SUBSCRIBE NOW!

Vol. 22 No. 8 — September 2005

This year's forum, which consisted of approximately 160 people, provided a series of six panel discussions and continuous opportunities for audience questions and comments in addition to stellar keynote addresses. Since Donnelley companies serve the needs of marketers, the question of how businesses can meet the challenges of marketing in an age of consumer rights' legislation was emphasized. But, there were also insights into how to strike a balance between consumers' rights to privacy and marketers' rights to transact trade as well as discussions on using technology to protect privacy, the role of leadership, and the impact of outsourcing on American businesses.

Hosting the invitation-only event was Ray Butkus, president of The Donnelley Group. He set the stage for discussion by commenting on the unfortunate rash of database thefts of private information. "What was on the minds of a few database professionals 5 years ago is now the stuff of the evening news and USA Today." Marketers are obviously worried about the negative effects this might have on consumer buying behavior. This fact was reinforced by the July 4 issue of News­week I brought on the trip: Its cover story was "The Scary New World of Identity Theft; 40 million hacked credit cards: are you a victim?"

Butkus said the Federal Trade Commission (FTC) reported that, for the fifth consecutive year, identity theft topped the list of complaints, accounting for 39 percent of the 635,173 consumer fraud complaints filed with the agency in 2004. He said 2005 appeared to be the year of "personal data protection."

In fact, the Personal Data Privacy and Security Act, introduced by Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., is under consideration in Congress as I write this. And Sen. Gordon Smith, R-Ore., recently introduced the Identity Theft Protection Act (http: //www.congress.gov/cgi-bin/query/z?c109:S.1408:). It was the 10th identity theft bill introduced this session.

Security Is a Process

The first panel addressed whether identity theft was a "ticking time bomb." Jim Harper, director of information policy studies at the CATO Institute (http://www.cato.org), said it's not really an explosive problem. "It's more of a rolling compost pile." He said there's a difference between security breaches and "identity fraud"—which he said is the correct name for the problem, not "identity theft." Just as it's not good practice to have a single key to all one's properties (house, cars, safe, etc.), he feels it's not good to have a single identifier key (such as a national ID card) to all financial and personal dealings. (The CATO Institute is a nonprofit research foundation that "seeks to broaden the parameters of public policy debate to allow consideration of the traditional American principles of limited government, individual liberty, free markets, and peace.")

Howard Beales III, associate professor of strategic management and public policy at George Washington University, said that information is valuable and that thieves will continue to go after it. Beales, who was director of consumer protection at the FTC from 2001 to 2004, stressed that security is an ongoing process. Just having a regulatory requirement won't fix the problem. The recent data breaches occurred in publicly regulated companies.

The consensus among the experts was that data security problems will continue and, in fact, may worsen. Evan Hendricks, editor and publisher of Privacy Times, said criminals realize this is a low-risk, high-potential crime. He feels that the credit report is at the center of the problem—it facilitates the theft and then becomes the source of an individual's problems after the theft. Our national policy tilts toward the prerogatives of large organizations, in his estimation, and he predicted that we will have to move the interests of individuals higher. We need to provide individuals with the opportunity to access personal records and the ability to correct the information.

Jerry Cerasale, senior vice president of government affairs at the Direct Marketing Association, echoed these sentiments and said that notification is the major key. He said an individual's access to and ability to correct data should apply not just to marketing or credit databases, but to all databases, such as employee files. He said at least six committees in Congress are currently grappling with proposed notification legislation. He thinks nothing will pass in 2005, but it may be approved in 2006.

Though Cerasale said nothing is foolproof, he gave the following advice to companies:

• Have a security policy in place—in writing.

• Train your employees.

• Supervise your security.

• Use the latest technology—the bad guys will.

• Review and update procedures constantly.

Creating Trust

Esther Dyson, editor of Release 1.0 and former chairman of the Electronic Frontier Foundation (EFF), said she loves technology and what it makes possible—especially the empowered consumer. But, she argued that we can and should use technology in more creative ways. The challenge for companies in the marketing industry is how to explain themselves to consumers. "Forty percent of consumers are removing ‘cookies' [from their PCs] because they don't understand the benefits and are paranoid." She mentioned Safecount.org, a recently formed industry coalition of research and marketing professionals that advocates safe use of cookies and other "pro-consumer measurement systems." Dyson also noted some positive developments in identifying spyware and in authenticating senders of e-mail.

Campbell Tucker, director of the privacy office of Wachovia Corp., works companywide to ensure that use of customer information is in compliance with privacy laws and regulations. Also key, he said, is consistency with customer expectations. "It's important to ask consumers what they want and how they want to be communicated to—and make sure you respond to their complaints."

Leaders Set the Tone

Business guru Tom Peters, author of a string of bestsellers (In Search of Excellence, A Passion for Excellence, Liberation Management, etc.), talked about what companies can do to survive in an age of "discontinuities." In particular, he addressed the need to "re-imagine" marketing and the notion that customer-centric should be equal to privacy-centric. Echoing themes from his 2003 book Re-imagine!: Business Excellence in a Disruptive Age, Peters said, "It's a dangerous world, and it's going to become more dangerous."

He continued: "It's not your father's world anymore. ... We're in a Dell-WalMart-eBay-Google world." His guiding tenets for companies trying to navigate in this challenging environment are:

• Innovate (don't imitate)

• Re-imagine

• Adapt

• Prepare

Peters is transfixed by what is going on in China—the size and rapidity of change stuns him. "I will never again wear a baseball cap that is not made in China, and I will never take a new drug that has not been researched and developed in China." Only innovative, disruptive, and "freaky" thinking will enable companies to succeed, in his estimation. He feels that outsourcing is inevitable but called on companies to do "best-sourcing," by which he means, "Work only with the best on earth."

Powell's Sage Advice

The importance of leadership—within companies and within America—was the thrust of Gen. Colin Powell's inspiring speech. While denouncing the terrorist attacks in London and agreeing that all countries must do what is necessary to protect themselves, he urged caution: "As we protect ourselves, we must be sure not to shut ourselves down. America must be seen as a friend­ly, welcoming place." And, despite the ongoing challenges in Afghanistan, Iraq, and elsewhere, he continued to urge diplomacy and said it's important to understand where we've been successful to see what to do next. "The world will continue to look to America for leadership," he said.

Not surprisingly, the notion of leadership for this retired four-star general is one of selfless service. "Take care of your people," he said. "Communicate to your follow­ers a sense of mission and purpose. And, give people the training and tools to do their jobs." He continued: "People want leaders who can convince and convey to each person in the organization the value of what each does with­in that organization."

While he didn't address information privacy issues directly, his amusing anecdotes about dealing with problems—from information technology challenges at the U.S. State Department to mediating between leaders of other countries—contained insight about rational problem solving and the power of having a value-based sense of mission. Maybe we should urge Powell to tackle our privacy and data security issues, now that he's retired (for the second time). I'll bet he'd get those Congressional committees moving toward a good compromise while securing cooperation from the credit agencies and businesses that collect personal data.

Wrapping Up

In wrapping up, Butkus shared three themes that he heard recur through the event:

• Privacy protection matters—no matter what the company or size.

• Customer "closeness" matters (but use the term "close" carefully). Companies should ask: What are we helping customers fix, accomplish, or avoid?

• Leadership matters, both on a company and personal basis. Personal leadership translates into how a company communicates to the marketplace.

A perspective that clearly emerged from the forum was that we can't just throw technology at our problems, whatever they are—customer relations, privacy, or identity fraud. People and the company culture play a major role in the success of any solutions.