Home Start here Purpose Here's why On-line Weekly, free, essential Outlook It costs, but you can't afford to be without it Framework What's dot-com quality? It's all here Top five This is our list - what's yours? Masterclass Best practice in ten minutes Buzz Captured from the e-stream USER_NOTES Content changes frequently! PRIVACY It's simple! Get in touch!Things you’d like to see included? Examples, references, opinions or criticisms?

Last update Saturday April 15, 2000 Beta Issue TenMinute Masterclass Ethical behaviour/customer privacy Ethical behaviour is the fifth element of DCQ's Quality Framework (a diagnostic tool for self-assessing dot-com quality). Question five asks for a response to the statement “Values such as integrity, respect, trust and fairness are highly valued. Customer privacy and information integrity are paramount. Stakeholders understand their ethical responsibilities.” If you asked your customers to rank your organisation by those criteria, where would you score? Are you sure about that? What about your own team – how would your employees rank your firm on those criteria? What about your supply-chain partners? If you're an investor, what about the firms in your portfolio? The issue Central to the question of dot-com ethics is the area of customer information – what is it used for, and how do you guard it? A recent Business Week/Harris Interactive poll asked 1,014 people 'If you shop online, how concerned are you that the company will use your information to send you unwanted information?' In February 1998 65% were very or somewhat concerned, only 4% were not at all concerned. In March 2000 the same question got a 78% 'very or somewhat concerned' response. Asked whether explicit guarantees about their personal information would encourage on-line shopping, 57% responded positively in 1998, 73% in 2000. It's time for some rules, according to Business Week. And it's time to ask yourself some hard questions about how you, or the firms you are interested in, deal with privact. The high-profile privacy gaffes of DoubleClick, RealNetworks, and Amazon, among others, have shown consumers that e-commerce companies have an intense interest in their private information. For about 9 cents, according to Business Week, some medical data sites will sell you your neighbor's history of urinary tract infections. “Your speeding tickets, bounced checks, and delayed child-support payments are an open book. In the background, advertising services are building profiles of where people browse, what they buy, how they think, and who they are. Hundreds of sites already are stockpiling this type of information – some to use in targeted advertising, others to sell or trade with other sites.” Here's how to approach this issue in your dot-com (1) Explain what you do - Adopt a simple plain English policy, make it highly visible, and apply it uniformly across the whole enterprise, for all customer transactions. Look for third-party or industry standards, and if they exist, consider using them as a guarantee - If you've got a legal department, track down the case law – there is some (New York City's DA vs Chase Manhattan Bank and Sony Music Entertainment Inc, for example) - Base your policy on fair information principles – clearly address choice, access and security issues. Make it clear what your data-sharing approach is – by breaking out all your tracking techniques (as RealNetworks now does) and explaining them in plain language. (2) Give people a choice - Proposed US federal laws will require 'opt-out' provisions. There are also moves (Senate Bill, Robert Torricelli, D, NY) to require that 'opting out' is the default option, and that customer and site user information will only be collectable if people expressly 'opt-in.' Many web executives are concerned about the traffic-killing potential of opt-in solutions. Getting in first with a robust opt-out solution may be the lesser of two evils - Because opt-in approaches (permission marketing) may offer high levels of confidence to users, it may be a suitable tool to build loyalty and trust where personal information is highly sensitive (on health and finance sites, for instance). (3) Show your data - Sure, you've got user information all over your site – databases were not set up for easy interrogation by customers, or to aggregate all the information about each individual transaction in a customer-accessible format - It's not easy, and retrofitting may be expensive. Better – design new systems so that they will more easily yield user information. (4) Beware of the sanctions - Explanations, choice and transparency will go a long way to reassuring your customers that their information – and their business – is safe with you - But beware of the law. Enforcement in this area is difficult, currently almost non-existent (and that can be a problem, too), but it's on the way. Business Week favours giving the job to the Federal Trade Commission. Here's how to track and measure improvement Your customers and on-line partners are going to be increasingly apprehensive about their privacy, and about how you safeguard the information you collect from them and about them. Clear and unambiguous standards, visible to all stakeholders, will soon be an entry-level requirement. Industry best-practice will provide greater reassurance, once it is established. But to climb above the worry level, you may have to adopt an assertive approach to continuous improvement. Here's our prescription: - Establish a set of 'privacy' metrics (for best practice in selecting and using metrics, go to www.dot-com-quality.com/metrics.html) - Choose metrics that reflect customer's needs (stand in your customers' shoes), not just those which are easy to obtain (but mean little to the people whose data you collect) - Metrics might include privacy-related complaints, percentages of users who choose opt-in provisions, extent of employee knowledge about privacy issues, extent of company-provided training in ethics, 'perception' polling of customers and partners, benchmarking against industry champions, and so on - Track, review and continuously improve the key metrics, and publish them frequently - Set up an ethics team (for an introduction to team problem-solving, go to www.dot-com-quality.com/teams.html), and consider appointing 'customer' representatives - Whenever new products, new customer interactions or new businesses to business relationships are created, hold the key processes up against an ethics template and check for gaps. All new product introduction processes should include consideration and resolution of ethical issues. DCQ's Ten Minute Master classes are modular treatments of DCQ's Quality Framework, a diagnostic tool for self-assessing dot-com quality. Material referred to in this Masterclass module includes Weblining by Marcia Stepanek (Business Week E.Biz, April 3, 2000); We know where you live, work, shop, bank, play and so does everyone else! (PCComputing, March 2000); An eagle eye on customers (Business Week Special Report, February 21, 2000); and It's time for rules in wonderland (Business Week Special Report, March 20, 2000).