SearchCRM.com sat down with Ray Everett Church, who was recently appointed to be the director of privacy and industry relations at Responsys, an email marketing software firm. Church is a lawyer by training and also boasts of being the world's first chief privacy officer, a position now becoming more common. He first held the CPO role at AllAdvantage, an Internet startup known for the slogan, "Get paid to surf the Web," a business model with some serious privacy concerns.
SearchCRM.com: Tell us about your past work as a chief privacy officer and what brought you to your current position.
Ray Everett Church: I worked as an evangelist for incorporating privacy not only in the corporate arena but in the messaging the company sent out, as a way of demonstrating its commitment to protect consumers' personal information. Within a few years, most of the Fortune 100 firms had someone in a role as a chief privacy officer or someone tasked with managing privacy issues.
Coming here, I'm bringing that knowledge and experience to help leverage the capabilities that Responsys offers and helping to work with our customers to make sure they're engaging in best practices and are ahead of the curve in terms of what are appropriate and effective privacy measures.
What is the next curve?
Church: A couple of things with privacy and trust-enhancing technologies.
On the email side, there's the increased use of authentication to help essentially verify the accuracy of the sending information and the integrity of the message and who it claims to be from.
Email being delivered today has to run the gauntlet of protections that receivers have set up to protect their own users. Authentication is a big piece of that email component.
Extended validation certificates for Web browsers are helping identify and recognize the legitimacy of the websites you go to. With SSL [Secure Socket Layers], when you go to make a transaction and you see a lock that demonstrates you're making a secure connection to the server, part of that is digital certificates that establish that connection. They're easy to obtain. You pay money to VeriSign and you're off and running. It doesn't tell you anything about the nature of the company you're linking to.
Extended validation certificates are issued only after a more detailed evaluation and reputation check. Instead of paying a fee and getting your certificate, they look at the business and its legitimacy. Do they have a postal address, or are they a fly-by-night operation? It's just another way of ensuring that when you go to that site -- when the lock locks, it's not a matter of securing the data but securing the entity of the company you're doing business with.
The most recent versions of Internet Explorer, Firefox and -- I believe -- Safari support checking of validation certificates. You'll see the company's name or logo appear in a highlighted area in the address line.
We're starting to see more and more entities using those and also using authentication in the emails that drive people to those websites.
In my own surfing experience, I'm starting to see that more and more. And consumers, once they begin to see and recognize them, can be trained to look for those much as they've been trained to look for the lock mechanisms.
So how do you quantify privacy as a competitive differentiator?
Church: It's always difficult to quantify the value of privacy. It's something that's recognized only in its absence. That's when you recognize the challenges and issues. Increasingly, if companies include privacy in their messaging and make it a core part of their engagement with customers, what you can see is some uptick in the metrics of trust.
Consumers are looking to email as one of the most important communication channels they use, but they recognize the threats inherent in it. When they feel better about the trust that's represented in the website experience or message, their overall impression of those companies goes up and they're more likely to do things like add them to the safe senders list or address list so they won't get lost in some folder. They're more likely to click through and engage in transactions.
The bottom-line benefit of privacy can be difficult to quantify in a concrete way, but it's very much akin to divining the value of your brand and reputation as a company, because it becomes part and parcel of the impression consumers have of your organization. It is most powerfully felt when it is gone.
What metrics do you use to measure privacy efforts?
Church: Deliverability. Open rates feed into a sense of trust. But at the end of the day, it's sort of a more holistic message than tweaking one thing and looking for the results in a log file.
When comparing themselves against competitors and others in the marketplace, companies can begin to see whether they have issues or problems by looking across the industry to compare open rates, delivery rates and the like. It's a bit of an art as well as a science, but integrating privacy into your overall strategy is definitely a component of strengthening your reputation.
Who should be in charge of privacy? Should they come from marketing? From the legal department?
Church: The best folks in the space tend to be a hybrid. I'm a lawyer by training [and] have a long background in policy and law, and some familiarity with the technology.
That sort of knowledge informs how I tackle privacy issues. What I've seen is that the most successful privacy professionals balance the legal, the technical and the marketing and are equally facile with all of those areas.
Does a team concept work, or do you need one person in charge?
Church: I've seen teams work, but at the end of the day you need one person with some sort of responsibility where they're creating visibility across the enterprise and can dive into the issues and shape the company's privacy position.
Teams work, and in some of the best situations there will be a privacy officer and designated privacy people in product groups or marketing groups drawing from different corners of the organization to make sure the privacy values are integrated into the organization.
What's your sense of the shift in privacy? Are people more willing to give up information? Do they want more in return?
Church: People have always been willing to trade privacy for convenience. Organizations continue to grow an appreciation for how valuable people's private information is. The value proposition for giving up information really needs to be there these days. Folks are a lot more savvy about what information they'll provide under what circumstances. Marketers will have to dip deeply into the well to come up with offers.
Any last thoughts on what marketers can do to prepare themselves to value and leverage privacy?
Church: This is not something you can do yourself. The issues facing marketers in this global marketplace with the wide array of laws and practices can be just overwhelming for a single organization to keep track of and manage. Unfortunately, in a lot of organizations, privacy arms are not given unlimited budgets and resources.