The Digital Privacy Equation

Matthew Vernhout, CIPP/C

Director, Delivery and ISP Relations

Agenda

• Privacy Equation

– Trust = Control + Transparency + Value

• CASL Update

• Q&A

TRUST = CONTROL + TRANSPARENCY + VALUE

What is Trust?

• Trust is built through your products, reputation, actions, and marketing – Paid, Earned and Owned

• Consumers maintain multiple contact profiles and share these with marketers based on the trust equation: – Free web email accounts

– Social media profiles

– Postal address

– Cable/ISP/Work email accounts

– Mobile phone numbers

10 PIPEDA Principles

• Control

– Accountability

– Consent

– Accuracy

– Individual Access

• Transparency

– Identifying Purpose

– Limiting Collection

– Limiting Use,

Disclosure and

Retention

– Safeguards

– Openness

– Challenging

Compliance

TRUST = CONTROL + TRANSPARENCY + VALUE

Control Principle – Accountability

• Why is Accountability important?

– First stage of trust – declaring what you will do with any Personal Information that you collect from the recipient

• Potential Conflicts:

– Consumers want to know what you plan on doing with the information you are collecting

– Marketers want to do more with the information being collected

#1 complaint source for the Office of the Privacy Commissioner in 2011

Control Principle – Consent

• Consent must be in such a way that the individual clearly understands what they are agreeing to.

• Think about more granular control of consent - Consumer: – Implied vs. Explicit consent

#3 Complaint Source for OCP investigations in 2011

Control Principle – Accuracy

• Efforts should be made to provide tools that allow for users to self manage their accounts and profiles.

• Pro tip: – Build solutions that

allow for self-service management with controls to notify users of significant changes to their accounts (passwords, email addresses, etc.)

TRUST = CONTROL + TRANSPARENCY + VALUE

Transparency Principle – Identifying Purpose

• Set expectations

• Provide examples of what

you collect:

– Name

– Email

– Phone, etc.

• Why you need it and how

you plan on using it:

– Billing and subscription

information

Transparency Principle – Limiting Collection

• Personal information collected should only be limited to that which is necessary for the purposes identified.

• Limit the number of questions. – imagescape.com case

study: a shortened contact form saw • + 160% in the number

of forms submitted

• + 120% in conversion

Transparency Principle – Safeguards

• Physical Security vs. Virtual Security

– Access Levels within organizations

– Security policies and internal audits of these practices

• Examples:

– Public tweets from wrong account: Automotive company recently fired their agency over a misplaced tweet from the social media manager.

– Prevention: Have separate tools/accounts to limit this type of exposure.

Transparency Principle – Openness

• Provide a central point of access to your organization that is trained in dealing with customers and non-customers interacting with your business

• Examples: – Social media (Community

Managers)

– Privacy Officer/Team

– Contact Us/Support

TRUST = CONTROL + TRANSPARENCY + VALUE

What is the Value?

• Consumers give information to companies to improve the relationship/products/service

• Problem: – 74% of North American

Consumers don’t see benefit of exchanging personal information and other info

• How do you fix this? – Better reporting

– Preference centers

– Surveys

– Identify the perceived value of your brand

Source: List of consumer demands, G2 eCulturesEUROPE Report

Value for Consumers

• Inform users what value they can expect as the relationship deepens: – Discounts, coupons, points, free

content, exclusive invitation, etc.

– Targeted and relevant messaging for the recipient

– The more information collected, the better targeted the deals, offers and value returned

Value for Marketers

• Value is where the Win/Win is found: – Better offers to

consumers = loyal consumers • Brand ambassadors

are built on earned trust

– Rich data for the marketer to build trends, projections and analysis • Increased ROI

TRUST = CONTROL + TRANSPARENCY + VALUE

• Give more control to consumers

• Join the discussion with consumers and

listen to their needs/wants

• Use data and feedback to continually

improve your marketing efforts

• Give people a reason to trust you through

your actions and policies

CASL UPDATE

Overview

• Canadian Anti-Spam Legislation – Consent based messaging

• All messaging channels (email, SMS, IM etc.)

– Implied and Express Consent

– Includes Identification requirements

– Installation of Software

– Unsubscribe: Without delay, but not longer than 10 business days

• Regulations finalized by CRTC, OPC – Still waiting on Industry Canada

CRTC Regulations

• CEMs need to include these key identifiers:

– The name by which the person sending the message conducts business

– Third party messages you should use the name by which the third party

carries on business

– A statement indicating which person is sending the message and which

person on whose behalf the message is being sent

Source: EmailKarma.net: http://ekma.co/KBhihp

CRTC Regulations

• All unsubscribe mechanisms must be set out clearly

and prominently and must be able to be readily

performed.

– Find a way around password protected unsubscribes

• A request for express consent has been clarified to

include:

– Oral or written consent

– Must be sought separately for each channel (SMS,

Email, etc.)

• Computer program’s that cause a computer system

to operate contrary to reasonable expectations must

have a separate consent

Source: EmailKarma.net: http://ekma.co/KBhihp

Next Steps

• Industry Canada to release draft regulations

(expected in September/October)

– 30-day comment period on Draft

• Release of Final Draft with coming into force

date (estimated to be) Q2/3 of 2013

Summary

• Trust is earned

• Be upfront with disclosure and consent

• Provide more self-service tools to users

• Answer “What’s in it for me (consumer)?”

• Remember: CASL will be enforced next year.

– Review your processes now for potential

changes

Q&A

Thank You!

Matthew Vernhout

Director, Delivery and ISP Relations

416-361-3522 x238

matthew.vernhout@tc.tc

Twitter: @emailkarma