Salesforce, Dreamforce and Data Stewardship
This year’s Dreamforce was all about the release of Salesforce 1. This new integrated platform is Salesforce’s attempt at becoming the dominant enterprise platform for the Internet of Things. Combine the power of Salesforce with the data produced from all manner of devices such as smart watches, wifi enabled toasters, and host of other Jetsons-like devices, and you attain the ability to really “know” your customers at a deep level.
With that understanding comes the opportunity to market and sell like never before, but with that new found power comes a responsibility. The responsibility of stewardship of your customers’ personal information.
Fumble that stewardship and you risk violating someone’s privacy which can not only damage the reputation of your brand but could possibly find you in regulatory hot water. While the current risk is relatively small for all but the largest companies it is escalating rapidly. You need to look no further than the visceral reaction playing out on the world stage to the stream of leaked information from Edward Snowden to recognize how sensitive we are to perceived violations of our privacy.
To follow is a transcript of a 15 minute presentation I prepared for Dreamforce.
SLIDE: Houston we have a problem: 86% of internet users have taken steps online to remove or mask their digital footprints
A recent Pew Research study revealed that 86% of internet users have taken steps online to remove or mask their digital footprints. Consider what that number means for a moment. That’s nearly everybody on the Internet trying to remain anonymous in some way. How did we arrive at this juncture? Why has privacy, all of the sudden, become such a big deal to such a wide swath of people?
SLIDE: Oh yeah, I’m pregnant. I guess I forget to mention that.
In 2002 Andrew Pole, a data scientist at Target, was asked by colleagues from marketing if he could identify which customers were pregnant. More specifically the marketing team wanted know which customers were expectant mothers in their second trimester of pregnancy.
The marketers intended to send specially designed ads to these women and with good reason. It is well documented that the second trimester is an opportune moment to earn the loyalty of a new customer. This is when most women begin buying all sorts of new things, like prenatal vitamins and maternity clothing, and by proxy establish a loyalty to the store in which they made those purchases.
As it turned out Andrew Pole could identify these individuals and he did, and Target sent out welcoming packets to this group. Unfortunately one landed in the hands of the father of a 16 year-old girl who hadn’t yet told him she was pregnant.
Woops! This story broke publicly in the New York Times not that long ago resulting in a major public embarrassment for Target. But, it is not like Target intended to do anything nefarious, and they weren’t breaking any laws, yet they still ended up perceived as doing something scandalous. This story is a perfect example of the kind of a minefield we, either knowingly or unknowingly, are forced to navigate.
SLIDE: Data is the new oil
We all go to great lengths to build and protect our reputation and with good reason, right? A good reputation is a very valuable asset. I would challenge anyone to dispute that.
The personal data organizations collect through an increasing multitude of channels is becoming an equally valuable asset. Last year, on a CNBC segment, host Joe Kernan posed the question, “What is the next really big thing?” to the legendary investor Ann Winblad. She responded, “Data is the new oil.” and she certainly wasn’t the first to utter that phrase. We’re in an information economy and personal data has emerged as truly valuable. Still, don’t believe me? check out this nationally televised ad from IBM.
SLIDE (video played to audience):
SLIDE: Big Data, bigger promise
What a fantastic business proposition, and I’m not being sarcastic: Gain the ability to tailor your messaging, products or service to a specific individual – that’s pretty powerful. And many organizations are doing exactly this. It saves time and money, and better serve consumers’ needs.
This is why personal data is so valuable and it’s the promise of predictive analytics or what is commonly referred to as Big Data. Walmart will use this to determine when they can stop ordering Justin Beiber posters. Netflix uses it to know exactly what movie you want to watch. And Google will use it to serve better search results.
But it is not just industry giants that are reaping the benefits of this type of analytics. Who came through terminal 2 at SF International airport? Did you see Vino Volo? They are a small chain of about 20 airport wine bars. They crunch lots of real-time data from mobile, social, and POS channels to provide brands insights about their customers and locations, including visits by location and time of day to know what to stock, and when and what kind of specials to run. All of this sounds good right?
And it is not just business: The World Health Organization uses predictive analytics to identify where flu outbreaks are likely to occur and the United Nations uses it to help identify political hotspots that might need their help. This is world changing stuff, uses of personal data is bolstering economies, driving innovation and improving our quality of life. And its matured to a point where it is no longer a business advantage in many sectors it’s become a cost of doing business. It’s prevalent enough that IBM bought a national ad promoting their expertise in it.
SLIDE: Big Data, bigger concerns
But there is another side of the coin. Place yourself in that commercial as one of the people walking around. How do you feel about a nameless organization having a high degree of precision on who you are? The stuff that makes you, you. It feels kind of uncomfortable doesn’t it. And that is the heart of the issue. Businesses are desiring the ability to profile individuals to an increasing high degree and most are doing it for the right reasons, but, as we are witnessing in the visceral reaction to the Snowden revelations, people are increasing uncomfortable with that.
SLIDE: Compliance and security are the army, expectations are the king
That tension over the uses of our personal information is only getting worse each and every day. We have this fight between the desire to drive innovation, bolster economies and improve our quality of life, versus our discomfort with profiling and desire to maintain our privacy.
As this tension grows regulators and lawmakers are increasingly giving focus to this issue. And we have seen an explosion in the number of, and complexity of, privacy laws and regulations as the industry of analytics has matured. It is a really thorny issue.
How can you at once reduce people’s fear of a loss of control of their personal information without hobbling innovation? If you can solve that then we no longer have privacy issues, but no one has found the perfect solution yet. And finding that balance is the crux of the issue.
This is the situation we all face. My organization, serving some of the most privacy sensitive individuals on the planet, faces this too. We have invested heavily on the Salesforce platform and are in the process of moving all of our member and customer information into our implementation. The security model and Safe Harbor compliance provide assurance that the platform is safe, but it isn’t enough. Privacy violations can occur when an organization misuses the data they have access to. We’ve seen this happen with increasing frequency over the past years.
Here in the US, the Federal Trade Commission (FTC) has brought action against Google for collecting unsecured wifi data through their Street View vehicles on public streets claiming they violated the publics’ expectation of privacy, they went after Path, the social mobile platform, for uploading users contact book information unexpectedly and recently Aaron’s for installing invasive software on the computers they leased to consumers.
The common theme among these cases is the FTC enforcing it’s obligation to protect consumers under the Section 5 of the FTC act which, they say, gives them the right to pursue bad actors who violate a consumers expected right to privacy. Let me repeat that, the FTC is becoming more aggressive about enforcing violations of what reasonable individual would expect for privacy protections.
SLIDE: Best Practices
Mitigating this risk is not difficult if you are paying attention to the issue. Are you following best practices for protecting your data? Salesforce publishes helpful guides in this area such as the Security Workbook and Security Implementation Guide.
Getting your security right and complying with legal requirements, which you should consult with your legal counsel about, are a baseline. That is the army protecting your home front. But think about all of the ways you want to make use of that data. Do you have user’s permission to use their data they way you intend on using it? Have you been transparent about your intent?
This is an interesting time for privacy. Things are changing rapidly. Laws are changing, technology is advancing and expectations are difficult to fully understand. All of this makes proper risk assessment of privacy matters challenging but not back breaking. If you have responsibilities in this area education is critical, you need to know what the current landscape looks like as well as predict how it is likely to change.