Privacy And Profits

Meanwhile, a growing body of research is connecting the dots between information privacy and profits.

"The value proposition, the benefit for companies that manage information well and really respect the privacy rights of the customer, includes a better relationship with the customer," says privacy consultant Larry Ponemon. The companies he has studied mirror Hilton's experience.

"You get a better quality of information from customers who are willing to give it to you, thereby increasing the quality of marketing and outreach for the whole company."

Numbers are still scarce in this emerging field of study, but Ponemon found in one analysis that marketing programs performed more than 20 percent better when higher-quality customer information was made available.

"You churn fewer customers, and some may even pay a premium for a relationship they trust. This is not just about being ethical, or responding to regulatory imperatives. It's really about being a good business."

Yet according to a study by his Ponemon Institute, a Tucson, Ariz., think tank devoted to privacy issues, barely a third of large companies in the U.S. call privacy "an important part" of their "brand or marketplace image."

Rather than seeing privacy as an economic opportunity or as an active strategic goal, many companies regard a rigorous information privacy policy as something they have to do in order to satisfy regulators and marketing plans.

And even at companies that do see the business value of privacy, it can be hard for the CIO to take an active role in promulgating a customer-friendly privacy policy.

While Harvey plays an integral role in Hilton's privacy strategy, many information technology leaders find themselves reacting to the dictates of legal and marketing teams without gaining a spot at the table where key decisions are made.

"There are few companies where the CIO has real influence on privacy issues," says Venkatesh "Venky" Shankar, a professor of marketing at Texas A&M University's Mays Business School. Shankar has worked with researchers at the Massachusetts Institute of Technology, the University of California at Berkeley and Northeastern University on the business value of privacy and trust, and he is currently engaged in a long-term project to determine the return on investment that can be expected from spending to enhance trust.

One key finding: Privacy issues influence 20 percent or more of overall consumer trust of retail Web sites, with privacy relatively more important in industries such as travel and finance. To become part of the process, he says, the CIO has to work with the other key executive functions involved in privacy policy.

That's not an easy task, given the inherent limitations in the job descriptions of most CIOs.

"They don't really own this issue or determine the direction," says Allen Westin, professor emeritus at Columbia University and head of a nonprofit group called Privacy & American Business.

"The two drivers are the business—marketing and sales—and the lawyers. Marketing filters its plans for permission-based marketing, opt-in or opt-out strategies, through top management. And when the legal people speak authoritatively, they have the trump card—a bank is not going to risk its certification from the Feds. The CIO belongs on the privacy task force, but as an assembler of the technology to support it."

Yet the CIO can do more than just show up for meetings and tweak the plans of others. "The CIO needs to elevate his role to become a business strategist," says Eric Trapp, an associate partner at Accenture, which has released an article titled "The Economic Value of Trust."

Trapp says the CIO should be involved in two-way transactions with the rest of the company, both by learning to better understand the business customer, and by helping to convey to the entire organization the importance of privacy and the ways that it can be supported.

Ponemon says the CIO's role as gatekeeper of information is an increasingly important one in terms of privacy. "The CIO is in an interesting space right now—in a lot of cases they really occupy the position of chief knowledge officer, which was supposed to emerge as a new specialty but really has not done so. So privacy and trust need to fall under the CIO rubric. They can't just be force-fed the idea that privacy is something you have to do, versus something you should do, and we are starting to see that change more in leading companies."

One company cited by Ponemon as profitably privacy-centric: National City Corp., a super-regional Cleveland-based bank that has prospered by wooing retail customers while respecting their personal information.

This article was originally published on 09-15-2004
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

Click for a full list of Newsletterssubmit