by David Kirkpatrick, Reporter

Marketing automation software is a powerful marketing tool. So powerful, in fact, implementing it in your marketing efforts involves privacy issues that you might not even be aware of.

To help navigate this landscape, we turned to two experts representing marketing automation software vendors -- Adam Blitzer, Chief Operating Officer and co-founder, Pardot; and Dennis Dayman, Chief Privacy and Security Officer, Eloqua -- and one expert in online privacy, Scott Meyer, Chief Executive Officer and founder, Evidon, a dedicated provider of privacy and compliance solutions for digital media.

This article offers five privacy factors you should consider if you use marketing automation: how marketing automation involves privacy, the difference between first- and third-party tracking, the recent EU privacy directive, marketing transparently, and how to handle the data you collect.

Factor #1. Understand how marketing automation involves privacy

Blitzer explained, "Where analytics tracking has been around for a long time, I think the biggest difference with marketing automation is that it really takes that '10,000-foot view' that you are used to getting from a Google Analytics tool, and it takes you down to sort of a 10-inch view."

He added, "You are getting, 'What is David Kirkpatrick doing on my site? What is Adam Blitzer doing on my site? How often has this specific individual come back, and what is he looking at?' So instead of this aggregate view of what everybody is doing, you can really see what this one individual person is doing."

Of course, with that granular knowledge comes privacy concerns that involve more marketing pieces than just the website.

Marketing automation software can be used in many ways, but one real power behind the tool is the ability to track and score leads.

Dayman provided an example by explaining how this tracking allows marketers to send more targeted and relevant messages.

He said with "batch and blast" marketing, a marketing message is sent to an entire email list and hopefully reaches a prospect who is ready to become a customer. With tracking through marketing automation, how that email is handled by the recipient is tracked.

When that email results in a website visit, the prospect's activities are logged through a cookie, and most likely scored, to determine what marketing messages they will receive in the future, or if they are handed off to Sales once the score reaches a certain threshold.

Here are some prospect activities tracked by marketing automation:

• Email open rate


• Email clickthrough rate


• Web visits


• Web activity, such as a content downloaded or video watched


• Company content hosted on third-party sites, such as YouTube video or white paper downloaded from another website

Factor #2. The difference between third-party and first-party tracking

One important aspect of privacy concerns with marketing automation is the tracking consists of all first-party; that is, the tracking is done by the company the prospect is interacting with and the information gathered is not shared with any other parties.

In the world of online privacy, third-party tracking gets a lot more attention from privacy advocates and regulatory agencies. An example of third-party tracking is a cookie from an advertising group that looks at online activity across many websites.

This data is then shared to build a user profile for targeted advertising. This is also known as "targeted behavioral advertising" because the ads are targeted based on behaviors observed through third-party tracking.

Blitzer said the distinction between first- and third-party tracking is important.

"That is a big distinction between marketing automation, which is all first-party, and ad networks, which are the focus of, at least in this country, the government's privacy efforts," he stated. Outside the U.S., though, those distinctions matter less.

Factor #3. The European Union is implementing regulation on first-party tracking

The European Union (EU) has shown concern around tracking mechanisms such as:

• Website cookies


• Web beacons


• Flash cookies

Its response was to require websites to display privacy policies and offer a clear way to opt-out of this tracking.

"In 2009, the European Union updated their model, if you will," said Dayman. "They have decided to take it a step further and said, 'Well, because you can glean a lot of data from the tracking mechanism, you can actually learn a lot more about an individual and again re-identify information that used to be anonymous.' They now require explicit opting-in to tracking mechanisms."

Although this directive affects marketing automation users, the actual situation in the EU is still a little bit muddy. The regulation is currently not being enforced, although that is likely to change at some point.

Meyer added the EU directive "isn't clear," and it really concerns cookies rather than different software tools, such as marketing automation, that might impact online privacy.

The main issue right now is the directive involves 27 different countries, and each country can handle the opt-in requirement how it chooses to.

The options for this cover a very wide range. Some countries might require a check box on a Web form that explicitly asks for an opt-in for tracking. Other countries might take a more simple approach where if a Web visitor's browser accepts a cookie, then that is considered an acceptable opt-in by the user.

"What we have seen now is unfortunately only seven countries have made any sort of comment, or any attempt at creating a law or regulation to abide by the new directive, and most of them have taken the route of allowing the browser (after the user initiates the 'do not track' option) to make that choice," said Dayman.

He added, "That's good for marketers because they are using tracking mechanisms and they may want to look at it whether their service provider or in-house solution uses first-party cookies versus third-party cookies because [user-customized] browsers typically accept first-party, but reject third-party, cookies."

Blitzer explained how the EU directive will affect marketing automation users down the road, "You could say, 'I want to ask for consent for everyone from Germany, but not for people from the UK and Canada.'"

Online privacy regulation issues are not limited to the EU. Dayman said right now Singapore is asking for consumer comments on a potential framework around privacy issues and data protection.

He added, "It is a very serious thing and something that is not going to go away. We expect to see some more of this sort of stuff happen in other countries."

Factor #4. Transparency is a good marketing practice

Here's a quick scorecard on marketing automation and privacy -- first-party tracking is not as large of a privacy concern as third-party tracking, good news for marketing automation users; uncertainty around the new EU privacy directive and a general atmosphere of government activity and end-user concern related to online privacy around the world, not such good news for marketing automation users.

Given this information, what should a marketer do?

Meyer said instead of being concerned about compliance issues and regulation, marketers should begin by focusing on transparent marketing practices.

"The first thing that's important for companies to understand when they are using this type of technology is what matters is perception among the people that they are trying to reach," stated Meyer.

"That is as important as specific compliance with any set of laws because the same principles for B2C marketing apply to B2B, which is that people are much more likely to trust and transact with brands that are transparent about what is happening," added Meyer.

He continued, "In terms of working with vendors in your own databases, it's essential that these companies provide transparency to what's happening and (to provide) the ability for the people that they are trying to target to opt-out."

Transparency is always a good marketing practice. Especially with the complex B2B sale because you are building relationships with prospects and you don’t want them to feel you are misleading them or "tricking" them somehow. In fact, a major benefit of marketing automation software is that it really facilitates the process of lead nurturing. The last thing you want your nurtured lead to decide is that you are not trustworthy.

Here are some steps you can take to show your efforts at protecting your prospect's privacy and market transparently:

Start with the privacy policy

Blitzer said the place to start is with a clear privacy policy that states exactly what you're tracking, such as:

• Website visits


• Email activity


• Response to offers

And also note that some anonymous tracking could possibly identify organizations or location by IP address. Blitzer added that just placing the privacy policy as a link in the footer of the website will just leave the policy unread by most visitors.

Blitzer suggested making the policy more available by adding a note to Web forms stating you respect privacy and including a link to the policy. He said it's important to have a strong privacy policy, and to also remind people that it exists and how they can find it.

Along with the full privacy policy, it's also a good idea to have a simplified version with bulleted points, for example, that covers what data is collected and how that data is handled.

Dayman offered an important point on privacy policies, "Have [companies] changed their privacy policy to stay up with new technologies?"

He said five-year-old privacy policies most likely don't address social media, or sharing and tracking buttons that have been added to the websites.

Dayman stated, "They need to go back and look at their internal process and find out how they are collecting that data and how they are using it, and again how transparent are they with that individual."

If you have recently implemented marketing automation, be sure your privacy policy addresses any new first-party tracking you are engaging in.

Honor browsers’ “do not track” option

Most current Web browsers have a “do not track” option that users can enable.

Blitzer explained, "All that does is sends a header to that website that says, 'I don't want you to track my website activities.'"

This option doesn't actually prevent any tracking from taking place, each website or third-party ad has to actually honor the request from the browser.

"I think that is a really interesting opportunity for marketers to make sure that system is enabled so you are at least automatically respecting the wishes of people visiting your website," stated Blitzer.

Doing this will obviously affect your marketing automation tracking and scoring, but it does show your concern with the privacy of people interacting with your website.

When in Rome…

Even if privacy regulation doesn't legally impact you, it is a good idea to understand how each market you operate in views online tracking and privacy.

Right now all the regulation around first-party tracking is happening outside the United States. Both Dayman and Blitzer agreed even if the EU was enforcing compliance of its new directive, for the most part, U.S. marketers wouldn’t face any real sanctions by not complying with EU regulation.

Blitzer said this is not reason to ignore local customs in terms of handling personal data.

As an example, he said if you have clients in Germany but don’t comply with German privacy laws, you might face local backlash in any deals you might be working on.

"I think you might be perceived as not taking their market seriously, and not taking their concerns seriously," stated Blitzer.

Factor #5. Handle all personal data like it is your grandmother's

As a responsible marketer, you provide prospects with a clear privacy policy that lets them know exactly what data you are collecting on them and how it will be used; you also offer them the chance to opt-out of this collection, even making this process as easy as honoring a browser "do not track" option.

For the many people who engage with your marketing automation first-party tracking, how you handle all the data you are collecting is the final step of protecting the privacy of those Web visitors.

"I think unfortunately some companies treat a prospect, or a profile if you will, as just being a number versus being a person or a human being," said Dayman.

He continued, "If you are going to handle some information, treat it with the same reverence that you would your own grandmother's information."

This means when collecting that data you should tell your website visitor:

• I need to borrow that information


• I'm going to do X, Y and Z with it


• I'm going to put it in this system


• No one but a select few people will have access to it


• I'm only going to need it for a week or two


• Once I'm done with it, I’m going to shred it and get rid of it

This checklist goes to the heart of transparency. Offering prospects the full blueprint of your tracking process and exactly what happens with data at each stage.

Because there is so much data created and collected, through marketing automation tracking and other means, Dayman said he would like to see more training on properly handling that data.

He explained, "So you are maybe just a marketing manager, or an email marketing manager, but you are somehow touching that data, using that data, and processing that data to infer something."

"You should be trained on how to properly handle that data, how to secure that data, and how to get rid of that data when it is time to," said Dayman. "Not just throwing it in some bin, but electronically or physically shredding that information."

Useful links related to this article

Eloqua

Evidon

Pardot

Best Practices in Email List & Website Privacy Tactics

US Privacy Update: Experts Offer 6 Strategies to Build Consumer Trust

Lead-Gen Revamp with Automation and Scoring: 7 Steps to 190% Increase in Sales Conversions

Online Advertising: Behavioral Ads Threatened

Database Marketing: Is Someone Examining You Right Now?

Transparent Marketing™