Did the Deli Mayo advert fiasco hurt Heinz?

I bet you don't even remember it now! There was this advert in the UK that ran for a week and ended with two butch blokes sharing a peck on the lips. Heinz withdrew it after pressure in the USA from the American Family Association, a pressure group of 3.5million puritan idiots who seem to think that an advert threatens their bigoted values. And there was a small furore in the UK over the way Heinz handled the withdrawal.

Remember it yet?

Ok, I'll help you: It broke in June, and, if you go to the blog index in the left margin and open June it will show you the start of the story!

What do you mean 'you can't be bothered!'?

Well, yes, exactly. A large tempest in a teacup. Or should that be in a soup bowl? Go on. Do it anyway.

So has it hurt Heinz?

How could it possibly have? Look at your own total indifference!

Free Text Fields And Emails

Free text fields are a minefield, and what else is an email but a gigantic free text field?

When the dreaded Subject Access Request arrives (otherwise known as an SAR or Statutory Access Request [incorrect]), how safe are you from being sued for damages?

What do your free text fields contain? In fact there are several questions that need to be asked here:

• Have you ever sample checked your free text fields?


• What do you do when the field contains something questionable?


• Do you have a policy for Free Text Fields?
  



• Is this included in staff education?


• Does it contain proper disciplinary sanctions for breach?


• Is it available on your intranet?



• Is your first reaction to an SAR "Quick, let's delete everything"?


• Do you have a Data Retention Policy?


• Do you have a Data Deletion/Data Destruction Policy?

Just to make sure you are sure, every organisation has some fool in it who puts something stupid into an email or a database. No-one is immune. Everyone employs people, and people are human. And we do tend to use email to send our innermost thoughts about others to others. It's only when the SAR arrives that we wonder how anyone could have been that stupid. There but for the grace of God go we all.

An examples may help. A normal, everyday example:

Sales Contact Report (could be email or could be in the database):

John is planning to spend the weekend playing golf, and having a romantic break with Alan.

Innocuous, except, of course, both gentlemen are gentlemen. Or we expect so, since 'Alan' and 'John' are invariably male names. So we have not only something challenging to be recorded at all (John is obviously not heterosexual, sexual life is a sensitive data element), but incorrect, since his weekend is to be spent with Ellen. While we had to be pretty careful about sexual life we have to be careful about getting things badly wrong, too. John's romantic weekend is to be with a lady. John is heterosexual after all. John will sue the pants off you for this simple error.

Oh, we can't even record what John is doing with Ellen. That is about his sexual life, too.

The UK Information Commissioner is going to look at this as bad practice. They may even issue an enforcement notice against you. Other authorities in other nations may take a harder line even earlier.

The real question is, Will you risk your business by allowing people free reign with free text?

Sites that derive all their revenue from adverts must treat their users well

I have long believed that and I believe it passionately today. There is the challenge that users become immune to adverts, of course, but, even so, they must be treated well, just in case they click them. This is even more true when the user creates the content that supports the advert that all the users may then see and click to provide the cash.

Take, as an example, one of our sites: http://train.spottingworld.com This is a site for fans of all things Rail. It is, if you like, social networking, though it is not a Facebook style site at all. Our users create the community, create the rules and rely on themselves for Customer Service as the first port of call, and then come to us as principals if there is an issue that needs our help at management level.

We aim to be excellent, not simply good. And the sites live or die by that excellence since they derive their only revenue from advertising. As an example of how we value our users, we've made sure that a "logged in user" (a use who contributes content) does not even see the adverts. We know already that they tune them out, and that they (as contributors) are not the target of the adverts. So it makes sense to meet their needs as regulars while hoping that casual users will click. It's a way of saying 'Thank You'.

And we thought that this customer care philosophy was a good one and the right way to go and the one everyone would be using way before we saw a bad example. And the example is so bad I'm not going to name it.

The bad one is a site which has high traffic, and has a high volume of user interaction with the back office team. Users can set flags which alert the back office staff that something needs assistance. This makes it a staff intensive site. However good such a site is, the costs have a linear relationship with the traffic. The more users the more flags. It's a pseudo social networking site, and the number of user interactions drive its content, supplying 99%. The content then supplies context for the adverts and the casual user is expected to click the adverts.

The problems arise when the back office fails to understand that the users who create content are the people who pay the salaries (because the content attracts visitors who click adverts etc), and when they start to cut corners and either ignore users or become combative. In this environment a combative customer service agent or one who ignores users can kill the entire site (which is, as a courtesy, why I will not name them).

"There are always other (idiots?) to take the place of users who leave!"

There are. There is a seemingly inexhaustible supply. And, I suppose, content will continue to be created, and flags will be set and treated imperfectly. And customer service agents will continue to be combative or ignore users. But social networking is meant to be fun. Do you see Facebook upsetting its users often?

Exactly.

The message?

If you set out to run a social networking site, be sure that your customer facing attitude is 100% positive, even if the customer is unhappy, especially when the customer is unhappy. After all, you chose to set it up. You made the rules. You made the workload.

Special Privacy Event offer

I am speaking at a major London Data Privacy event in September; I have been passed this special offer for all readers of both ComplianceAndPrivacy.Com and this blog:

Dear Readers of Compliance and Privacy,
It's our pleasure to announce and invite you as a VIP Delegate to:
The 5th Annual Privacy & Data Protection UK 2008
3rd & 4th of September 2008
at The Law Society, 113 Chancery Lane, London, United Kingdom The event is broken up into two separate days & two separate events:

"Data Protection: Global Compliance Management" 3rd of September 2008

"Data Protection: CRM, Privacy 2.0 & Social Networking " 4th of September 2008

This is a major Privacy & Data Protection event with more than 20 internationally renowned speakers. If there is one Privacy & Data Protection event to attend this year, this is it!

The full conference agenda for The 5th Annual Privacy & Data Protection UK 2008 is available at:
WWW.TRANSATLANTIC EVENTS.COM Please note: All VIP Delegates who attend are entitled to a special VIP discount: VIP Delegates are able to attend this event for only £250.00 (either day) or £450.00 for both days. This invite is open to you and/or any colleague(s) you would like to recommend to this event. The VIP Delegate Registration portal is:
WWW.TRANSATLANTIC-EVENTS.COM/PDP2008UKVIP.html

VIP Delegate places are limited, and sold on a "first come, first served" basis. So be sure to reserve your place(s) ASAP before they are all allocated.

WHO SHOULD ATTEND?
You will have the opportunity to meet players in the industry and discuss the latest issues with:
Chief Executives, Chief Operating Officers, Managing Directors, Heads of Human Resources, Information Security and Risk Management Specialists/Consultants, Strategy Directors, Commercial Directors, Communications Directors, Sales and Marketing Directors, Heads of e- Commerce, Information Assurance Specialists/Consultants, Heads of Business Development, Heads of Compliance, Regulatory and Legal Affairs, Consultants and Advisors, Heads of IT & Database Management, Privacy Officers and ... anyone concerned with Privacy & Data Protection.

The 2008 Expert Speaker Faculty
Chairman (Day One):
Alastair Gorrie, Partner, Orrick, Herrington & Sutcliffe, UK
Co-Chairman (Day One):
James Leaton Gray, Head of Information Policy & Compliance, BBC UK
Chairman (Day Two) :
Francis Aldhouse, Consultant, Bird & Bird, UK
Co-Chairman (Day Two):
Nigel Roberts, Director and CTO, Island Networks, UK Internationally Renowned Speaker Faculty:
Bridget Treacy, Partner, Hunton & Williams LLP, UK
Monika Kuschewsky, Senior Associate, Van Bael & Bellis, Brussels
Rosemary Jay, Partner, Pinsent Masons LLP, UK
Mark E. Schreiber, Partner, Edwards Angell Palmer & Dodge LLP, USA
Robert Bond, Partner, Speechly Bircham LLP, UK
Renzo Marchini, Dechert LLP, UK
Vinod Bange, Associate, Eversheds LLP, UK
Anne Coles, Senior Partner, AMC Law, UK
Philip Nolan, Partner, Mason Hayes + Curran, Ireland
Lynda K. Marshall, Partner, Hogan & Hartson LLP, USA
Karen A. Morris, Chief Innovation Officer, AIG, USA
Tim Beadle, Director, Marketing Improvement, UK
Peter G. Wray, Chairman & Founder loyaltymatters.com and cm4p.com
Gareth Wong, Founder of CXO Europe, GamBond, and Gambit, UK
Dr. Mark Watts, Partner, Bristows, UK
Nicola McKilligan, The European Privacy Partnership, UK
Andy Thomas, Director, Garlik, UK
Edna Kusitor, Global Data Privacy Compliance Coordinator, Accenture, UK
Graham Sadd, Chairman & CEO, PAOGA Limited, UK
Winston Maxwell, Partner, Hogan & Hartson MNP, France
Tim Trent, Consultant, Marketing Improvement, Managing Editor ComplianceAndPrivacy.Com

UK Delegate places are limited, so reserve your delegate place TODAY!!! For more information, visit:
TRANSATLANTIC-EVENTS.COM Event Organisers:
Transatlantic Events
Production Office
Epsom, Surrey, United Kingdom
email: info@transatlantic-events.com
phone: +44 (0) 208 658 6568

Search Engines Have Long Memories

It's always nice to find yourself in someone else's blog. Well, not always, obviously. And I've no idea what this one says! I hope it's flattering.

The panel shot comes from 2007's ad:tech in London, and I'm the guy in the middle.

I found it because I subscribe to Garlick, and don't mind giving Tom Ilube's outfit a plug at all. I'm sharing a platform with one of Tom's colleagues at a major London data privacy event in September, too. It alerted me to a new "Tim Trent" item out there, and I looked.

One of the major topics, a topic which seems to have died "due to lack of interest" was the opening up of social media sites to search engines, and worries about folk exposing their indiscretions to employers and potential employers.

I'm wondering why that topic went away. Employers use the Internet to find out about you, and, unless your name is John Smith, are likely to find a lot about you. A lot that you absolutely do not want them to find out.

Not that you care about me, but Google "Tim Trent" and see what you find.

Yes, the Facebook entry is me, but note that the public profile is heavily disabled.

I'm not the guy in the film industry, nor the US singing duo, but more than anyone could wish to see is me. And I did not review Registerfly!

When you have an online presence, be very careful what you do. By posting data online you absolutely and irrevocably give permission for that data to be passed to third parties, and to be 100% outside your control.

'Refer a Friend', 'Member get Member' semi viral marketing schemes

It was always clear, unless people wanted to try to take liberties, that a 'Refer a Friend by Email' scheme was both within the letter and the spirit of both the Data Protection Act and the eCommerce regulations. It's just that people didn't understand how to implement the scheme properly.

The Advertising Standards Authority has made it even clearer with its guidance:

But let's get simple, and, to use a trite phrase, Back to Basics

What is a Refer a Friend Scheme?

It's a scheme where a happy visitor to your website likes what they see enough to tell a friend about you. It's viral marketing, in a way, though such schemes almost never have sufficient quirk-factor to make it a true viral scheme.

How is it done?

Usually you provide a field for the visitor to enter their friend's email address, with or without other information about them. The back office system then takes care of the emailing.

So, what's the problem?

It all sounds very simple, but there are some pitfalls:

• The email address and details entered is personal data, but without permission of the individual whose data it is.


• The email sent out can be classified as Unsolicited Commercial Electronic Communication - SPAM - which is unlawful in some circumstances and distasteful and counter productive in all cases.


• If the data is captured, rather than used transiently, in the database then there is the danger that someone will use it for other (unpermissioned) purposes


• As the Data Controller - organisation responsible for adherence to the law - you are responsible for uses, abuses and misuses of the data - data you never knew you held
  

So all Refer a Friend schemes are illegal?

No. Many are, if they've been put together badly, but well constructed ones are both lawful and desirable. There is a simple checklist of things to do in order to be both lawful and ethical:

• Make the email address (at least) of the referring friend a mandatory field,


• Use the referring friend's email address in the body of the email sent, plus any other details they have provided


• Make the subject '<friend> wants you to see this' (or similar wording)


• Open the text with '<friend> has visited our site at <url> and filled out the form there to suggest you visited. If you do not recognise <friend> you may have received this as a mistyped email address. You do not need to take any action. We do not keep your data on any database because of this referral, and you have not been subscribed to anything at all, nor have your details been passed anywhere at all. In fact we keep no records of the matter. We were simply happy to sent this on <friend's> behalf.'
  
  Then put your marketing message, call to action or whatever you choose
  
  Then close with 'You will hear nothing else from us as a result of this referral. You have not been added to any database and there is no need to ask for removal'
  
  Finally, close with the name of your organisation, the street address, and the generic email address of your Chief Privacy Officer, together with a link to your privacy policy.


• Note the self imposed restrictions on data, and stick to them


• Send a copy to the referring person. The 'cc' field is ideal.


• Optionally consider querying the referring person's domain and email address to determine if they are valid prior to sending the referral. Invalidity implies mischief. Do not send a referral from a mischief-maker


• If you expect high volume mischief, prior to implementation, deploy a 'CAPTCHA' check as part of the referral process to minimise the potential for automated abuse
  

How does that make the scheme lawful?

It sets out competently and professionally the responsibilities you have, ensures that you only process the data transiently on behalf of the referring person, does not enter the data into a database, tells the recipient why they have been emailed, and gives them a full set of contact details to get in touch with for concerns.

It may well be worth documenting this with a 'What happens with our 'Refer a Friend' Scheme page that you link to in a window that opens from a link above the 'submit' button and which you also link to from the email you send. That way there are no misunderstandings.

Passports, The UK, and Hotels

I have just been asked by a friend in Florida, "Why do they take your passport form you in a UK hotel and keep it until the end of your stay?"

Apart from combating non payment, I have no idea. I know in Europe they used to, and in some places still do, keep your passport overnight on the first night. I've always imagined that was some sort of "police state thing" in the old police states! Looks like my imagination is wrong, then!

It does feel like a privacy issue, though.

So please help me out, someone, and let me know why the UK kept her passport for all 10 days of her stay.

[update]

I've been pointed at a press release from HBOS which seems to deprecate the process in non UK hotels. I'm grateful to my colleague for aiming me at it.

This operation has been canceled due to restrictions in effect on this computer

"This operation has been canceled due to restrictions in effect on this computer. Please Contact your System Administrator."

I've been going gently crazy. Over the past couple of weeks I've been getting this error every time I tried to click a link in a M$oft Office document:



I'm the System Administrator, dammit, me! And I have changed nothing obvious. Those areas are too scary to go into because XP pretends that it's a real, grown up operating system.

I've not been best pleased. I never related the "never been right since..." point to the time I installed Firefox 3.0 and has to uninstall it.

So, after checking 'help' and failing with M$oft's 'knowledge base', I used Google. [memo to self: Use Google first next time!]. And, lo and behold, I am not alone! 9190 other pages give me varying degrees of answer.

The one I used is from an ordinary blogger, like me! I picked The Luebbes: A Family Blog, which did me proud.

So, Mozilla, why?

Come to that, why, when I installed release 3 of Firefox did it fail to work in any way? Why did I have to remove it entirely from my machine and reinstall release 2? Why?

I'm a fan of Firefox. I tolerate Thunderbird because it's pretty much the only IMAP email client available for no money. But I am a fan of Firefox. But, Mozilla, you nearly lost me.

I'd like to thank The Luebbes. Good blog item.

The fix? All credit to The Luebbes, so don't forget to thank them:

Go to Control Panel, Add Remove Programs. Then on the left, choose Program Access and Defaults. Open up whichever configuration is currently selected and change the default web browser selection to something other that what is currently chosen. Click OK, then test the link in your favourite M$oft product.

NOTE:  Some people need to reboot afterwards to make this work, others don't!  What can I say?  Ah yes:  "I blame Bill Gates!"

Do drop me a note in the comments if you found this useful, too.

Heinz, The Advert, and London Pride

Not the beer! The parade! A friend sent me these pictures from the Gay Pride parade in London today. he says that there were a lot of these placards.



Well done, Heinz! Well done.

I know there is allegedly 'no such thing as pad publicity', but this one runs it pretty close.

Youtube, you, and the Judge

Youtube has been ordered to hand over all video accesses to Viacom. All Viacom wanted was usage patterns for the videos it is claiming copyright ownership of, but Viacom will get your user id and your viewing and uploading patterns.

This is not what you expected when you signed up.

Nor is it what Viacom wanted.

What will they do with the data?

Viacom is not, according to my search of the Safe Harbor site, a member of that scheme. Interesting. No obvious safeguards at all, then?

Why does Spam make Permission Based Marketing essential?

If you are like me, your inbox has been filled with a load of 'Pump and Dump' spam for ages. With the various email accounts I have for home and work I get about 300 per day, and not all get trapped by my spam filter.

If you want a full definition, there's an excellent one at ComplianceAndPrivacy.Com Put simply the scammer/ spammer blasts out emails with forged “from addresses” to encourage you to buy a low performing stock on a certain date. If you are stupid enough to fall for internet equity hype you'll throw a bucket full of cash at the stock (please don't do it), the price will rise because enough gullible people buy the stock, and the scammers, who bought cheap and way before you sell high. The price crashes and you lose your shirt.

With all this trash floating around the net it's little wonder that people are deploying all sorts of blacklists as defences.

With the techniques the scammers use, it just might be your email server's IP address that gets blacklisted, because they hijack insecure machines to send out their bulk rubbish.

And this affects your marketing message. How? Simple. If your outbound email server is blacklisted (blocklist is an alternative and often used term), then your email will not get through to the intended recipient. Worse, some blocklists also notify the anti-spam vigilante groups automatically. Enough of that kind of report and your genuine marketing message gets tarred as Spam too. And you thus confirm that you are indeed a Spammer, even though you never were.

Permission Based Marketing is not only getting and acting on permissions. It's also asking the recipient to ensure that you are whitelisted - listed as one of the good guys whose mail is allowed through.

Does your permission gathering campaign ask about whitelisting? Does your microsite or landing page? It just became important.

Heinz Deli Mayo "Gay Kiss" Ad Cleared By Broadcasting Authority

Stephen's Linlithgow Journal carries the news fr0m The Grauniad that the Heinz Ad Has Been Cleared By the Advertising Standards Authority, but that Heinz has offered "No Comment" to the news.

Are we surprised?

Not at either thing, no. The advert is legal, decent and vaguely amusing, but Heinz is under pressure from the US Religious Right, the American Family Association, and Heinz has more customers in the USA than the UK.

It emerges that this is nothing at all to do with UK complaints, but rather to do with a group with 3.5 Million members in another country interfering in ours!

It was bad enough that Bush convinced his poodle Blair that we should invade Iraq without those damned Christian bigots interfering in UK TV adverts. Australia got the better deal with our convicts. Just remind yourself: The Mayflower was meant to sink!

Ah well, I would like to apologise to my US friends for the Pilgrim Fathers, and let them know that we celebrate Thanksgiving on the 4th of July

Whatever happened to 'Staff'?

I was just in my local Sainsbury's, waiting, as you do, at the pharmacy counter, with nothing better to do that listen to the Tannoy and gaze at shelves.

"This is a colleague announcement: Will a member of the back door team go to the back door to accept a delivery!"

Well, no. Whoever had to go, they are not my colleague. They are a member of staff.

Then I saw this notice. It was on the locking shutters for the pilferable cosmetics. I had to snap it. At least I have an excuse for the camera in my batphone!

I have no colleagues at the checkout. The people who work in the store are staff members. Nice as they are, my colleagues they are not.

Call me a grumpy old man if you like, but I am keen on vendors knowing who are their staff, and who are their customers. Colleagues indeed!

The chap waiting next to me agreed that this looked like a label for a chastity belt.

Good Marketing Ignores the Law!

It was in 1995 that Brussels issued Data Protection Directive 95/46/EC. At that point it became not only incumbent on member states to implement this in the law of the land, but it became vital for the Chief Marketing Officer and the Senior Legal Counsel to form a team in order that each understood what the other was doing about it, and how the other could help. But nothing happened.

When it was enshrined in law in, for example, the UK, there was no great announcement, no trumpeting about the upholding of individuals' rights, not even a worthwhile news item. And the Data Protection Act 1998 slid into effect, albeit in a phased manner to allow business to comply. Since it is a part of the criminal law one wonders why, in 2008, many businesses are not complying, or not being seen to comply. Potentially the reason why nothing seems to have moved forward is the title "The Data Protection Act". The topic is not Protection but Privacy, and, be cause of this, people think that Data "Protection" is the IT department's responsibility. Nothing could be further from the truth.

The two departments most able to cause a huge Data Privacy disaster are Sales, and Marketing, each because they expose the maximum possible quantity of potentially incorrect or damaging personal data to the outside world. The is especially the case as Marketing moves, correctly, to Data Driven Marketing, and concentrates far less on glossy printed items.

Incorporating Data Protection into Data Driven Marketing

Some definitions are needed:

• Data Driven Marketing is the use of all relevant data the organisation holds in order to target those who are able or believed to be able to buy or to influence the buying decision.


• Incorporating Data Protection means that the organisation markets only to those who have not rejected marketing approaches.


• Adding Permission Based Marketing ensures that the recipient is willing to receive the message and buy or influence the decision.

Looking at these three, the first is a statement of what the corporation intends to do with its data set. It sets the stall out as a set of scattergun style marketing programmes – old style, old fashioned marketing – peppering anything that moves with lead shot, wasting a lot of lead in the process, hitting other living targets than the game being hunted, and hitting a liberal quantity of background scenery, foliage and the occasional beater. It's not just wasteful, it's potentially in breach of the criminal law.

The second is a sticking plaster over a gaping wound. All it does it to add legality to the marketing efforts. It goes just as far as the law demands, but still peppers the foliage with wasted shot.

The third goes further than the law demands. It takes a look at the law and says "I can get a better return on my marketing investment by noting the law and going one better." Or, to put it another way, the law is irrelevant to good marketing.

Good Marketing Ignores the Law

That statement should never be interpreted to say "We can drive a coach and horses through the law". That just is not so. That's bad marketing as well as corporate suicide.

Good marketing takes the law into account; it has to. But the good marketer is already making certain that individuals' permissions are recorded and acted upon. The law is simply not necessary for the good marketer – they are already well ahead of the legislators.

The first, and most important, area is to pay serious attention to the marketing data universe. This is usually defined as "Every individual within our geography, who might possibly have the ability to buy or influence the purchase of our products or services." But that is plain wrong. And it's wrong for two reasons:

• The individual is no longer at the contact address. They moved job, home, location.
• That individual would never buy from you if hell froze over first and you were the only supplier left in business. They'd die first.

The first one shrinks your marketing data universe. If they aren't there, you can't contact them. Data ages at about 24% per annum in a business to business environment, slightly slower in business to consumer. Taking a Chief Information Officer as an example, the average tenure is stated by Gartner to be 23 months; a Chief Marketing Officer has it tougher at 13 months. People move home in the UK on average every seven years. Doing the arithmetic is salutary.

Let's assume you have everyone possible in your data universe sitting on your servers. As is usual with large datasets no work has been done to validate that data for a couple of years. So, if you target CIOs, – they only hang around for 23 months – what's the probability of hitting one? With CMOs – average tenure 13 months – how few of those are still around? Even the relatively slow moving consumers who stay put for seven years have floated away on the breeze.

Marketing Databases Must Shrink

The primary step here is to weed all of the time expired and the obsolete records. And this is where it gets scary. When we audit our clients' data we find that of the order of 40-60% are records that are ether obsolete, or, more worrying in some ways, are records that should never have been there in the first place, but that got added for reasons that neither make sense today, nor made sense at the time – except, perhaps, to make a larger campaign. Erring on the 40% side, this means that any campaign costs 40% more than it should.

Lets do the maths on that on a mail campaign, including simple artwork, folding, stuffing and mailing. This has a broad unit cost of £0.53 per item. And let's postulate a reasonable database of 100,000 contacts.

We mail 100,000, which costs £53,000. Typical mailing response rates, assuming a well designed call to action, tend to achieve 2% positive response. So, put simply, £53,000 buys 2,000 responses. That's £26.50 per response, a figure we've been taught is healthy. But it isn't healthy at all.

Shrink the database by a conservative 40%, to 60,000 records. These are just the old, obsolete contacts, not even those who should never have been there at all. Inside that 60,000 records will be almost 100% of the 2,000 people who responded to the 100,000 piece mailing. It's so close to 100% that we can say that 60,000 pieces out will generate 2,000 responses back.

But 60,000 pieces only cost £31,800 to produce and send. As a return on investment that changes the game from £26.50 per response to £15.90. That figure is better by miles, plus the shrunk campaign database releases £21,200 to use elsewhere. That's only just over £10,000 short of another 60,000 piece campaign, and it was free money.

Of course the expense of direct mail means that more marketing campaigns are conducted by email today. That has its own arithmetic, since the cost of sending is trivial. So ROI is measured by the ratio of positive responses to number sent.

Industry figures show that of all email items sent 37% are "opened". An "Open" is an inexact and unreliable statistic since email clients often do not report opens as part of people attempting to "Spam-proof" their email systems, but it will serve for our purposes here. Figures show a far more reliable statistic. 8.9% of emails sent have their calls to action clicked though on. The "Click-thru" is a meaningful statistic. What happens after the recipient clicks is down to the landing page they arrive on.[reference: the email open (etc) rates are from Constant Contact, a large, multi-client email outsourcer, and vary slightly from day to day. http://constantcontact.com]

Doing the same arithmetic on these figures shows that shrinking the database by the same 40% instantly raises the open rate to 61.6% and the click-thru to 14.8%. These are the same people, as near as makes no difference.

Those figures look impressive, but what's the payback? After all, it costs pretty much the same to send 60,000 as 100,000.

Payback is different. Payback here comes from avoiding handling bounces. Current bounce rates are 18.3%. And that is those who do bounce. Often a receiving email server is configured simply to absorb imperfectly addressed email without bouncing the message. Often the receiving email server is configured, under circumstances that its rules judge an inbound message to be Spam, to make reports to the anti-Spam services. Sufficient reports to these services, some of which are aggressive beyond belief, and your outbound email server's IP address is blocked – which means entered on a blacklist.

That doesn't mean you can't send email. It means that people who use those blacklists, people like your own IT department, people who are seeking to protect their corporations from being submerged by Spam, will not receive your wonderfully crafted exhortation to buy your products and services. That's how blacklists work.

But it gets worse. There are newsgroups for discussing alleged Spammers. Get on there and it's a short trip to the press. But it's an even shorter trip to a Google search result showing that you're being accused of spamming. That's nasty. These articles tend to stick. Bad news makes media headlines, and media sites are high in the search engine rankings. So your PR team has the sudden nightmare of being unable to have these allegations removed, and your brand values are eroded.

Notice that the law has not played any large part in any of this? The only thing used so far is common sense.

I am Not a Spammer

No, you are a legitimate user of email for acceptable purposes. Well, almost. There is one hurdle to jump yet. As the UK Information commissioner points out on his website:

"The Privacy and Electronic Communications Regulations cover unsolicited direct marketing messages sent by a range of electronic methods, including phone calls, faxes, emails and texts. Depending on the type of communication, different rules apply. Some rules apply to both individuals and corporations, while other only apply to individuals. Regardless of circumstances, direct marketeers should always identify themselves, provide contact information and suppress the details of those people who choose to opt out." These regulations are the UK's implementation of EC directive 2002/58/EC.

Oddly we are only really concerned with Article 13 of the directive which deals with unsolicited communications.[Reference: DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) http://europa.eu.int/eur-lex/pri/en/oj/dat/2002/l_201/l_20120020731en00370047.pdf]

It gets very complex when you analyse a database to try to find out whether the email address is that of an individual subscriber, especially in the UK where the term "individual" includes partnerships - unless Scottish partnerships - and sole traders, and your database includes people with gmail and hotmail addresses because they simply do not want the office to monitor what they are doing. It really gets too complex to consider.

But, even if you obey the law to the letter there is still (in the UK, with similar organisations worldwide) the Advertising Standards Authority to worry about if you get it wrong. Email is advertising, and the ASA can issue judgements against you very fast indeed. And those judgements hit the media and are on the ASA's website. And search engines pick those up. Search engines have long memories. For a small corporation this can be enough to put it out of business

The thing is, you are a spammer if you send unsolicited, by which we mean unpermissioned, electronic communications. The law takes these to mean emails, faxes, and by a quirk, voicemail left by a cold calling salesman. And you can't afford to be labelled as a spammer.

The Database Shrinks Again

All CMOs understand that the very idea of marketing to obsolete data, or to data outside the demographics that could buy is an act of insane and career limiting folly. Even so, instinctively, a CMO who has had 5% response by sending stuff out to 100,000 people wants "another 5%" so tries to find another 100,000 records to fire more stuff at. More must be better.

It takes faith to cut out 50,000 of those records, to spend less, to take fewer risks, and to get the same people to respond and have a campaign result of now 10% response, especially when the board says "You used to send 100,000 out, can we have the next 5,000 responses now. Send the next 50,000 items out". Perhaps that's why the CMO has such a short average tenure. Those who say "yes" and send the next 50,000 out tend to prove the lack of response but spend their budgets doing it. Saying "I told you so" at the next board meeting is not the stuff careers are made of, yet it takes an assertive and professional CMO to say "I will get those results better and another way," and to refuse to send out the message to the bad data.

It takes a stronger CMO to take it a step further, to make marketing Permission Based. The great thing is that the law can be used as a lever, as can the avoidance of the negative publicity Spammers get.

It's worth referring back to the September 2006 edition of this journal under the heading "Consumer Protection". The opening paragraph is enough: "In an unprecedented decision in relation to a law firm, the Spanish Data Protection Agency has ruled in favour of a claimant and imposed a €30,001 fine on Cremades & Calvo Sotelo for sending unsolicited commercial messages via e-mail (spam)"

It's also worth using Google to search for "The Training Guild" (using the quotes in the search) to see the self harm that Spam can do to the sender. Both of these are highly relevant to urging the corporation towards Permission Based Marketing. Each would have avoided the mess had they deployed it. It starts to be a major career limiting issue to ignore this, and it's plain bad marketing

To avoid the mess is simple. You gain permission and reduce the database again to contain only those people who are actively willing to receive your messages. It's quite a shrinkage, as the diagram shows:

You gain permission by offering something of perceived value to your potential customer, but that costs you relatively little. Since you are investing in the future business of the corporation this should be a high profile exercise, explaining what you are doing, why you are doing it, and the benefits to the potential customer, not least of which is only receiving what they want.

Those who say "no" or who simply do not say "yes" should be weeded. If they are not interested they are not interested. People who aren't interested do not buy. Remember "That individual would never buy from you if hell froze over first and you were the only supplier left in business. They'd die first." These are the people. Delete them. Contact them by accident and they can do you immense damage if they choose, especially in Spain

And Then it Grows

Obviously you can't leave the database in a reduced state. The thing to do in order to complete the process is to acquire data for people who are:

• In your target market
  
• Able to buy from you
  
• profitable to sell to
  
• Lawful to acquire
  
• Permissioned already, or from whom you will seek permission, to market to

Data acquisition is a huge topic in its own right. Profitable data acquisition is not acquiring masses of records. It's about acquiring the right records, the one you need, the ones who will be the best to sell to for both ease and profitability. That's not the same as segmentation, which just deals with target market.

The Ten Things to do Next:

1. Do an audit of sales and marketing databases for DP compliance
   Find them, check them, correct them, ideally consolidate them
   
2. Audit the 'touch points'
   Where you touch the outside world is where your risk is. Find these points, understand them, discover what happens today, and prioritise corrective action
   
3. Analyse the data for accuracy and recency
   Data deteriorates. Permissions do not last for ever. Find out the true state of your data, and plan corrective action
   
4. Undertake a 'permissions campaign' based on re-validating old data and deleting the rubbish
   Don't send this campaign to known rubbish. Delete that first. Then encourage those who remain and those whom you acquire to give you permission to market to them
   
5. Modify touch points to encourage 'self-validation'
   The best person to validate my data record is me. Give me access to your database via your web site so that I can do just that. I work free. And if I put "Mickey Mouse" that's my problem. And I'd never have bought from you anyway, so it truly doesn't matter
   
6. Modify databases to ALWAYS capture permissions
   There's no point asking if you don't capture the data. But don't just capture it. Capture it and document what you are capturing to make sure future staff understand what the data means
   
7. Educate everyone to gain permission at every touch
   The simple approach works best. "May I make sure you're on our database, please? We'd love to keep you up to date with things we're doing" gives simple permission for contact.
   
8. Give customers/prospects "gifts" in return for permission
   Not a gold watch! But a decent prize draw, properly permissioned, works well. So do dull but worthy white papers on your products and services and the market trends they should be aware of.
   
9. Always offer permission re-validation at every touch
   Just take time to make sure that people know they can update their data with one click to get to the right record. They appreciate it.
   
10. Never, EVER abuse the permissions
    Never. Not even if the Chief Executive insists. Well not the first time they insist! We're paid to take good business decisions. Make sure you take them.

Heinz truly does not listen!

I've just popped over to Facebook, and there is the following quote:

We've just received a phone call from Mr Dickie at Heinz over here at GaydarRadio and he tells us that nothing has changed since the statement he issued last week. The boycott continues.................
[Susann Jerry]

Interesting. So, put very simply, Heinz is not listening, if the quote is correct. Nothing yet on their news pages, but I would expect it to appear there if valid.

Well, Nigel Dickie, this is plain silly. All the 5,842 (and counting) members of the Facebook group are not going to go away. Nor are the 12,132 folk who have signed the petition. It's in Heinz's interests to do something.

Now, with the Pride march in London on 5 July, do you not think that it is a good time to do something soon? A great opportunity to do something grand, and good, and it looks like you are going to miss it.

Bad marketing, bad corporate affairs.

The Sad Tale of the Call Centre Firewall

Picture the scene: You are working at home contentedly, linked to your office by email and an instant messenger service over the internet, and a VPN link to your files on the office server when you need them. You're busy, under deadline pressure, it's Friday and you have a deadline to hit of 4pm for a major campaign that is to leave your agency's hands on Monday. Everything is ready. Graphics are packaged, text has been approved except for one paragraph that has to have management approval first. It's only 10am and you're ahead, for once. And then your email will not go. “Error”, it says. “Cannot find email server” it says.

Come to that, some, but not all, of the web sites you usually visit are unavailable. You check the ones you just know will be up and running. And half of them are. You doubt your sanity, check your connection, reboot your laptop (the help desk is going to suggest it anyway because they always do, just to make you think something important is achieved by things like that), reboot your router and start to realise that, just maybe, it isn't you.

That's OK. You call the help desk – an outsourced call centre – for your internet service provider (ISP). They take the usual details; Your name, address, mother's maiden name, birth date (how secure is that?), and say “Oh. Yes. We've had a couple of network problems earlier today. A couple of other people have called in about this.” They take you through a few websites to show that it isn't just your own list that's lost in the void and say “We're working on it. The service will be back soon.”

It would be wrong to name names here. This is a real example over last weekend. What you don't know is you have just hit the “Call Centre Firewall”.

‘We're working on it' could mean precisely that. Or it could mean that it has been passed to a junior person who has no idea either if it's a real problem or what to do if it is one. Junior then bumbles around for the afternoon, finally escalating it just as every sane engineer has gone home for the weekend.

And you, with your deadline to hit?

You know nothing. No call back (at today's narrow profit margins who can expect to be called back?), so you call a couple more times throughout the day. At about 3pm you work out that you could send all your stuff by Gmail if you only had a Gmail account (and in the UK, of course ‘Googlemail') and if only Gmail accepted the attachments you need to send, but you do, by your own ingenuity, solve your business problem. And, being Friday, you award yourself a planned celebratory evening.

As 5pm comes around you test to see if service has been restored. Since it hasn't you call the help desk again. “We expect this to be working very soon this evening”. So you are happy. The Call Centre Firewall is not yet obviously between you and your internet access, and Customer Service, though slow, seems to be working. You have minor irritations that you can't collect your office email, but it has made for a peaceful Friday afternoon.

Except at around 7pm you start to worry about office email. And you call the help desk again for an estimated time to fix. They have no idea when it will be fixed, but suggest that it is a “Serious problem” and “our own service provider is working on it”. And a small red flag starts to wave.

Why a red flag? Well you chatted to a technosavvy friend earlier and he said it seemed to be a very simple issue. Some sort of file corruption with a server. You nodded sagely, had no idea what he was talking about, and respected his advice. Technosavvy friends tend to know more than outsourced call centres, after all. You are resigned to your fate and wait until the help desk reopens on Saturday. “Are you still having problems? We thought we'd solved that last night.”

The red flag becomes a red cape. You remember your chat with your technosavvy friend and start to wonder if anyone is actually working on it. Naturally you are assured that someone is. And this goes in through the rest of Saturday, is repeated on Sunday, and on Monday morning, too. “Gosh, we thought we'd solved that last night. What web sites can't you get to?”.

What you're starting to realise is that you have met the Call Centre Firewall.

What is it? It's people doing their best to protect themselves and the people they work with and the people they work for from your complaint, but people who are doing irreparable marketing and customer service harm to their organisations by trying to shield you, the customer, from the increasingly certain fact, for it has become a fact in your mind whether true or not, that no-one has been working on this over the weekend at all.

From a marketing perspective the ISP can now do nothing right. Solve the problem within a couple of hours (they did, it was back by about 11am on Monday) and you just know you were right that no-one was working in it over the weekend. Find the problem really is intractable and take all day, and you are certain that they only started at 9am on Monday morning. Customer Satisfaction has now hit an all time low, and your friends become aware, because you tell them.

How should the call centre behave instead?

Very simple things. The whole basis is “Tell the truth, even if it's unpalatable”

• On the recorded voice message while waiting for an operator to answer, if it is a large problem, tell the truth proactively. State the problem, state the estimated time to fix.
• If no-one will work on it until Monday, say so.
• Brief the call centre staff to answer questions well.
• If you have contracted with an outsourcer, brief them properly. Give them a well crafted message to give the customers that tells the truth
• Ensure that escalations happen. And tell the customer the escalation procedure
• If you have a customer service or customer facing location on your own website, use it.

Do these things right and you create positive marketing from a potential disaster, or, at the very worst you turn it to “Marketing Neutral” New customers cost so much to get in the first place that you can't afford a “Call Centre Firewall” to lose them for you.

Your Call Centre is also a Marketing team.