By Tom Polanski, EVP, eBrand Media and eBrand Interactive

I’m surprised by the number of companies that lack an understanding of how to improve stickiness on their site. Every end-user approaches a site for the first time with a degree of anxiety. We’re all a little apprehensive about whether the site will be secure, easy to navigate and, ultimately, whether we will actually get what we order.

Over the years we’ve looked at perhaps a hundred thousand sites and we’ve found that the best sites (and best converting sites) have security symbols above the fold, crisp images and convey a feeling of orderliness. Additionally a shopper is made to feel comfortable in other ways too; most importantly, no surprises! The “best practices” site will give the shopper a window view on availability and shipping costs well before they arrive at the check out page.

A real concern for end-users, too, is privacy…the collection and use of personal information. Studies show that 30% of the online population is still wary of giving out their personal information and an astounding 51% don’t trust search engines to keep their search data secret. Additionally, 30 percent of consumers report reducing their overall use of the Web, while 25 percent say they no longer make online purchases, according to WebWatch. The report, “Leap of Faith: Using the Internet Despite the Dangers,” was based on a survey of 1,501 online adults. 

Even those who continued to shop online reported taking precautions. Fifty-four percent of online shoppers said they now are more likely to read a site’s privacy policy or user agreement than in the past–while 29 percent say they shop online less frequently than before.

It’s a hot button issue for end-users and marketers too.

Representatives from a leading publication talked to a former Federal Trade Commissioner and a privacy expert about collecting cookie data, ways to build consumer trust and five privacy failures. Plus, three marketers’ policies you should emulate.

“If you are a premier brand, you have to not only say that, ‘We stand for quality. We stand for service.’ But also, ‘We stand for privacy principles. We share data in *these* types of situations. We handle data with *this* level of care,’ ” explains privacy expert Alan Chapell, President, Chapell & Associates, who founded the privacy program at Jupiter Research.

With technology constantly changing and shifting marketing practices, it’s not getting easier to define the rules of the road when it comes to ecommerce privacy — especially when consumer advocates and the online community appear to still be out-of-synch.

The biggest difference today is marketers’ ability to deliver targeted behavioral ads to consumers without collecting personally identifiable information, says Christine Varney, who served as a Federal Trade Commission in the Clinton administration and is now a Partner with Hogan & Hartson, where she counsels brands, such as eBay, MySpace, Zango, DoubleClick and AOL.

“You need to deliver targeted ads in a privacy-friendly matter,” says Varney. “The good news is that marketers are getting smarter about their tactics. The bad news is that people are still screwing up and not being as straightforward as they need to be about what information they are collecting.”

Varney and Chapell offered six strategies for marketers to follow:

-> Strategy #1. Set standard across all channels

Not enough big-name brands have multichannel privacy policies. Privacy issues should be consistent in ecommerce, catalog, mobile, point-of-purchase retail and call center operations.

So, is anyone getting it right? Chapell mentioned Best Buy, Hewlett-Packard and Procter & Gamble as three companies doing well at creating singular privacy policies (see links to their policies below).

-> Strategy #2. Costs and disclosures

Yes, it costs money to run a good privacy program. Costs are determined by many factors, including:

o What kind of data you collect and from how many sources
o How many third parties touch the data
o How automated the collection process is
o How sensitive the data is (different security measures for Social Security numbers than non-person-identifiable data, such as cookie data)
o How many platforms you offer the data on
o How many jurisdictions you operate in globally

“It’s a challenge to get implemented in an organization because it’s not a revenue-generator,” Chapell says. “But you need to source the ROI for privacy by looking at the risk-reward of it.”

Three other concerns:

- Data that doesn’t cost much probably is not worth much — certainly not worth the cost of getting in trouble with regulators. “Big brands cannot afford to use substandard data partners,” Chapell says. “While it’s truly cool that people working out of their garage can compete with the big guys, it is also true that if you are larger you are going to draw the attention of the regulators far, far quicker.”

- Advertisers must be sure that their partners comply, too. Have someone on your staff routinely visit partner sites to watch practices and receive their newsletters. Whenever possible, upgrade your back-end technology so that your marketing efforts are delivered third party as little as possible. It simply gives you greater control over your brand identity.

For instance, gaming site Zango, which went thorough an FTC investigation recently and received counsel from Varney, quit allowing the downloading of their software from a third-party site. The messages always come from their server now. “It’s really cut down on confusion,” Varney says. “Now, there’s implicit instructions at Zango that helps people remove the software.”

- Think the whole “Big Brother” thing is overrated? Look no further than what’s happening between DirectRevenue LLC and New York Attorney General Andrew Cuomo. In a trial that was initially about spyware distribution, Cuomo’s office — along with the FTC — have argued that DirectRevenue’s advertisers have benefited from the company’s “misleading software.”

“Advertisers need to understand that at least in New York state, the attorney general will go after them if their marketing partners are not using the highest standards of consumer protection,” Varney says.

-> Strategy #3. Cookie permission

Privacy experts say, “Be consumer-friendly. Obtain more permission on ALL the data you collect.” Yet, merchants are collecting anonymous cookie data at an increasing rate in five out of seven retail categories this year compared to 2006, according to recent MarketingSherpa data.

This is why marketers need to explain to consumers what they’re doing and give them as many choices as reasonably possible.
The importance of building trust online with strong, consistent branding and customer-centric practices

“If I sign up for an email that’s going to give me the daily weather forecast in my neighborhood, you’d better tell me if you plan on putting a cookie in that email and tracking me around the Internet and delivering me targeted behavioral advertising.” Varney warns.

-> Strategy #4. Give more control to consumers

Over the next six to 18 months, Chapell says, organizations in the behavioral targeting space — even if all they are doing is collecting information from cookies — need to implement what he called “layered notice regimes.” These will increasingly provide some level of access so customers will know what information has been collected about them.

The layered notice regimes will be similar to online accounts in which the customer can log in and see what has been collected about them.

-> Strategy #5. Follow-through system

Certified programs and security seals are nice, as are privacy statements. But you need to have a follow-through system in place and constantly evolve the policy. For instance, a Web 2.0 community’s policy from a couple of years ago probably doesn’t deal with widgets. In short, the programs are certifying a shrinking portion of the pie.

“Writing a privacy policy can be, in and of itself, just window dressing,” Chapell says. “I recommend that you have one because in many situations it’s legally required, but you have to follow through and show that it’s actually important to the brand.”

-> Strategy #6. Five privacy failures

We understand that some of these failures have been touched on already, but they’re worth repeating:

o Failure to understand how your actions might affect others in the business ecosystem
o Failure to adequately vet and monitor your business partners’ practices
o Failure to update your privacy policy as your business model changes
o Failure to offer enough choice in how you interact with your customers and how much information you collect on them
o Failure to integrate privacy across multiple channels. Once again, privacy cannot be silo’d from the rest of your organization