Data regulation is extending its reach and marketers should probably get used to it.
Whether it is through forms of self-regulation, such as the DataSeal standard, or legislation like the mandatory opt-in for website cookies – both of which have been in the news this week – marketers who use data need to pay more than lip service to their customers’ privacy, or they could face an angry backlash.
There is a very good reason for regulation in this industry. Data is dangerous. The philosophy of both business and society in managing data needs to be the same as its attitudes towards terrorism or natural disasters. Plan for the exception, not the rule.
Terrorists need to be lucky once, we need to be lucky always. Similarly, energy companies make every effort to ensure that nuclear power stations are as safe as they can possibly be, but how do you plan for the earthquake and tsunami that hit Japan last week?
There have been plenty of examples of data going missing from government departments, almost always because of unforeseen circumstances. The most frightening was the loss of 25 million child benefit records from HM Revenue and Customs, containing names, addresses, dates of birth and bank details.
The story always sounds innocuous – a USB stick dropped in a gutter, a dossier left on a train, a CD lost in the post. The material harm that could be done to individuals as a result of such lapses is hard to predict. The worst case scenario is probably still to come.
There is a more insidious side to this argument too. It would be naïve to assume that there are no individuals willing to exploit the commercial value of customer data with criminal intent. It is not a complex task to make a database look legal when in fact it has been procured by dishonest means.
Since electronic data can multiply like bacteria, it is no wonder the public is wary. Aside from meeting their legal obligations, the least that companies should do is make it easy for individuals to control what details are held.
The web service Allow, currently running in beta mode, provides users who sign up with a means of automatically opting out of commercial databases used to send them marketing communications. The reaction of some companies has been one of resistance, however.
Royal Mail sends emails to Allow users requiring them to fill in a paper form and post it back before it will process a request to stop door-drop mailings. Data company Acxiom responds by refusing to take any action unless users of Allow confirm their personal details and explain why they believe Acxiom holds their data.
There is no suggestion that Royal Mail, Acxiom or any other company make improper use of personal data or fail to meet their legal obligations. However, responding to an opt-out by demanding that another form be filled in and posted seems somewhat onerous.
Similarly, it is hardly reasonable to expect a consumer to know whether a business-to-business brand holds his or her details, when that company is unlikely to be the one sending them the unwanted messages.
If the data industry wants to ensure that any further regulation is self-administered, rather than enforced by law, it needs to be seen to be helpful, not obstructive, to those who have real worries about their privacy.