messages are not coming across as relevant to customers. When they go on to a web site, the company does not even know the customer is trying to buy from them,” he says.
That provides a good demonstration of why cookies may actually be helping to educate the consumer - tracking, identifying and serving appropriate content is good data management and what individuals are coming to expect of brands. “Data is no longer in the background. In the multi-channel world, it is pervasive. So the way you look after that data is extremely visible to customers in a way it never used to be,” says Flowers.
This is driving change, from updating legacy systems which struggle to cope with cross-channel customer management, to engaging with customers to keep data accurate. “At one bank, when you log on now, it shows your phone number and email address so you can change it if it is not right. Instead of spending a fortune to keep data up-to-date or to try and capture a mobile number via the call centre, reflect data back to the customers so they can maintain it,” he says.
That kind of mutual self-interest is very in line with what Government and regulators are looking for, both through new laws and initiatives like open data. Shifting the balance towards more openness and recognition of who really owns data is at the heart of this culture. It is also what worries many brands who are struggling to adapt.