Right Side Up

Cross-post from my CRM..meet VRM blog.

This post is a short(ish) summary of a working session led by Drummond Reed and me at the recent West Coast VRM Workshop, and also an introduction to the Kantara workgroup in which we are going to move this debate forward. It is also part of the thinking that will short emerge in a Mydex white paper.

At the VRM workshop, we discussed the need for the concept of the Personal Data Store, what it would do in practice, and what that will ultimately enable.

Why we need such things – because individuals have a complex need to manage personal information over a lifetime, and the tools they have at their disposal today to do so are inadequate. Existing tools include the brain (which is good but does not have enough RAM, onboard storage, or an ethernet socket……thankfully), stand alone data stores (paper, spreadsheets, phones, which are good but not connected in secure ways that enable user-driven data aggregation and sharing), and supplier based data stores (which can be tactically good but are run under the supplier provided terms and conditions). NB Our current perception of ‘personal data stores’ is shaped by the good ones that are out their (e.g. my online bank, my online health vault); what we need is all of that functionality, and more – but working FOR ME.

What they will do/ enable – the term Personal Data Store is not an ideal term to describe a complex set of functions, but it is what it is until we get a better one (the analogy I’d use in more ways than one is the term ‘data warehouse’ – again a simplistic term that masks a lot of complex activity). A Personal Data Store can take two basic forms:

Operational Data Stores – that get things done, and only need store sufficient breadth and depth of data to fulfill the operation they are built for (e.g. pay a credit card bill, book a doctor’s appointment, order my groceries).

Analytical Data Stores – that underpin and enable decision making, and which typically need a more tightly defined, but much deeper data-set that includes data from a range of aspects of life rather than just that from one specific operation (e.g. plan a home move, buy a car, organise an overseas trip).

A sub-set of the individual’s overall data requirement will lie in both of the above, this being the data that then integrates decision-making and doing.

In both cases, the functionality required is to source, gather, manage, enhance and selectively disclose data (to presentation layers, interfaces or applications).

We also discussed ‘who has what data on you’ and introduced the following diagrams to explain current state and target state (post deployment of Volunteered Personal Information (VPI) tech and standards).

The key terms that require explanation are:

My Data – is the data that is undeniably within, and only within, the  domain of an individual. It’s defining characteristic is that it has demonstrably not been made available to any other party under a signed, binding agreement. This space has been increasingly encroached upon by technology and organisations in recent history (e.g. behavioural tracking tools like Phorm) and this encroachment will continue. Indeed a general comment can be made that ‘my data’ equates to privacy in the context of personal data; so the rise of the surveillance society and state is a direct assault on ‘My Data’. Management of ‘My Data’ can be run by the individual themselves, or outsourced to a ‘fourth party service’.

Your Data – is the data that is undeniably within the domain of an organisation; either private, public or third sector. Proxy views of this data may exist elsewhere but are only that. This data would include, for example, the organisations own master records of their product/ service range, their pricing, their costs, their sales outlets and channels. Customer-facing views of much of Your Data is made available for reproduction in the ‘Our Data’ intersect.

Our Data – is the data that is jointly accessible to both buyer and seller/ service provider, and also potentially to any other parties to an interaction, transaction or relationship. It is the data that is generated through engaging in interactions and transactions in and around a customer/ supplier relationship. Despite being ‘our’ data, it is probably technically owned, or at least provided under terms of service designed by the seller/ service provider; in practical terms this also means that the seller/ service provider dictates the formats in which this data exists/ is made available.

Their Data – is the data built/ owned/ sold by third party data aggregators, e.g. credit bureaux, marketing data providers in all their forms. It’s defining characteristic is that it is only available/ accessible by buying/ licensing it from the owner.

Everybody’s Data – is the public domain data, typically developed/ run by large, public sector(ish) entities including local government (electoral roll), Post Offices (postal address files), mapping bureau (GIS). Typically this data is accessible under contract, but the barriers to accessing these contracts are set low – although often not low enough that an individual can engage with them easily.

The Basic Identifier Set/ Bit in the Middle – this is the core personal identity data which, like it or not, exists largely in the public domain – most typically (but not exclusively) as a result of electoral rolls being made available publicly, and specifically to service providers who wish to build things from them. This characteristic is that which enables the whole personal eco-system and its impact on data privacy to exist, with the individual as the un-knowing ‘point of integration’ for data about them.

The ovals in the venn diagram represent the static state, i.e. where does data live at a point in time. The flow arrows show where data flows to and from in this eco-system; I use red to signify data flowing under terms and conditions NOT controlled by the individual data subject.

Flow 1 (My Data to Your Data, and My Data to Our Data) – Individuals provide data to organisations under terms and conditions set by the organisation, the individual being offered a ‘take it or leave it’ set of options. Some granularity is often offered around choices for onward data sharing and use, i.e. the ‘tick boxes’ we all know and which are one of the main bitsof legacy CRM that VRM will fix.

Flow 2 (Your Data to Your Data, including Our Data) – Organisations share data with other organisations, usually through a back-channel, i.e. the details of the sharing relationship are typically not known to the data subject.

Flow 3 (Your Data, including Our Data to Their Data) – Organisations share data with a specific type of other organisation, data aggregators, under terms and conditions that enable onward sale. Typically the sharer is paid for this data/ has a stake in the re-sale value.

Flow 4 (Everybody’s Data to Their Data) – Data Aggregators use public domain data sources to initiate and extend their commercial data assets.

The target state is shown below, a different scenario altogether – and one which I believe will unfold incrementally over the next ten years or so…..data attribute by data attribute, customer/ supplier management process by customer/ supplier management process, industry sector by industry sector. In this scenario, the individual and ‘My Data’ becomes the dominant source of many valuable data types (e.g. buying intentions, verified changes of circumstance), and in doing so eliminates vast amounts of guesswork and waste from existing customer/ citizen managment processes.

The key new capabilities required to enable this to happen are those being worked on in the User Driven and Volunteered Personal Information work groups at Kantara (one tech group, one policy/ commerce one), and elsewhere within and around Project VRM. The new capabilities will consist of:

- personal data store(s), both operational and analytical

- data and technical standards around the sharing of volunteered personal information

- volunteered personal information sharing agreements (i.e. contracts driven by the individual perspective, creative commons-like icons for VPI sharing scenarios)

- audit and compliance mechanics

Around those capabilities, we will need to build a compelling story that clearly articulates, in a shared lexicon (thanks to Craig Burton for reminding us of the importance of this – watch this space), the benefits of the approach – for both individuals and organisations.

The target state that will emerge once these capabilities begin to impact will include the 4 additional individual-driven information flows over and above the current ones. The defining characteristic of these new flows is that the can only be initiated by the data subject themselves, and most will only occur when the receiving entity has ‘signed’ the terms and conditions asserted by the individual/ data subject. The new flows are:

Flow 5 (My Data to Your Data (inc Our Data) – Individuals will share more high value, volunteered information with their existing and potential suppliers, eliminating guesswork and waste from many customer management processes. In turn, organisations will share their own expertise/ data with individuals, adding value to the relationship.

Flow 6 (Everybody’s Data to My Data) – With their new, more sophisticated personal information management tools, individuals will be able to take direct feeds from public domain sources for use on their own mashups and applications (e.g. crime maps covering where I live/ travel)

Flow 7 (My Data to (someone else’s) My Data) – An enhanced version of ‘peer to peer’ information sharing.

Flow 8 (My Data to Their Data) – The (currently) unlikely concept of the individual making their volunteered information available to/ through the data aggregators. Indeed we are already starting to see the plumbing for this new flow being put in place with the launch of the Acxiom Identity Card.

The implications of the above are enormous, my projection being that over time some 80% of customer management processes will be driven from ‘My Data’. I’m pretty confident about that, a) because we are already see-ing the beginning of the change in the current rush for ‘user generated content’ (VPI without the contract), and b) because the economics will stack up. Organisation need data to run their operations – they don’t really mind where it comes from. So, if a new source emerges that is richer, deeper, more accurate, less toxic – and all at lower cost than existing sources; then organisations will use this source.

It won’t happen overnight obviously; as mentioned above specific tools, processes and commercial approaches need to emerge before this information begins to flow – and even then the shift will be slow but steady, probably beginning with Buying Intention data as it is the most obvious entry point with enough impact to trigger the change. That said, the Mydex social enterprise already has a working proof of concept up and running showing much of the above working. A technical write up of the proof of concept build can be found here. And the market implications of this are explored in more detail in new research on the market value of VPI shortly to be published by Alan Mitchell at Ctrl-Shift.

The two hour session at the VRM workshop was barely enough to scratch the surface of the above issues, so the plan is to continue the dialogue and begin specifying the capabilities required in detail in the User Driven and Volunteered Personal Information (technology) workgroup at The Kantara Initiative. The workgroup charter can be found here. A parallel workgroup focused on business and policy aspects will also be launched in the next few weeks. Anyone wishing to get involved in the workgroup can sign up to the mailing list here and we’ll get started with the work in the next couple of weeks.

Tweet This Post

Iain Henderson Data, Privacy, Project VRM, vpi

Here’s my theory on what happens when the subject of VRM/ buyer-centricity is raised in a CRM context.

Hopefully we can work on improving our VRM sales pitch at the VRM workshop in Mountain View later this week.

Anyone with suggestions as to how we can better tell the story and who won’t be at the meeting this week then please chip in with comments and we’ll make sure they get taken onboard.

Iain

Tweet This Post

Iain Henderson Project VRM

Here’s the invite. Interesting venue – SAP HQ in silicon valley.

You can register at EventBrite, here:

http://vrmwestcoast2009.eventbrite.com/

It’s free.

Tweet This Post

Iain Henderson Project VRM

Here’s an interesting presentation given to the Direct Marketing Association annual Privacy and Data Protection conference last week by Marc Dautlich of Olswang, the lawyers who are advising the Mydex CIC.

The whole deck is useful to those of us interested in privacy and data protection, but the concluding slide is of wider interest – Marc predicts that Volunteered Personal Information will become the dominant marketing paradigm by 2015. Let’s hope so…..

Tweet This Post

Iain Henderson Data, Direct Marketing, Project VRM Direct Marketing, Direct Marketing Association, Privacy

As a buyer of far too many computing gadgets over the years, I’ve become very familiar with the term ‘hard re-set’. This is typically used to describe a situation in which a system has got its inner workings so tied up in knots that the only way to fix it is to wipe the slate clean and start again.

I’m increasingly of the view that a hard re-set is what is required to re-invent the direct marketing industry (in which I include Facebook, Adwords et al) and in doing so prevent it from self-destructing. Before we get to what that hard re-set will involve, let’s be clear about what the problem is.

In my view, what’s killing the industry (which I’ve been part of since 1986) is its determination to cling on to the principle that unless an individual has ‘Opted Out’ then they are fair game to be targeted with marketing messages.

In some aspects of the direct marketing industry, e.g. direct mail prospecting, the interpretation of ‘opt out’ is not subtle, i.e. we’ll physically mail you with whatever we like, when we like…..and enough of you will respond to make it worth our while.

In other areas, e.g. e-mail marketing or loyalty/ retention marketing there is at least some form of value exchange in place….give us your contact details and consent so we can market to you, and we’ll let you have a look at content ‘for free’ or we’ll give you a discount on something you may buy (both of which, by the way, we may cover the cost of and more by selling your contact details and related data to someone else).

There are further aspects of the industry that are prone to what amounts to self-serving behaviours on behalf of the direct marketer. These typically involve the ‘grey areas’ such as ‘soft opt-in’ (deriving an opt-in from an existing ‘relationship’ rather than a pro-active customer consent); advertising within service communications; selective interpretation of how to use industry suppression files (such as the Mailing Preference Service in UK or Do Not Call list in USA); weak design of suppression files (i.e. too many exceptions left in place); burying the use being made of personal data either by summarising to a meaningless level, or losing within privacy policies that no-one reads other than those who drafted them.

But….guess what….. despite all this trickery, selective interpretation and manipulation, it’s still not working. Opt Out rates continue to climb on internal and external suppression files……, at least until the next work-around or piece of marketing spin makes them dip for a few months, before the inexorable upwards march continues…..and response rates on many direct marketing activities are zero.

What’s the direct marketing industry response to this? It’s simple – find new direct channels (e,g, Google Adwords, Facebook) and/ or send more messages. After all, e-mail costs peanuts to send, and on ‘digital’ we can at least pretend we have permission to market’. So, I’m really looking forward to counting how many ‘twelve days of xmas’ e-mail campaigns I get targeted with this year (in fact I got my first this morning); which marketer can turn down the opportunity to send e-messages 12 days in a row?

Of course none of this would matter if marketers were sending messages that were highly targeted, using good input data, and thus were relevant to the recipient. They are not – the average 98% non-response rate is enough evidence for that (wouldn’t it be good for the mind-set change if Marketing Directors tracked campaign performance via non-response rates instead of the response rates they ask for now!!!). And this issue of relevancy of message is where we realise that the inner workings of direct marketing as currently deployed need that hard re-set:

• Sending relevant communications requires rich, ‘needs’ based data (typically expressed as ‘intention’)
• The only source of accurate needs/ intention data is the individual
• But the individual knows that handing over rich, needs based data will increase the amount of direct marketing they are exposed to
• So they either don’t hand it over, or enter flawed or dummy data to get at what they want (where consent is being swapped for information)
• Leaving organisations to derive ‘needs’ from other sources (e.g. transaction history) – and thus send irrelevant messages informed by best guesswork.

As an aside, when deriving from transaction and interaction data, some organisations will direct market better than others…Amazon, Tesco, Network Solutions are some who do it well – at least in the current modus operandi. They typically take the time and effort to do rich analysis on the raw material they do have, and send communications based on it. But even their raw material has flaws; to illustrate:

• Amazon regularly send me e-mails along the lines of ‘other people who bought MySQL for Dummies bought MySQL for Beginners’; the problem being that the MySQL book I bought was for a developer working with us. The chances of me buying another one are zero – that need has long since gone. Of course Amazon could provide me with tools to flag that this book was not for me…..but why would I want to spend time cleaning up data (unless, of course, it was exportable to my own record)?
• Tesco – I have a Clubcard although could not honestly say that it ever influences my buying behaviour as I’ll buy groceries from whichever supermarket is near where I happen to be and rotate around the online deliverers waiting for one to come up to scratch. That said, Tesco don’t seem to bother me much with direct marketing, so I’m obviously not in a high value segment (according to the data they have anyway), and they are probably making enough money from me in re-selling what they do know to the FMCG manufacturers.
• Network Solutions. These guys are my favourites, they try so hard on cross and up-selling and have designed much of it very well that they could be a ‘poster child’ for CRM. The problem is they just don’t know when to stop deriving ‘new stuff we could sell’ from the scraps of data they have access to. Consider the screen-grab below, which is what they present me with each time I’m on their site. Granted, I do live in England; but surely even the most optimistic marketer is not going to expect to sell www.iainhenderson-england.com to a Scotsman!!!!

So….back to that hard re-set…..

I believe that there are four components of a solution that, when deployed, would revolutionise direct marketing; and in doing so build a more receptive customer base. A genuine win-win that would far outstrip the short-term headaches. The components are:

Cross-Media Suppression File

The first, and most fundamental, the hard re-set itself, is making available a blanket opt out of all direct marketing suppression file. That is to say, a reference file within which an individual can register their preference to receive NO direct marketing messages at all from point of registration onwards – unless they have actively and overtly opted in through a consents management vehicle under their control. This file would include all direct media (direct mail, e-mail, SMS, telephone, mobile telephone, VOIP, pop-ups/ i.e. tracking cookies – and any other direct media invented over time). The file would be created as a stand alone entity, but could be configured to take in feeds from existing suppression files such as Mailing Preference Service, Do Not Call, the proposed Do Not Track etc.

Persona/ Role Based Opt In Capability

Second – the capability for the individual to establish one or more ‘privacy profiles’ at persona/ role level. The ability to operate at persona level is key in that in different aspects of life an individual may wish to establish different communications preferences. For example an individual in their head of household mode may wish to receive ‘no junk mail’, but in their ‘Secretary of the Golf Club’ persona they may be happy to receive messages from useful business services only….but delivered to a different address.

Articulation of Needs/ Wants (Intentions) in Usable Format

Next – when the blanket opt out is established as a point of principle, the end user then must be enabled to opt back in to specific communications – but on their own terms. This means being able to specify some or all of:

• Who they wish to receive messages from
• Which message types they wish to receive (e.g. offers, quotations, reminders, news updates)
• About what do they wish to hear
• At what time do they wish messages to arrive
• Through which channel
• Over which time period should messaging be switched on

Message Management Capability

Lastly we need a message matching and management capability. The above capabilities, in combination, generate a file of ‘opted in, buying intentions requesting matching offers’. This must then be matched against a file of ‘people/ organisations that want to sell stuff/ provide requested offers or information. Where a match is found, an introduction is made, where not – no message is sent (or that no messages matching criteria set are available). Ideally the message matching and management capability will be able to work across all relevant media. It should also have ‘closed loop’ reporting capabilities in order that all parties can track the success of their actions/ learn for future use. It should also help the recipient understand the upsides and downsides of the various media options in the context of what they wish to receive in order that they choose which works best for each message. (e.g. a mailed catalogue may be most environmentally damaging, but may still be the best means of deciding which conservatory to buy as it offers most detailed visuals and descriptions in a format that can be browsed in a relaxed/ un-pressured manner.

In addition to these 4 building blocks, there is an implied commercial logic in such a modus operandi. This is quite simply that by respecting individuals’ right to chose the direct marketing messages they receive the response and conversion rates from these messages will be much higher.

For example, I already know that I will lease a new car next April when my existing lease runs out. I have a pretty good idea which manufacturers I’ll consider, and which cars within those manufacturers. And what I don’t know now, I will research through buyer-centric information sources such as Which, Edmonds or similar. Once I’ve made up my mind on a preferred option, with all the options I want tagged, and two fall back positions then I’ll ‘go to market’ with a very clear spec, defined time lines, and money waiting to close the deal. I’ll end up with what I want at a fair price, and the suppliers I engage with will either have closed a sale, or come close without wasting too much time/ effort.

My colleagues and I have built a VRM Proof of Concept that demonstrates the above, it is accessible here.

This proof of concept shows a scenario in which the individual is fully in charge of the direct marketing messages they receive. It shows illustrative deployments of the 4 building blocks above. It’s not fully built out by any means – no organisation is using the suppression file in anger, only a few products and services in the opt-in table have any substance behind them (ipods and travel insurance), product/ service selection itself could be built out in many alternate ways, and e-mail is the only messaging protocol demonstrated.

…..but it does show how an individual could be empowered to only receive the direct marketing messages they want to receive….and only those messages.

What would be required to shift from the current approach to something like that shown in the Privacy Preference Service?

Firstly, let’s be clear – it’s not about technology, although that helps in specific aspects of the challenge. Also, it’s not about changes in legislation – all that ever does is raise the bar on a temporary basis until commerce demands that work-arounds be found. New/ upgraded legislation will emerge in the privacy space over time, and will help – but it won’t be leading the charge.

It’s really about that mind-set change, which is, of course, helped if it is underpinned by commercial logic. Organisations must recognise that they are alienating their customers and prospects by sending irrelevant marketing messages. They must also realise, difficult as it will be, that ramping up spend on data mining, customer insight, real-time ‘next best offers’, Facebook beacons etc etc, and all the latest CRM wizardry is not the answer. The real answer is to cede control of ‘customer needs’ data to the customer themselves, and to build tools and services that allow this data to flow.

That’s what Project VRM will do. The logic behind Project VRM is clear – that the tools require to balance relationships must be built on the customer side. Permission management tools such as those discussed above are a good start point.

Tweet This Post

Iain Henderson Data, Direct Marketing Data, DirectMarketing

Ownership sounds like such a simple idea…..

At first glance, the ownership of “my” data seems straight forward. I created it (or at least was involved at the beginning), it’s about me, so I own it. But personal data is a slippery concept. For one thing, a lot of the time it’s co-created – by me and my supplier, including my government. And tying down the legal specifics of data ownership is a bit of a minefield. Hence the recent and continuing debate on the Project VRM mailing list about whether an individual does, can or should ‘own’ personal data relating to them.

I take the view that individuals will ultimately have a form of ownership rights to data that relates to them. So far so good, but the word “ultimately” there is important, and frustrating. This will take some time to happen, and will relate to only some of the data in question. My view is that ‘ownership’ of personal data will come about through a combination of issues and events; and that this will all pan out over the next few years.

Firstly, the sensitivity of individuals to problems with firm’s use of data is rapidly increasing. The way most organisations gather and use data is often invisible to the individual, and almost always annoying to them. For one thing, there are regular and sizable breaches in data security. One example is the TK Maxx breach – which has now doubled in size from that originally admitted. Plus there’s a growing identity theft problem, with little sign of a solution in sight. And as we all know there are ongoing problems with spam to compound the everyday irritation of poorly targeted, invasive direct marketing. In the same ‘worrying’ space are large corporate acquisitions or investments (e.g. Flickr/ Yahoo or Facebook/ Microsoft) in which access to identity data initiated by and important to the subject are traded for a few dollars per record.

This increasing pain, without legal recourse, will drive some firms to offer commercial services to reduce that pain. These will include ‘who has data about me’ services such as Garlik, reverse-marketing services such as Pureprofile, transparency enablers such as The Trust Index (disclosure – this one is one of my hobby horse projects) and some plays from more traditional players in the personal data space such as Experian, Equifax or CallCredit. All are now beginning to explore how they can sell personal data back to the data subjects.

Another driver will be data breach notification legislation. It will be deployed in the EU and in many other countries. I expect it will be watered down, and won’t do too much in practice to change the accessibility of stolen customer data. The going rate, by the way, is £140 for 1000 credit card records – with security codes – or so I heard the last time I checked. But no matter, such legislation will at least build some additional legal rights on the side of the individual in the personal data space.

Next, opt-in-based direct marketing is going to become the norm across ALL communications channels – upping the value of ‘permissions’ data. This will be a sensible approach for large organisations to adopt commercially, largely for environmental reasons. And user-centric identity technologies (such as open ID, Infocard and i-names) will start to become more popular. They’ll impact b2c (or more accurately c2b) electronic relationships. People will want to restrict the flow of personal data into organisations, though people will see a clear trade off in offering personal data to get improved customer experience.

Meanwhile, the next generation of personal information management services will emerge. These alternative ‘single views of the customer’ will be available for organisations to tap into — with permission, and usually at a cost. This will be the trigger point for real change. For the first time, data sourced FROM an individual will be more valuable commercially than data gathered ON an individual. In practice, this is about “pull”: the commercial value of these new data sources comes from the higher response rates that come from the much improved relevancy of communications. ‘Pull’ beats ‘push’ every time at the micro, one-to-one level.

When this new value is created within the PIMS, commercial law swings into gear. Individuals and suppliers will build robust contracts around these new services and at last, we have something akin to ownership of our personal data.

In short, the point at which I will ‘own’ my personal data is the point at which I can actively manage it. If I have the choice over whether to sell it to someone, and can cover that sale with a standard commercial contract, then I clearly have title. But – and this is crucial – this doesn’t mean that I ‘own’ all the personal data that relates to me. Lots of it will still be lying around in various supplier operational systems that I won’t have access to (and probably don’t want to – much of it is not worth me bothering about).

Technically we can just about do this now. As ever, I think we’ll have to wait a bit longer for all this to build a mass market for personal data ownership and management. That said, I think we’ll start to see little signs of life in this space over the next 12 months. Watch, as they say, this space.

Talking of which, do any of you database marketers out there want to buy my ‘intention to buy’ data for the next 6 months? I’ll break it down by product / service category, add likely purchase dates, indicative amounts and existing preferences of various types… and send it in a format that feeds straight in to your CRM system. £10 per category for a one off use, and I can GUARANTEE that my data will be more predictive of what I’m going to buy than your own analysis or what you can buy in from other external data providers.

Iain Henderson

Tweet This Post

Iain Henderson Data Data, ProjectVRM

Here’s a new project with complementary aspirations to BCCF.

Project VRM (Vendor Relationship Management) is coming primarily form a technology/ digital identity start-point. It is sponsored by The Berkman Institute at Harvard and led by Doc Searls, Senior Editor at Linux Journal and Co-author of The Cluetrain Manifesto.

Nice to see the convergence between the technologists and the customer management practitioners bringing this space closer to reality.

Tweet This Post

Iain Henderson Project VRM ProjectVRM