Why so many privacy policy updates? Part 2 of 2

This week, we’ll continue discussing why you’ve received so many privacy policy updates lately.

Over the last decade, the trifecta of poor security controls, poor user-behavior controls (ie: can you bring a USB drive to work and plug it into a cash register?), and criminals crossed paths to produce repeated data breaches. You’ve heard of the big ones like Sony, Home Depot, Target, and Equifax. Naturally, there are many more. We rarely hear about the ones at small local businesses.

While the Feds have done little to require businesses to strengthen data privacy & security, some companies have voluntarily raised their security efforts. Many didn’t. It’s a broad global issue.

For example, you never give your credit/debit card to a clerk, waiter, or bartender when traveling outside the US. They bring the card machine to you. You insert the card, ok the amount & pocket the card, then hand the machine back to the clerk. US cardholders control the card like this only at big box retail & grocery stores. This process reduces the possibility of people stealing card info because employees never get possession of the card.

The other shoe drops

Two years ago, the European Union decided they’d waited long enough for companies to use consumer data carefully & properly protect it. They created the GDPR – or “General Data Protection Regulation“.

The GDPR gives control of a consumer’s personal data back to the consumer, requires clear privacy policies, and sets rules for how opt-ins are offered / used. But that’s not all.

It also has a few other items of interest:

  • Ever been frustrated that a company has as data breach and doesn’t report it for months or even years? GDPR requires providing the EU authorities within 72 hours of determining that a breach occurred (there are more details about what breaches require this, but I’ll leave that investigation to you).
  • Ever installed software, installed a phone app, or accessed a website that asked you to agree to 42 pages of terms and conditions written in legalese? GDPR puts a stop to that, which is why you’ve been getting all those privacy policy update emails.

First, I don’t recommend reading the GDPR reg on the EU website unless you’re an attorney. Maybe not even then. There are plenty of good, detailed explanations about what it means to companies based in the EU, companies with offices in the EU, and companies that do business with EU residents.

That last part is why US companies have to pay attention.

Why does a US business care about GDPR?

First off, this is not legal advice and I am certainly not an attorney, nor do I play one on TV. You need to discuss this stuff with your legal counsel, mostly because getting caught playing this game wrong can get really expensive.

You may think this doesn’t matter because it’s an EU regulation. You might be right, particularly if you only serve local customers. However, if you have an online business that serves customers in the EU, a closer look is merited.

This isn’t solely an EU problem. This change had to start somewhere and most of it is necessary. I suggest that you look at GDPR with your team. There are numerous “GDPR for Americans” explainer pages to help you decipher it.

For example: There are exemptions (perhaps not the right word) for data collected when the EU person is not in the EU, or when you don’t advertise in the EU, target EU prospects in your ads, or have EU languages / currencies as part of your website.

Even if exempt, we need to look forward

Companies need to take more responsibility for protecting they data they collect than they have previously done. Likewise, they will eventually need to give consumers better access/control of the data collected about them. Failing that, it will be forced upon them.

Why? Because Congress will eventually be forced to implement something & they have routinely shown a lack of ability / desire to understand how US businesses use technology.

Imagine how “the Patriot Act for business” and “TSA for data” might look like if written in a fear-based mindset after a “bad actor” gets an IRS database. If history teaches us anything, it’s that they’ll overreact.

Another angle: Companies that are ahead of the curve are going to be more attractive to consumers and prospective buyers.

The GDPR is enforceable as of May 25, 2018.

Why so many privacy policy updates? Part 1 of 2

If you buy stuff, do business, and/or take courses online, you deal with someone who collects your email & other personal info. Recently, you’ve probably received numerous emails regarding changes in their privacy policy. A privacy policy documents how a company uses the data they collect during the process of selling something or providing content to you.

A little backstory is necessary to paint a picture of why data privacy has gained recent attention & how recent changes could affect your business.

Why the data is important to businesses

If you’ve gotten a credit card offer in the mail, credit card / bank / credit bureau data about you was used to turn you-the-product into you-the-customer. It’s easy to buy a list of mailing addresses of people who make more than $75K a year, live in upscale neighborhoods, & own their own homes. This is not new in the Facebook era & they aren’t the first company using this data. It’s been happening for decades.

Some of this use is wise. Advertisers want the best return for their investment & businesses want the advertisements they offer to be effective so that advertisers keep advertising.

When we see out of context ads, they seem stupid & annoying. You may wonder if the advertiser (and the company displaying the ad) know what they’re doing. Effective advertisers don’t make money being stupid, and annoying. They like putting stuff in front of you that you’re inclined to buy.

Retargeting, not Big Brother

Advertising effectively includes using what you know about a prospect to show them ads for things they’ve previously shown interest in.

Perhaps this morning you looked at baby clothes on Amazon. This afternoon, you might have been weirded out to see an Amazon baby clothes ad in the Facebook sidebar.

This isn’t Big Brother.

It’s the smart (and sometimes obnoxious / overbearing) re-use of data collected when you were shopping. It’s called behavioral retargeting. When you visit Amazon.com, a blog, or Pinterest, your browser stores info about what you viewed.

Amazon advertises on Facebook. When they do retargeting, their dynamically generated Facebook ad has the ability to re-use the data your browser stored on their behalf while you were at Amazon, but they can only see the data they stored. Other sites you visit can also buy Facebook ads pointing at Amazon-offered (and other) products based on what you viewed when on their site, but they can’t see what Amazon stored.

Circling back to privacy policy

The value of this data grows as you collect more of it. When value is developed, there will be people who want to abuse it. Likewise, there will be people who want to steal the data and misuse it.

For years, the Federal Trade Commission has been tightening up monitoring and enforcement of advertising & (particularly) testimonials posted by US-based online businesses. This happened because of poor behavior by a small percentage of people. They made up testimonials, paid for testimonials (without making it clear that they were paid for), and/or sold their contact list to other businesses without telling customers they’d become their product, etc. While not all paid testimonials are a bad thing, misuse & less-than-ethical behavior was going on. The volume of complaints to the FTC was increasing.

Originally, there weren’t many rules about how the data could be used because the companies with this data treated it as a trade secret. Before company networks connected to the internet, data was easy to protect. Obviously, being connected to the internet changed that.

The FTC hasn’t taken the next step regarding the contents of the privacy policy. By requiring businesses to state how a person’s data would be used, they left action to the consumer by allowing us to choose businesses (in part) based on their stated privacy policy.

Brick and mortar businesses and organizations like Equifax haven’t been held to the same standards as online businesses, probably because they’re easier for the consumer to find & confront. However, businesses like Equifax are under no regulatory requirement to adhere to your requests about the data they collect about you. For example, when you ask them to delete your personal data from their systems, they don’t have to do it (and probably wont). You’re the product they sell, remember? More specifically, data about you is the product.

The misuse & lack of consumer control provoked what happened next. We’ll cover that next week.

Photo by stockcatalog

Tactical caring

I don’t talk about “b word” too often, but branding is really what a lot of our discussions are ultimately about.

One of the more incisive definitions of branding that I’ve seen is “What people think when your business name is mentioned”. If that doesn’t cut right to the bone, I’m not sure what does.

A recent branding discussion between Justin Kownacki, TD Hurst and myself eventually settled into talking about businesses using “looking like we care” as a tactic as opposed to actually showing that they care. So here we are.

Take a moment

Consider the places you do business with. What’s the first thought you have when you think of them? One of the things that comes to mind for me is “Do they care about my business?”

In other words, is my business important to them? No, my business probably doesn’t keep the local watering hole or pizza joint open all by itself, but do the folks who run and work in those places (and others) give me the impression that they know I could have gone somewhere else?

Not far from my parents’ old place in Plano Texas, there’s a pizza place owned by a Greek family. My parents would almost always take us there when we went to Big D to visit. No matter how busy that place was, the owner always made a point of taking a moment to come out from behind the counter to greet us at our table, welcome us to his place and “visit”, as my grandmother called it.

While this wasn’t necessary, it was a painless, cost-free way to recognize a regular customer by simply being friendly without being mechanical. It only took a moment, but it meant a lot. How do you know? I haven’t visited Dallas in almost ten years. My parents moved.

Yet almost 10 years later, I still remember the impression left by a balding Greek patriarch who was proud of his place and happy we chose to have dinner with him.

If you’re the recipient of this kind of attention, you’re aware of the night and day difference between that and the “tactical caring” you’re used to receiving.

Which kind of care does your business serve up?

Do they or don’t they?

About those places you considered earlier…Do they care? Or do they do things to look like they care?

What’s the difference?

  • Looking like you care: Including a photo of a USB cable on the instructions included in my new printer’s box so you can save the 48 cents per sale that the cable and its packaging cost.
  • Showing that you care: Including a USB cable and charging a dollar more for the printer to save your client a 20 minute trip to the store.
  • Looking like you care: Saying a mechanical “Thanks for coming” as I leave. “Mechanical” because I hear you say the same words to everyone, right after the bell above the door frame jingles.
  • Showing that you care: Thanking me before the bell jingles, and doing so by using my name or some other personalized message that doesn’t get repeated to the next 41 people who leave after I do. Also…thanking me later, via email, a postcard, text message or by somehow rewarding my visit – even with something that costs you nothing. Remembering that I’ve been there before and making note of it, even if you don’t remember my name.
  • Looking like you care: Smiling at my four year old granddaughter when we enter your store, even though you sell nothing she’s interested in.
  • Showing that you care: Smiling at my four year old granddaughter, kneeling down to her level and saying “Hello, young lady”, even though you sell nothing she’s interested in.

It’s OK

Training your staff to look up from the cash register and grunt when a customer enters is transparent, repetitive motion, tactical caring. Stop it. If people needed random grunts to make their lives more fulfilling, they’d install iGrunt on their phone.

Training your staff to take a brief moment to greet someone personally is scary. Do it anyway. Yes, it’s common sense. So why aren’t your people doing it?

The election cycle is behind us. It’s OK to care again. Just don’t grunt.

How to make it easy for customers to fall in love


Creative Commons License photo credit: MahPadilha

Back in March, I wrote about a lamp shopping experience I had in a local store.

Today, this story in VentureBeat (reminds me of TigerBeat…) and Forbes caught my eye.

It’s about the preferred angle of the MacBook screen on store displays in the Apple Store.

The lamp and the MacBook stories… are about the same topic. Love.

I’ll ask again… Are you paying attention to the things that make it easy for people to fall in love with what you sell?

Small business owner: “What’s with these funny new barcodes?”

Ralp Lauren Rugby QR code
Creative Commons License photo credit: mackarus

You may have seen those odd-looking square barcodes in newspapers and magazines, on product boxes, etc.

You might even have noticed them in the middle of the star-shaped signage in some Macy’s television commercials.

They’re called “QR codes“.

Why should business owners should care about them?

A smartphone can scan/read a QR code, which will take it to a specific web site address (URL).

Why use them at all? Who really cares about yet another barcode?

Your prospects and customers do. Some of your websites make it really hard to buy.

For prospects and customers using smartphones, it can be particularly annoying. But your customers don’t use smartphones, right?

Let’s talk about that. Currently, Nielsen (yes, those TV ratings people count other things too) says 40% of U.S. cell phone users use a smartphone.

A web search will tell you that there are 327 million active mobile subscriptions in the U.S. Yes, that’s more mobile subscriptions than there are adults, per the 2010 census. The numbers get a little whacked partly because of the number of people with a personal account/cellphone and a business one (provided to them or otherwise).

327 million is a fairly big number. Too big, maybe. To get a better handle on the numbers, a glance at a 2009 CTIA (wireless telecom industry group) survey of their members report indicated that 257 million Americans have data-capable devices and about half of those are phones. The rest are laptops and tablets. So we’ve reduced the number to roughly half the population, which is close to the Nielsen number.

Again, that’s a end-of-2009 number….BEFORE the availability of iPhone4 (and 4S), iPad and other modern-ish tablets.

Seems to me a number that’s even 10 million smartphones too big would be enough to provoke interest in the experience mobile/smartphone website users have at your site.

So now that you have big scary (or exciting) numbers to think about – particularly if your business deals in retail, tourism and other core business-to-consumer fields – get back to solving “we make it hard to buy” problem.

Important safety tip about using QR codes

Never (yes, never) use your home page URL as the destination.

Reason #1 – QR code users are, by definition, mobile users. Presumably you have a URL that is designed to be used by mobile browser users so they don’t spend all of their time squinting, pinching and spreading (or pressing zoom buttons) to read about your cool new product. If your site automatically senses mobile browsers and changes behavior or reroutes them to pages designed for mobile users, all the better.

Reason #2 – Sending them directly to your home page can make it far more difficult to measure inbound visitor numbers.

Why is that important? Because you want to know how your QR code links are performing by media/by ad/by publication etc. If you have them going to different URLs (web site addresses) such as MyReallyCoolsite.com/QR1 and MyReallycoolsite.com/QR2, then you can figure out their individual performance.

If QR code A works better than QR code B, you have information about the effectiveness of the media, placement and other characteristics of the location of that code. You can eliminate this reason by including QR code specific analytics codes (Google Analytics, et al) in your URLs, but that doesn’t eliminate the most important reason…

Reason #3 – Why did they scan (and hopefully share) that QR code/URL? Because they wanted something specific that they were looking at RIGHT THEN. If I’m looking at a Corvette ad in an in-flight magazine, do I want to go to Chevy.com or do I want to go to the page that describes the smokin’ Vette I’m looking at?

The primary reason to use them

Consider how annoying it is to navigate not-so-mobile friendly sites on a smartphone. Make yours the friendly, easy site for mobile users.

Make your customers’ life easier. Make it easier for them to visit your site, visit the right page and share something about your business that they want to share.

Ask anyone in the publishing business about pass-along numbers. They’re important to readership, so much so that they claim pass-along readership as an asset to advertisers.

Transfer that thought to your website, catalog, ads, trade show materials, demo products and other materials. Do they need a QR code so that people can view/share them easily?

In many cases, I think so.

Service before the no-sale

This is what can happen when a legitimate customer hits an artificial wall within your business.

It’s made worse when customer service is setup to fail. Clearly the service person has no power to do anything positive to seal the deal and help / retain this customer.

The guy is standing there with money in his hand and she is forced to tell him they can’t take it unless he’s willing to buy an old, backdated version of the product.

What’s worse is that the rep has been trained to say something like “I understand why you would be concerned.”, which is code speak for “Yeah, it stinks but I can’t do anything about it, sorry.”

Don’t put up artificial walls.

Don’t make customer service (much less your website) into a “sales prevention department”.

Make it easy to buy.

Verizon’s pleasant surprise

Waiting For an Important Call
Creative Commons License photo credit: Sister72

Thursday was the first day of retail, walk-in Verizon iPhone sales in the U.S.

Normally a visit to our VZW store is guaranteed to consume 60-90 min, even here in rural Montana. They’re usually busy, so you sign in on a screen and they call your name in the order you arrive.

If you set your expectations at that 60-90 min, you’re not so annoyed when you finally get to leave.

Fast forward to the end of Thursday. My wife comes home, saying she wants to go get her phone.

I’m thinking “Oh man, its the first day. Its gonna be nuts.” Based on past history, I expect at least 2 hours.

The Surprise

We walk in and they are hammered. Even so, they still have 3-4 people standing around freed up, waiting for wanna-be hipsters.

We get someone right away. We pay, the Verizon guy moves her contacts from her Blackberry to the iPhone 4. The phone activates in 27 seconds and we leave in a total of 10 minutes.

TEN MINUTES. Someone put some logistics work into this rollout.

I’m FLOORED that we got in and out of their store with a phone switch in 10 minutes on the first day of retail sales, especially given that a normal day takes an hour on most occasions.

I talk to someone later and find out that after several hours in line, a guy in Seattle called to say he was still 8 blocks from the store.

10 minutes = Montana fringe benefits.

Meating expectations

When I first came across this meat vending machine, the comment I read introducing it was something along the lines of “Do we *really* need this?”

If this butcher has customers who do shift work – or anything that keeps them from visiting the shop during business hours- it’s worth a try.

Perhaps he had a lot of customer comments about his hours from shift workers and this was how he decided to serve them.

Perhaps it only serves custom pre-paid orders. You don’t really know, but if it works for the shopkeeper and their customers, who cares?

The real question is what can you borrow (and change to suit your needs) from another line of work in order to better serve your customers?

Brookstone: Thinking like road warrior

Someone at Brookstone is paying attention.

Maybe it’s Brookstone policy. Maybe it’s the person that just happens to be running the Brookstone counter where Jason walked in.

No matter what, there’s a huge lesson in this brief comment from Jason Falls.

Brookstone rocks. Bought an iPad/iPhone backup battery unit. They said, "Would you like one fully charged for your flight?" Hell yeah!less than a minute ago via TweetDeck

You’re in an airport and you buy a battery. OF COURSE you want it charged.

Someone thought about this enough to actually have charged ones available.

Huge. This is the kind of thing you think of IN ADVANCE in order to make loyal fans out of “mere customers”.

How can you Brookstone your business like this?

Mining shoeboxes for customers

Prospector
Creative Commons License photo credit: ToOliver2

In these days of oil spills and mine disasters, it might seem a little off-base to ask about mining, but I think you need to become an expert at it – and do it regularly.

It’s a critical skill if you’re concerned about keeping your business pump primed with new and returning customers – especially returning ones.

When I say mining, I mean mining your customer/order database.

Yellow pads and shoeboxes

No matter what you use to keep track of this stuff; a yellow pad, QuickBooks, a ledger book, your CRM (customer relationship management system) if you’re using that tool like a shoebox, you’re likely making a five or six figure mistake.

What I mean is by shoebox is stuffing receipts and sales data and similar info into it all year long and never referencing it again until it’s time to do your taxes.

That shoebox is your gold mine. It’s the asset that many businesses ignore – often at their own risk.

Missing out

Let’s talk about Mary. She owns her own business and has 14 employees.

You would typically know this because you saw a profile of her business in the paper. How do you remember that fact?

You put it into your CRM (again, customer relationship management system), tickler file or *something* that organizes your data so that you can search for it later (I’ll get back to that).

Out of nothing more than gut feel, you know that she visits your restaurant 3 times a month and you also see her occasionally at events you cater.

What you may not know is that Mary’s business entertains clients twice a month and has an in-office staff appreciation lunch every other Friday.

Have you ever catered those events?

If not, does she know that you cater? She should, because she attends events you’ve catered – so why doesn’t she use you once in awhile?

Have you asked her?

It’s possible that her current caterer rocks the house *so well* that you might not ever get a chance to show your stuff.

One thing is certain – if you don’t ask, you won’t likely get a shot. Tantamount to that is *knowing that you should ask*.

The who

A message that is in context to the proper person is miles ahead of a generic message to everyone.

Have you made any effort to let your regular customers know that you offer catering for their special events? More importantly, do you know exactly which regulars would have a use for those services?

Do you know how to get in contact with them? Do you know when they last visited your restaurant? Do you know what kind of experience they had during their last visit?

Your customer / order tracking system should allow you to store info that lets you find out such things. If yours doesn’t, get a new one or at the very least, find a way to export the data into something that allows you to search this info.

Things you’d like to know:

  • Who has reservations this weekend who also owns a business?
  • Who has reservations this weekend who hasn’t visited in two or three times their normal visit frequency?
  • What regulars have we not seen in a month or more?

The answers to these questions will yield info about your customers and more importantly, about what you’re doing, how well you’re doing it and best of all – what customers you should have a catering conversation with.

If they do, who else does?

Here’s where the mining comes in handy…

If your catering gig database is sorted by “What do the businesses do?” and then you ask to see only those businesses that use you monthly, what do you ask for next?

Let’s sort them by what they do. Maybe the top 3 types of businesses are architects, real estate brokers and luxury home builders.  You can guess, but you won’t know until actually you collect this data.

Now take a look at your entire restaurant database of regulars. How many of them are in those 3 lines of work?

Hmmm. Wonder if any of them need catering?

PS: If you don’t have a restaurant, look at this through the lens / terminology of what you do. The same concepts apply no matter what.