Information Security Procedures and Privacy Protection

Transcription

1 Information Security Procedures and Privacy Protection Michele Dow, Associate Marketing Consultant Eli Lilly & Company Monday, February 25, 2008

2 Environment Today CAN SPAM Increased Privacy Needs Technology has enabled customization to reach precise customer groups and elevate targeting strategies Consensual or permission marketing is becoming more main stream and a requirement of CAN SPAM. Consumers expect it. Consumer information is personal and private 2

3 Legal Environment FTC Podium Speeches Do what you say. Must disclose all material uses of personal data or could be deceptive. Failing to have a privacy notice - could be prosecuted for unfairness. State Attorneys General What steps have you taken with vendors? NY We use the ignorant consumer standard NY, CA 3

4 Private not known or intended to be known publicly; intended for or restricted to the use of a particular person, group or class Privacy freedom from unauthorized intrusion Source: Webster s Dictionary, 10th edition 4

5 Legal Environment Choice/Notice Access Security Many people/entities are telling companies that handle personal information how they must do this Attempting to respond to each varying requirement is extremely difficult and will become almost impossible Key = establishing a program that sets policy and operations at a level that will allow for agility 5

6 Privacy Program and Marketing Compliance Partnership-based Required & important Drives compliance and doing the right thing A greater understanding and ability to make decisions Stick VS. Carrot How does this work at Lilly? Boards, stewards, formal and informal education forums; 2-way consulting and conversation; making each other better 6

7 Making It Personal The Lilly Precedent: FTC in the matter of Eli Lilly and Company, Docket No. c-4047, May 8, 2002 Eli Lilly and Company Assurance of Voluntary Compliance and Discontinuance with Attorneys General of Eight States, July, 2002 The Disclosure: sent to 669 individuals with addresses of the addressees in the to: line The Privacy Notice Claim: We respect the privacy of individuals who visit this site. 7

8 Making It REALLY Personal Commissioner Swindle during his meeting with Lilly in January, 2002: Lilly is a fine and ethical Company and I hold you in the highest regard. Because of that, I have high expectations: that you will treat consumers fairly, not just because the law says you have to and not just because it makes good business sense, but because it is the right thing to do... 8

9 Lilly s Consent Decree Lilly Precedent: FTC Settlement 20 years; State Settlement no termination Make no misrepresentations Create formal privacy program with appropriate oversight 5 year retention of records Create appropriate policies and procedures to protect personal consumer information Discipline is expected if policies are violated Provide appropriate annual training Audit privacy program annually - external consultant Should sound very similar to OIG/HHS guidance 9

10 Promises to Consumers Each of the following claims from privacy notices should be supported by a program : We recognize the importance of protecting the privacy of the users of our web sites Any such information is held on a secure server operated by X company We will not sell or rent personally identifiable information to any other third party without your permission Personally identifiable information will not be sold, rented or exchanged outside of X Company unless the user is first notified and expressly consents to such transfer We will limit access to this information to those X Company personnel with a need to know These apply to all operations unless explicitly limited per FTC. 10

11 Setting the bar and driving business but how? 61% feel that the amount of marketing and advertising is out of control and 65% feel constantly bombarded with too much marketing and advertising. Press release, Yankelovich, Consumer resistance to Marketing reaches an all time high (April ) 80% (of consumers) believe corporations are too concerned about profits and not concerned enough about responsibilities to environment employees, consumers, surroundings. 66% believe corporations will take advantage of the public if they believe they won't get caught. 63% believe even "well-known, long-established companies cannot be trusted to make safe, durable products without government setting industry standards. 11

12 Trust the good news The promise More information about our customers will lead to delivery of goods and services targeted to their individual needs. VS. The reality Corporations have simply used the additional information to do "more of the same" we haven't changed anything, we've just increased the rate at which we're saying it (more spam, more advertising, more s, more sales calls, etc.). 12

13 Marketing Why? Defining of a relationship: A state involving mutual dealings between people or parties or countries or a state of relatedness or connection Source: Webster's Dictionary, 10 th Edition Definition of Relationship Marketing: A form of marketing that puts particular emphasis on building a more intimate bond between an organization and its individual customers. Pearson Education 13

14 Consumers will want your information and give you consent if you offer value to them Step 1: Define consumer lifecycle phases Step 2: Determine consumer s Moments of Truth Step 3: Align business objectives with consumer lifecycle phases Step 4: Develop RM objectives that support the business objectives Step 5: Align program tactics with RM objectives 14

15 Know your customers needs first and foremost!!! Understand the customer lifecycle and key purchase decision/retention moments and influencers Leverage breakthrough insights and create a reason to drive engagement Treat customers differentially message, channel, investment Understand economic drivers Optimize through a test-and-learn discipline 15

16 Relationship/ Marketing Start Backwards What customers needs and insights are necessary for the campaign? Does the program set the right expectations with the customer? Did program generate positive ROI and brand equity Define preferences and value for the target audience Can you optimize the program? test and learn is in action enhancements are evolutionary and grounded in data and customer feedback Are customers seeing value from the relationship 16

17 Putting together your tactics is just the tip of the iceberg Strategy tactics and Analytics Database structure, Registration process, Data entry process, and Direct Mail fulfillment, IVR, Data entry, sending engine, analytics Database vendors, Web vendors, vendors, Exhibit or Event marketing vendors, Market research facilitators, IT support companies 17

18 Operations Living up to our end of the deal Develop and follow standard operating procedures Centralize your Database and Provider's) The Database is the powerhouse tool at the core of good Program Nothing can run on auto pilot Ensure data integrity and accuracy - TEST Process opt out requests Hold all parties (especially outside vendors) accountable for data security and integrity Build trust and clear business rules 18

19 Devil is in the details.. Have staff and vendors sign off on SOP review Draft interface agreements with all your vendors Password protect where there is data Make sure all connections are secure Be explicit with how data should be passed have data transfer guidelines Create escalation paths and incident response team Detail timing and events like 0 records Bring vendors up to speed-document certification process 19

20 Keep it safe Secure Collection Secure Storage Secure Transfer Includes secure channel and/or data encryption. 20

21 Checklist Be fair and put yourself as a consumer often Be clear and upfront Have senior representation on privacy policies and standard operating procedures Everyone, not just certain representatives, should embrace the spirit of a patients privacy because it s s the right thing to do Be transparent and allow for choice Ensure your data integrity and accuracy 21

22 The Fix Do what you say, say what you mean One Thing leads to another 22

23 Credits/Thank You Michele Dow, Eli Lilly & Company