You may be spending generously on e-business and customer relationship management systems to get closer to your customers, but can you guarantee their privacy? To a legal certainty?
If these questions make you nervous, join the stampede: December 21, the date new national privacy laws kick into effect, is a whole lot closer than you think. David Braue takes a closer look.
If the legality of your privacy policy is a sobering thought, it should be. Although the world won't stop functioning as we know it if the deadline isn't met, it's not completely inaccurate to rank the introduction of the Privacy Amendment (Private Sector) Act 2000 up there with Y2K and GST in terms of sheer headache value. Only this time, it's not the just a few lines of code you've got to worry about. Successfully managing the transition into stricter privacy controls will require careful reassessment of the way your company handles information at every level.
Take a minute to think about where customer data lives in your company. It fuels marketing databases, data warehouses, and accounts receivable systems. It goes into the field on handhelds and notebook PCs, and gets written on business cards, napkins, and sticky notes.
It gets crunched into management reports, printed onto reams of mailing labels, and sent in bulk to business partners. All of this will fall under the aegis of the new laws, and it's your job to make sure that none of this ends up where it's not supposed to be.
This is the part of customer relationship management you were never told about during the sales pitch. Interact with customers online and gather their details while you're sleeping, vendors said, and you can increase profits through cross-selling, upselling and encouraging repeat business.
Processing customer data
Such goals are common to most companies adopting CRM. A recent survey of 51 Australian executives, conducted by CRM consultancy IT Factory, found that 43 percent named CRM as being important for better understanding customers' needs. One-third of respondents wanted to use CRM to share customer information among multiple sales teams, another third nominated personalisation of content as a driver, and 43 percent wanted to use CRM to give departments consistent interfaces tailored for their specific needs.
All of these strategies involve the movement or processing of large volumes of customer data, and all become more effective the more detailed the customer data that's collected. Because of this, companies aiming to use CRM as a strategic tool are going to feel the demands of the new privacy legislation like a bucket of cold water after a late night out.
That's not to say that it can't be done. Indeed, companies that have built their online systems with a considerable amount of prudence may find that complying with the new requirements is quite possible even in the limited time left. Just don't take the laws for granted; they are very real, and could have dire consequencesâ€"particularly as the European Union gradually puts sharper and sharper teeth behind its world-leading privacy principles.
Unless you can protect your customers' data to those standards or better, you could potentially be barred from doing business with European residents. Given that many of your online visitors probably fall into this category, just the threat of losing them should be enough to motivate you into action.
Paper tigers still have teeth
Debate over the Privacy Act changes has raged long and hard throughout government for years, and many critics argue that the current -soft touch" legislation has so many loopholes that it's more of a suggestion than a requirement. For example, the legislation does not apply to companies earning less than $3 million in revenues, nor is it binding on state government bodies, political parties, journalists, or employers' records about employees.
-It's so riddled with exceptions that we'd probably be better off scrapping it and starting again," says Kim Heitman, a Perth solicitor and chair of civil liberty advocacy group Electronic Frontiers Australia (www.efa.org.au). -Outside government and financial institutions, it is so light touch as to really be more of an industry code of practice rather than the law of the land. We have here a patchwork of privacy intrusions being permitted rather than a right to privacy."
Many observers assume the government will allow a short period of time for adaptation before beginning to pursue companies for violation of the act; as long as you can demonstrate that you're actively working towards meetings its requirements, you should be OK legally.
Should you ignore the law and attract the Privacy Commissioner's attention, that office can order you to meet the requirement via the Federal Court or Federal Magistrates Court. Ignore that and you'll be guilty of an offence. If you're the subject of multiple complaints you could also be exposed to a class action lawsuit for damages, and that's a headache nobody needs.
