Is Privacy Too Expensive?

 
 
By eweek  |  Posted 2001-04-30 Email Print this article Print
 
 
 
 
 
 
 

The online privacy debate has dwelled on civil liberties, Capitol Hill strategies and alarming anecdotes about privacy breaches, but until recently it has largely ignored an important piece of the puzzle — the cost of putting privacy safeguards in pl

The online privacy debate has dwelled on civil liberties, Capitol Hill strategies and alarming anecdotes about privacy breaches, but until recently it has largely ignored an important piece of the puzzle — the cost of putting privacy safeguards in place.

The reason for this oversight hinges, in part, on the lack of data linking corporate expenditures with privacy protection. But last month, several new studies purported to show that privacy regulations would cost billions of dollars. Days later, the U.S. Federal Trade Commission held a hearing exploring how corporations harvest and exchange data about consumers — and how the sharing of that information cuts costs for consumers on everything from bank loans to T-shirts.

As the privacy war continues to simmer, the subject of costs is becoming a major battleground. Will privacy regulations saddle electronic commerce companies with new expenses? Probably. But the degree to which e-commerce is weighed down by privacy costs depends on the nature of the legislation.

"When we talk about privacy [laws], we are talking about a fundamental shift in how our economy operates," says Rick Lane, director of e-commerce and Internet technology at the U.S. Chamber of Commerce. "There would be massive amounts of costs associated with that. There has to be — youre talking about completely changing the dynamics of how businesses interact with customers."

But others engaged in the privacy debate argue that regulations will eventually pay for themselves — if not end up enriching e-commerce firms — by bolstering consumer trust and shepherding more shoppers to the Internet.

"There are some costs, I wont be naïve," says John McCarthy, a group director at Forrester Research. "But is there a huge cost of forcing a company to come clean on who they share information with? I dont think so."

McCarthy adds: "Businesses that view this as a compliance issue are kicking their customers in the shins. Its about building customer loyalty, building customer trust. Why is that so bad for the economy and for business?"

The cost issue has several dimensions. Depending on the details of the privacy legislation being considered, companies could be forced to:

  • Hire chief privacy officers, or attorneys dedicated to privacy issues;

  • Make privacy central to the business and dedicate increasingly more resources to privacy; and

  • Buy new hardware and software to protect privacy, authenticate users and secure databases of personally identifiable information.

These are some of the most obvious costs, and if Congress passes a law requiring that consumers be given access to data collected about them — and mandating that the information is adequately protected — the legal and infrastructure costs could indeed run high. In addition, many companies make money by selling their customer data. In some cases, its a chief corporate asset, and a law proscribing data-sharing practices could cut off this source of revenue.

But privacy legislation could also stanch the flow of information among consumers and companies, and this river of information, most agree, does save consumers money. The cost-savings to consumers made possible by such information sharing has been woefully understudied to date, says Solveig Singleton, senior policy analyst at the Competitive Enterprise Institute, a free-market think tank.

"Work is just barely being done on what some of the possible benefits to consumers are from information sharing, and how that could be affected by legislation," she says. She criticizes the federal government for "ducking its obligations" to perform its own cost-analysis studies while examining the issue of privacy regulation.

In March, the Online Privacy Alliance, an industry coalition pushing industry self-regulation of privacy instead of federal regulation, formally introduced four studies that made some alarming arguments about the high cost of proposed privacy laws. Their main points revolve around how consumers benefit from the free flow of information and how consumers pocketbooks would be harmed if information — which Fred Cate, a conservative Indiana University law professor, calls the "lifeblood" of the New Economy — were to become locked down by regulations.

At the heart of two of the studies is the argument that consumer information cuts marketing costs by letting companies target their advertisements to consumers who are most likely to make purchases. Every wasted marketing pitch has a cost, the studies contend, and that results in more expensive products and services. The studies also examine the financial credit industry and conclude that transparency about consumers — some of which comes from data sharing — has led to savings of between $85 billion and $100 billion annually in the mortgage credit market, and $150 billion annually in the nonmortgage credit market. In other words, the more financial institutions know about consumers, the better they can calibrate their risk assessments and provide people with cheaper loans.

In one study, Michael Turner, director at the Information Services Executive Council, determines that the retail apparel industry saves $1 billion per year because of its ability to use personalized information. The study — produced for the organizations parent, the Direct Marketing Association, a principal anti-legislation warrior in the privacy battle — says that restricting the use of consumer information would increase the total costs of catalog or online apparel retailers by 3.5 percent to 11 percent.

Turner explains that in the retail industry in general, companies and consumers save money through the exchange of personal data among companies and third parties, particularly data "aggregators."

Heres how it works: A large clothing retailer with stores, mail-order catalogs and a Web site might have a list of 25 million customers. About 1 million of the customers qualify as "top spenders," meaning they spend above a certain threshold on clothes every year. The retailer wants to find more customers like the top spenders. To do that, the company could send out scattershot mass mailings and hope for the best, but that would be extremely expensive. The average catalog, Turner says, costs $5 each to produce and ship.

Alternatively, the clothing retailer could send the names and addresses of the top spenders to a data aggregator. Data aggregators — such as Acxiom and Experian — harvest vast quantities of data, using public records like telephone white page listings, bankruptcy records, census information, court records and self-reported information like warranty data.

The aggregator appends all the information it has in its databases to each match it finds in the clothing retailers top-spenders list, and that data gives the retailer a much richer portrait of their top spenders. Using the consolidated data, for example, the company might be able to conclude that its typical top spender is an African-American woman between the ages of 35 and 45 who drives a new car. Armed with such a profile, the retailer can more efficiently find people who are like their top spenders and target them with advertising.

The ease and volume of this kind of information flow would be affected by just about any of the online privacy bills floating around Capitol Hill. But experts say the handful of bills that endorse an "opt-in" approach to data sharing — in which companies must first obtain permission from consumers before collecting or using personal data — clearly would cost far more to implement than the "opt-out" approach, in which companies are allowed to harvest data and share it unless a consumer tells them that their data is sacrosanct.

Most research shows that less than 10 percent of people choose to opt-in when asked. When consumers are given the choice of opting out, between 90 percent and 100 percent decline. In practice, what this means is that under a privacy law that requires opt-in, companies will have access to roughly 80 percent to 90 percent less personal data about consumers than they have now, Turner says.

The Information Services Executive Council is finishing a series of studies of how information sharing benefits a host of different companies and industries, according to Turner. The studies, to be released in coming weeks, examine the privacy practices of Dell Computer; Ford Motor and Ford Credit; MBNA America Bank; Travelocity.com; and Sears, Roebuck and Co.

Sharing the Wealth

As in the retail world, information-sharing helps financial institutions keep costs down. A study conducted by John Barron at Purdue University and Michael Staten at Georgetown University shows that credit interest rates in some other countries are significantly higher than in the U.S., based in part on the degree to which financial institutions in those countries have access to consumer data.

One of Barrons and Statens key findings: In the U.S., financial institutions can examine both good and bad credit histories, while in most other countries, only instances of bad credit — late bill payments, bankruptcies and so on — are accessible. Being able to use good credit history, the scholars argue, helps financial institutions balance their risks more wisely.

Privacy advocate Jason Catlett, president of Junkbusters, acknowledges that protecting privacy will undoubtedly cost money. But he dismisses the bulk of the studies about how information-sharing lowers costs as "propaganda."

"Banks make millions selling customer names to telemarketers. So thats lost revenue," he says. "But if this was money made against the wishes of their customers, its money the company should never have had in the first place."

Furthermore, he says, none of the studies being used by industry groups addresses the issue of bolstered consumer confidence — and increased online spending — that could result from federal privacy-protecting legislation. The omission, Catlett says, is glaring.

"The majority of Americans dont do any distance buying, and one of the major concerns is privacy," he says. "[Annual] growth in e-tailing has dropped down to 30 percent, from hundreds of percentage points, and the industry is overlooking the obvious reason [people are] not buying."

Meanwhile, Forresters McCarthy calls the figures in the recent spate of industry-backed studies "inflammatory" and says all of the research Forrester conducts shows that consumers say privacy laws would fortify their confidence in the online world.

If nothing else, he says, a baseline privacy law could at least "force [companies] to articulate what the hell they are doing — to bolster their marketing departments and put discipline around what they do."

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel