What If Companies Just Asked?

Sturdevant: Separate data privacy and data use.

I finally figured out what bugs me about how my private information is used and abused by businesses large and small, legit and not-so-legit. Somewhere in the rush to the Internet, some dope decided it would be a good idea to cloak data use policies in a "privacy" statement.

It was a great gimmick for the marketers. Consumers see a privacy bug on a companys Web site and think it means they can look around and be left alone. Marketers then collect tons of personal information and browsing habits, then let loose with the spam. If you want to play a dirty trick on a coworker, go to a mortgage brokerage site and use a "free" loan calculator in their name. Your coworkers e-mail account will be rendered useless before the end of the business day, clogged with offers to help him or her refinance.

The question for businesses that want a long-term customer relationship is how to make this kind of spam more effective.

For example, instead of taking an adversarial relationship ("we will sell/trade/give away your personal information anytime we can make a dime"), conscientious enterprises should seek to strengthen customer privacy. Have simple privacy statements that actually protect privacy. Have separate "information sharing" agreements where customers can explicitly opt in and control how their personal information—including their e-mail address—is used. Businesses could also use technology to tailor campaigns, and invite users to express preferences.

The results could be amazing.

The Internet married P.T. Barnums old saw "theres a sucker born every minute" with Moores Law, resulting in a spectacular amount of spam. Corporate mail servers and networks are deluged with unwanted email because there are a few poor souls with e-mail addresses who appear to be interested in Viagra-like supplements and refinancing their house. The payoff spammers receive from having even a tiny percentage of these people respond to their cons and hoaxes is far greater than the current efforts most IT managers can muster today.

Pending legislation like the CAN-SPAM Act of 2003, introduced in the U.S. Senate in April, will also likely fail to control the spam bloom; in fact, I can imagine many ways in which CAN-SPAM will make the problem worse. For example, people who are not interested in Viagra-like supplements, but who got spammed with the e-mail for a "free sample," will likely start hitting the "unsubscribe" button because CAN-SPAM legislates that spam must provide a way to unsubscribe.

Not! Years of user and consumer training to never, ever, ever reply to junk e-mail could go down the tube. Nimble spammers running a quick-hit scam will be delighted to know that CAN-SPAM could provide them with tens of thousands of validated e-mail addresses.

IT managers clearly need to get more involved in the business processes of their companies. Educate marketers and sales managers so they understand that technology can help focus their offerings to people and businesses that actually want to buy them. Helping customers make informed choices about how their private information is used, then harnessing that data to offer products and services people want, could turn out to be a great way to distinguish your company from the competition.

Senior Analyst Cameron Sturdevant can be contacted at cameron_sturdevant@ziffdavis.com.