Top Ten Email-Related Privacy Questions for 2010:

1. If you knew who, or how many, of your email subscribers were also Facebook, Myspace, Twitter or other social networking ‘friends’ or ‘followers’, how would you communicate with them differently?
2. Have you considered the potential synergy of using email behavioral tracking information to drive online advertising media buying efforts?
3. Are you tracking email acquisition sources or other user attributes to identify patterns and reduce recipient abuse complaints?
4. Will your users perceive a potential benefit or be turned off if you collect more demographic or lifestyle information via acquisition or preference center pages?
5. Is it time your privacy policy was updated?
6. Do you reference your data services providers (such as your ESP) in your privacy policy and indicate how subscriber and website visitor data is being tracked and used?  Email privacy@cheetahmail.com for a copy of a full compliance briefing guide on this topic.
7. Do you enable third party cookies to be used on your website for advertising purposes, and if so, is there a section in your privacy policy or elsewhere explaining how users can opt-out from receiving these cookies?  For more information on this topic, please refer to these cross-industry guidelines.
8. Have you ever thought about how email traffic drives your competitors’ website activity and how it could improve your own email relevance?  (Yes, this is a shameless plug for our sister company, Experian Hitwise, and it has little to do with privacy, but it’s still worth considering!)
9. Have you ever referenced or referred subscribers to the Privacy Policy or User Policy Guide of your ESP to provide educational information on how your ESP uses client data?
10. Do you know your company’s Chief Privacy Officer or other privacy affairs representative?  Isn’t it time you did?

For more information on Data Privacy Day, we encourage you to visit the official Data Privacy Day 2010 website.  To discuss any of the above questions or others you have about privacy in general, email privacy@cheetahmail.com.

Today was a landmark day for me – I was the victim of some misused personal information!

I am joking about the “hooray” part, of course. Data privacy is no laughing matter, and if the information that was exposed to me today had been more significant, I would be pretty angry right now. As it so happens, it was not, so I feel comfortable sharing it with you all in the hope that we can all learn a bit by others’ foibles.

So at around noon today, I received a phone call from a representative at a home improvement ratings & reviews service that I am a happy member of. Unlike most review services, this one is a pay system that works on a subscription model, so it is not that strange that they would be contacting me with account or service information. However, after a moment of basic customer satisfaction survey-type questions, the conversation moved into some uncomfortable territory.

“Have you used any of the contractors or vendors that you have recently researched on our site? Would you like to review them now?” the representative asked.

“No, I have not,” I replied. “I have done some research but not yet used any of the contractors I’ve found on your site. When I do, I will post my reviews online.”

“Ok,” she answered, pausing for a moment. “Well, what about [name of vendor]? I see that you looked them up recently. Do you have a review for their service?”

“Um, no. I just told you that if I did, I would have posted a review online,” I responded.

“Or what about [name of another vendor]? I see that you pulled their record up within the past few months as well,” she asked.

It was at this point in the conversation that I was reminded of Ben Isaacson’s post on our site last month, “A Belated Privacy Day Top 10.” In case you missed it, Ben’s piece included the following tip to responsible online marketers:

2) Never personalize emails by casually dropping Big Brother-ish web analytics data; “Since you opened and clicked through 4 of the last 6 emails, we thought you’d like this offer.”

So here I was, staring a privacy violation right in the face. What is a marketer to do? I came back with this:

“Listen, I enjoy your service but do not feel comfortable having my online behavior revealed to me over the phone. If you would like to keep me as a customer, perhaps you should re-examine your privacy policy. If I have any reviews to give, I will post them online.”

In retrospect, I probably should have ended with “I said good day, sir!” but hey, you can’t win ‘em all. In the meantime, I can take a little comfort in trying to spread the word to other marketers on how to best treat your customers’ behavioral data. Use web analytics responsibly!

In case you didn’t know it, January 28 was

Top 10 Things Responsible Email Marketers Should NEVER Do:

1. Never send an email to recipients who have complained and ask them, “Why did you press the spam button…I thought you liked our stuff?”
2. Never personalize emails by casually dropping Big Brother-ish web analytics data; “Since you opened and clicked through 4 of the last 6 emails, we thought you’d like this offer.”
3. Never further personalize emails by saying, “We saw you shopped for 3 hours the other night for this exact item, so here it is!” 
4. Never require customers to register (or login) before they can unsubscribe from your list.
5. If you append Experian INSOURCE® (or other) demographic profiles, never over-share non-personally identified information; “Since you are a single male over 35 who loves dogs, we thought you’d also love this.” 
6. Never share email lists with partners.
7. Never embed registration forms in emails.
8. Never tell users they must reconfirm their list subscription by clicking through and providing all of their personal information. 
9. Never use Refer-A-Friend technology to automatically add forwarded friends to your email list.
10. Never mail your unsubscribed recipients and say; “We know you unsubscribed, but our Email Service Provider told us it was OK to keep mailing you!”  :-)

Happy (Belated) Data Privacy Day!