Tuesday's Tip: Seven Lessons Learned In Customer Experience Strategies During A Data Breach (such as @Target's)

R "Ray" Wang

Principal Analyst and Founder
Constellation Research

R “Ray” Wang is the CEO of Silicon Valley-based Constellation Research Inc. He co-hosts DisrupTV, a weekly enterprise tech and leadership webcast that averages 50,000 views per episode and blogs at www.raywang.org. His ground-breaking best-selling book on digital transformation, Disrupting Digital Business, was published by Harvard Business Review Press in 2015. Ray's new book about Digital Giants and the future of business, titled, Everybody Wants to Rule The World was released in July 2021. Wang is well-quoted and frequently interviewed by media outlets such as the Wall Street Journal, Fox Business, CNBC, Yahoo Finance, Cheddar, and Bloomberg. Short Bio R “Ray” Wang (pronounced WAHNG) is the Founder, Chairman, and Principal Analyst of Silicon Valley-based Constellation Research Inc. He…...

Read more

Every Brand Should Have A Plan For A Data Breach

The confluence of centralized personally identifiable information, reliance on digital channels, ease of hacking of magnetic stripes, and the application of the Willy Sutton rule ( a.k.a. you rob banks because that’s where the money is) improve the odds that many organizations will face a data breach.  The question is not whether one will happen, but more a question of when and to what extent.  How a brand addresses the customer experience component during a data breach will have significant impact that will subsume all other brand efforts up and until the data breach.

Source: Target

On December 19th, Target confirmed reports of a data breach affecting 40 million customers between November 27th and December 15th, 2013.  In conversation with over 30 customer experience professionals, many lessons have been learned from the recent Target breach and the largest breach with TJX (TJ Maxx and Marshall’s).  The following seven approaches highlight pragmatic and effective strategies to responding and mitigating the damage:

1. Begin by isolating and understanding the root cause of the breach. Understanding the root cause enables a realistic understanding of all the options.  While it may take some time to get to the source, the investment in resources is worth it.  The truth will set you free from weaving an ever growing snow ball of lies and half truths.  Saying that you don’t know yet is not good enough.  Sharing how you are resolving or approaching the problem helps folks understand the why not the what.
2. Catalyze a crisis command center. The command center should not be an after thought but part of the communications readiness training.  Prioritize key data. Put all your data sources to work.  Identify a protocol for decision making.  Quickly agree on talking points and messaging.  Democratize decision making and out reach to as many spokes persons as possible.  Apply the 9C’s of engagement to build out the crisis journey map.  While Target has an excellent social media program, the challenge is tackling crisis communications in defense not offense during the holiday season.
3. Trust that transparency is the right course of action. Communicate the breach as early as possible. Do not try to cover it up as Target did. In fact, Target was outed by security expert Brian Krebs first, then Target had to come clean. The result has been disastrous.  Get in front of the issue.  It’s always easier to proactively influence than react.  Customers ultimately value transparency when they can understand the process and the efforts provided to date.  Outcomes ultimately matter but in the absence of a solution, upfront communication of the situation and approach helps bridge the trust gap.
4. Activate the advocates. Leverage social media to inform key advocates and influencers.  Share core messaging.  Update frequently.  Seek input and advice.  Provide the influencers with timely updates and in some cases first line information.  While Target has done a good job on Facebook, the issue is not the communications plan, but more that the resolution is not satisfactory.
5. Resolve the root cause of the problem. Customers seek resolution, not a patchwork of disparate solutions.  In Target’s case, the root cause is a privacy breach on card data.  The cleanest way to resolve the situation would be mass card replacement through digital distribution and self service redemption.  Target unfortunately chose to use credit card monitoring and put the onus on customers to monitor their fraud status.  Customer perceive this as a half-assed measure.
6. Make a valuable offer. Use the opportunity to bring back customers not push then away.  Provide perceived value.  Solicit feedback on potential strategies with brand advocates.  Providing a new card with a stored value amount or discount is one approach.  Target’s offer of 10% off, coverage for any fraud, and security protection made perfect sense.  However, not combining the offer with a brand new card made the offer seem hallow as it did not address the root cause.
7. Rebuild trust with subsequent engagement. Determine the next course of actions.  Once the crisis has passed, brands must continue to reassure customers on security and privacy.  In Target’s case, they will need to announce what measures have been taken, how many folks have been breached, how have folks been compensated, and what is being done in the future to prevent breaches.  If the credit card industry is smart, they will also help Target in providing solutions and investing in marketing messages.

The Bottom Line: The Shift To Digital Businesses Require A New Level Of Authenticity

Good leadership is tested in a crisis. The actions any executive has to make during a crisis reflect on the core values of the company.  Trust and transparency are key pillars of an authentic business.  In a digital world, speed is the other factor that must be considered.  Preparing for a crisis is never easy.  Preparing for a data breach is actually a bit easier. Why? It’s inevitable and a key requirement in addressing customer experience as we enter a world of digital disruption.

While Monday morning quarterbacking is easy during a crisis, the point here is to take lessons learned from other disasters and get ahead of the issue.  One crisis can take down decades and billions of marketing dollars spent building a brand.  Handling a crisis well can also remake the image of a brand.  A great example is the Tylenol recall of 1982 where the mass drug recall while expensive, proved to reassure the public of J&J McNeil’s sincerity in addressing the root cause.

When product differentiation is not enough and when service differentiation is not enough, all we have our outcomes and experiences. Customer aren’t buying product or services any more.  Customers are buying outcomes and experiences.  All we have is our brand and how you handle a data breach will determine the future of your organization.  How will you prepare to dominate digital disruption?

Your POV.

Are you ready to address customer experience strategies and incorporate digital business transformation in advance of a data breach?  Are you embarking on a digital business transformation?  Let us know how it’s going!  Add your comments to the blog or reach me via email: R (at) ConstellationR (dot) com or R (at) SoftwareInsider (dot) com.

Please let us know if you need help with your Customer Centricity and Digital Business transformation efforts.  Here’s how we can assist:

• Assessing customer centricity readiness
• Developing your digital business strategy
• Connecting with other pioneers
• Sharing best practices
• Vendor selection
• Implementation partner selection
• Providing contract negotiations and software licensing support
• Demystifying software licensing

Related Research:

• Tuesday’s Tip: Understand The Five Generation Of Digital Workers
• Monday’s Musings: The Chief Digital Officer In The Age Of Digital Business
• Slide Share: The CMO vs CIO – Pathways To Collaboration
• Event Report: Seven Trends From This Year’s Human Resources Technology Conference 2013 (#HRTechConf)
• Event Report: Metaio’s #InsideAR Conference Hails The Future Of An Always On, Always Augmented Reality
• Event Report: CRM Evolution 2013 – Seven Trends In The Return To Digital Business And Customer Centricity
• Research Summary And Speaker Notes: The Identity Manifesto – Why Identity Is At The Heart of Digital Business
• Monday’s Musings: The Controversy Surrounding Gartner’s CRM Market Share Analysis
• Research Summary: Constellation Cosmos – Cloud Bill of Rights for SaaS Apps, Actian and Netsuite Achieve Epic Status
• Trends: Seven Priorities In The Shift From CMO to Chief Digital Officer
• Monday’s Musings: Understand The Four Organizational Personas Of Disruptive Tech Adoption
• Event Report: The Tweet Stream From #DF12
• Event Report: Dreamforce X (#DF12) Emerges As The South By Southwest (#SXSW) For The Enterprise
• Monday’s Musings: The New Engagement Platform Drives The Shift From Transactions
• News Analysis: KANA Enters MidMarket With Trinicom Acquisition
• Best Practices: From First To Worst – Continental In A Post United World, Lessons In Next Gen Customer Experience
• Monday’s Musings: Seven Basic Privacy Rights Users Should Demand For Social Business
• Monday’s Musings: Balancing The Six S’s In Consumerization Of IT
• Monday’s Musings: A Working Vendor Landscape For Social Business
• Product Review: Google+, Consumerization of IT, and Crossing The Chasm For Enterprise Social Business
• Monday’s Musings: Using MDM To Build A Complete Customer View In A Social Era
• Monday’s Musings: Mastering When and How High End Brands Should Use Daily Deal Sites Such As Groupon
• Best Practices: Applying Social Business Challenges To Social Business Maturity Models
• Research Summary: Software Insider’s Top 25 Posts For 2010
• Best Practices: Five Simple Rules For Social Business
• Research Report: How The Five Pillars Of Consumer Tech Influence Enterprise Innovation
• Research Report: Next Gen B2B and B2C E-Commerce Priorities Reflect Macro Level Trends
• Tuesday’s Tip: Applying The Five Stages Of Adoption Towards SCRM Projects
• Monday’s Musings: Avoiding Failure In Social CRM Projects Requires Ecosystem Coordination
• Research Report: The 18 Use Cases of Social CRM – The New Rules of Relationship Management
• Monday’s Musings: Why Every Social CRM Initiative Needs An MDM Backbone
• Monday’s Musings: 10 Essential Elements For Social Enterprise Apps

Reprints

Reprints can be purchased through Constellation Research, Inc. To request official reprints in PDF format, please contact Sales .

Disclosure

Although we work closely with many mega software vendors, we want you to trust us. For the full disclosure policy, stay tuned for the full client list on the Constellation Research website.

* Not responsible for any factual errors or omissions.  However, happy to correct any errors upon email receipt.

Copyright © 2001 – 2013 R Wang and Insider Associates, LLC All rights reserved.
Contact the Sales team to purchase this report on a a la carte basis or join the Constellation Customer Experience!

Santa gets product through customs…can you?

pending

Guy Courtin was formerly Vice President and Principal Analyst at Constellation Research covering Matrix Commerce and how the Internet of Things drives the evolution of commerce.  Guy has over 15 years experience in the technology space and specifically in the supply chain space. Most recently he was the Vice President of Research at SCM World. Where he focused on the service providers that empowered supply chains. Prior to SCM World, Guy held numerous senior positions. He was responsible for product marketing at RSi, a retail supply chain solution provider. There managed RSi’s go to market strategy around their leading cloud based supply chain solutions. He also spear headed Progress Software’s supply chain group. Where he was responsible for driving revenue and market share as well…...

Read more

First I want to wish happy holidays to everyone and their families and friends. As a child we were told that jolly Saint Nick would come down our chimneys on December 24th and deliver presents to all the good boys and girls. The rotund man dressed in red would be able to canvass the globe only powered by a sleigh pulled by reindeer – and amazingly have 100% on time delivery and usually 100% perfect order (there are still some orders I placed that had substitute products). So how does he accomplish this? He has perfect visibility into the demand (all those letters, emails and texts he receives in the North Pole) as well as his inventory levels. One advantage Santa Claus has is that he is carrying all of the inventory and doing the delivery himself, tiring yes, but he really just needs a routing schedule. This is not as simple for the rest of us.

Visibility is a term that we throw around with reckless abandon, but the goal of visibility remains a centre piece to our supply chain strategies. The ability to gain visibility was a driving theme for the adoption of the cloud in supply chain. There are numerous example s of companies leveraging cloud enabled platforms to provide a richer view of what was happening with suppliers, providing insight into planning cycles, inventory levels, manufacturing capacities, point of sale information just to name a few. Improved visibility really begins with the better communications amongst our disparate systems that power our supply chains. Companies, such as Kinaxis, have developed the concept of a supply chain control tower. The control tower allowing faster visibility into supply chain events: a centralized tool that allows for a greater ability to read and react. Other companies like One Network and E2open been able to leverage the technical advantages of the cloud – greater connectivity, allowing for greater visibility and offering true network effect. Allowing for networks to be seamless created, where information exchange can happen with fewer limitations. At the foundation, it is about improved visibility into the supply chain.

However, one variable when it comes to better supply chain visibility that does not seem to get the attention is around inventory that is held up at ports, airport or any point of exit or entry for trade. In a recent SCM World report, 80% of the respondents agreed that customers and customs problems were impacting customer service in a material way.

So when it comes to gaining improved end to end supply chain visibility, the ability to have  more robust view of what is happening to your inventory at these locations is a key element. According to a calculation done by Kelly Thomas at JDA, at any given moment $12 trillion of inventory is either sitting or moving in the world. The question becomes, how much of this inventory is being delayed due to customs issues or because of not having the proper paperwork? Not only does this impact the movement of inventory but also impacts the positioning of inventory. Firms like Cisco, HP and Dell who have very tight service level agreements (SLAs) when it comes to servicing their customers have to take into account customs when placing their inventories in different parts of the globe. This can lead to having redundant inventory that is geographically close, but separated by a border that leads to custom issues…which could delay the ability to meet their SLAs.

Companies such as Amber Road and GT Nexus provide their customers with the ability to have greater visibility into inventory when it is in this state. Where is it in the process of such stages as clearing exports, or passing import hurdles? This level of visibility is key when it comes to managing the rest of the supply chain. Allowing customers to identify what can be a bottle neck – the points of entry. Gaining this added insight into what is happening where your inventory looks to cross a border clears up on more potential blind spot in your supply chain. Since the movement of global trade is not about to abate any time soon, this blind spot carries tremendous impact on your overall supply chain.

Santa Claus has found a way to move his inventory globally without worrying about it being held up at points of exit or entry. The rest of us still need to find ways for enhanced visibility into these physical choke points in our supply chain. When it comes to visibility, make sure you work with your service provider(s) to identify the granularity and speed at which you can see into where your inventory sits. We are striving to get closer to true end to end visibility, but there remain blind spots that we must be aware of.

Facebook's challenge to the Collection Limitation Principle

Steve Wilson

Former Vice President and Principal Analyst
Constellation Research

Steve Wilson is former VP and Principal Analyst at Constellation Research, leading the business theme Digital Safety and Privacy. His coverage includes digital identity, data protection, data privacy, cryptography, and trust. His advisory services to CIOs, CISOs, CPOs and IT architects include identity product strategy, security practice benchmarking, Privacy by Design (PbD), privacy engineering and Privacy [or Data Protection] Impact Assessments (PIA, DPIA). Coverage Areas: -  Identity management, frameworks & governance-  Digital identity technologies-  Privacy by Design -  Big Data; “Big Privacy”-  Identity & privacy innovation Previous experience: Wilson has worked in ICT innovation, research, development and analysis for over 25 years. With double…...

Read more

Facebook's challenge to the Collection Limitation Principle

An extract from our chapter in the forthcoming Encyclopedia of Social Network Analysis and Mining.

Stephen Wilson, Lockstep Consulting, Sydney, Australia.
Anna Johnston, Salinger Privacy, Sydney, Australia.

Key Points

• Facebook's business practices pose a risk of non-compliance with the Collection Limitation Principle (OECD Privacy Principle No. 1, and corresponding Australian National Privacy Principles NPP 1.1 through 1.4).

• Privacy problems will likely remain while Facebook's business model remains unsettled, for the business is largely based on collecting and creating as much Personal Information as it can, for subsequent and as yet unspecified monetization.

• If an OSN business doesn't know how it is eventually going to make money from Personal Information, then it has a fundamental difficulty with the Collection Limitation principle.

Introduction

Facebook is an Internet and societal phenomenon. Launched in 2004, in just a few years it has claimed a significant proportion of the world's population as regular users, becoming by far the most dominant Online Social Network (OSN). With its success has come a good deal of controversy, especially over privacy. Does Facebook herald a true shift in privacy values? Or, despite occasional reckless revelations, are most users no more promiscuous than they were eight years ago? We argue it's too early to draw conclusions about society as a whole from the OSN experience to date. In fact, under laws that currently stand, many OSNs face a number of compliance risks in dozens of jurisdictions.

Over 80 countries worldwide now have enacted data privacy laws, around half of which are based on privacy principles articulated by the OECD. Amongst these are the Collection Limitation Principle which requires businesses to not gather more Personal Information than they need for the tasks at hand, and the Use Limitation Principle which dictates that Personal Information collected for one purpose not be arbitrarily used for others without consent.
Overt collection, covert collection (including generation) and "innovative" secondary use of Personal Information are the lifeblood of Facebook. While Facebook's founder would have us believe that social mores have changed, a clash with orthodox data privacy laws creates challenges for the OSN business model in general.

This article examines a number of areas of privacy compliance risk for Facebook. We focus on how Facebook collects Personal Information indirectly, through the import of members' email address books for "finding friends", and by photo tagging. Taking Australia's National Privacy Principles from the Privacy Act 1988 (Cth) as our guide, we identify a number of potential breaches of privacy law, and issues that may be generalised across all OECD-based privacy environments.

Terminology

Australian law tends to use the term "Personal Information" rather than "Personally Identifying Information" although they are essentially synonymous for our purposes.

Terms of reference: OECD Privacy Principles and Australian law

The Organisation for Economic Cooperation and Development has articulated eight privacy principles for helping to protect personal information. The OECD principles are as follows:

1. Collection Limitation Principle
2. Data Quality Principle
3. Purpose Specification Principle
4. Use Limitation Principle
5. Security Safeguards Principle
6. Openness Principle
7. Individual Participation Principle
8. Accountability Principle

Of most interest to us here are principles one and four:

• Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

• Use Limitation Principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with [the Purpose Specification] except with the consent of the data subject, or by the authority of law.

At least 89 counties have some sort of data protection legislation in place [Greenleaf, 2012]. Of these, in excess of 30 jurisdictions have derived their particular privacy regulations from the OECD principles. One example is Australia.

We will use Australia's National Privacy Principles NPPs in the Privacy Act 1988 as our terms of reference for analysing some of Facebook's systemic privacy issues. In Australia, Personal Information is defined as: information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Indirect collection of contacts

One of the most significant collections of Personal Information by Facebook is surely the email address book of those members that elect to have the site help "find friends". This facility provides Facebook with a copy of all contacts from the address book of the member's nominated email account. It's the very first thing that a new user is invited to do when they register. Facebook refer to this as "contact import" in the Data Use Policy (accessed 10 August 2012).

"Find friends" is curtly described as "Search your email for friends already on Facebook". A link labelled "Learn more" in fine print leads to the following additional explanation:

• "Facebook won't share the email addresses you import with anyone, but we will store them on your behalf and may use them later to help others search for people or to generate friend suggestions for you and others. Depending on your email provider, addresses from your contacts list and mail folders may be imported. You should only import contacts from accounts you've set up for personal use." [underline added by us].

Without any further elaboration, new users are invited to enter their email address and password if they have a cloud based email account (such as Hotmail, gmail, Yahoo and the like). These types of services have an API through which any third party application can programmatically access the account, after presenting the user name and password.

It is entirely possible that casual users will not fully comprehend what is happening when they opt in to have Facebook "find friends". Further, there is no indication that, by default, imported contact details are shared with everyone. The underlined text in the passage quoted above shows Facebook reserves the right to use imported contacts to make direct approaches to people who might not even be members.

Importing contacts represents an indirect collection by Facebook of Personal Information of others, without their authorisation or even knowledge. The short explanatory information quoted above is not provided to the individuals whose details are imported and therefore does not constitute a Collection Notice. Furthermore, it leaves the door open for Facebook to use imported contacts for other, unspecified purposes. The Data Use Policy imposes no limitations as to how Facebook may make use of imported contacts.

Privacy harms are possible in social networking if members blur the distinction between work and private lives. Recent research has pointed to the risky use of Facebook by young doctors, involving inappropriate discussion of patients [Moubarak et al, 2010]. Even if doctors are discreet in their online chat, we are concerned that they may run foul of the Find Friends feature exposing their connections to named patients. Doctors on Facebook who happen to have patients in their webmail address books can have associations between individuals and their doctors become public. In mental health, sexual health, family planning, substance abuse and similar sensitive fields, naming patients could be catastrophic for them.

While most healthcare professionals may use a specific workplace email account which would not be amenable to contacts import, many allied health professionals, counsellors, specialists and the like run their sole practices as small businesses, and naturally some will use low cost or free cloud-based email services. Note that the substance of a doctor's communications with their patients over webmail is not at issue here. The problem of exposing associations between patients and doctors arises simply from the presence of a name in an address book, even if the email was only ever used for non-clinical purposes such as appointments or marketing.

Photo tagging and biometric facial recognitio

One of Facebook's most "innovative" forms of Personal Information Collection would have to be photo tagging and the creation of biometric facial recognition templates.

Photo tagging and "face matching" has been available in social media for some years now. On photo sharing sites such as Picasa, this technology "lets you organize your photos according to the people in them" in the words of the Picasa help pages. But in more complicated OSN settings, biometrics has enormous potential to both enhance the services on offer and to breach privacy.

In thinking about facial recognition, we start once more with the Collection Principle. Importantly, nothing in the Australian Privacy Act circumscribes the manner of collection; no matter how a data custodian comes to be in possession of Personal Information (being essentially any data about a person whose identity is apparent) they may be deemed to have collected it. When one Facebook member tags another in a photo on the site, then the result is that Facebook has overtly but indirectly collected PI about the tagged person.

Facial recognition technologies are deployed within Facebook to allow its servers to automatically make tag suggestions; in our view this process constitutes a new type of Personal Information Collection, on a potentially vast scale.

Biometric facial recognition works by processing image data to extract certain distinguishing features (like the separation of the eyes, nose, ears and so on) and computing a numerical data set known as a template that is highly specific to the face, though not necessarily unique. Facebook's online help indicates that they create templates from multiple tagged photos; if a user removes a tag from one of their photo, that image is not used in the template.

Facebook subsequently makes tag suggestions when a member views photos of their friends. They explain the process thus:

• "We are able to suggest that your friend tag you in a picture by scanning and comparing your friend's pictures to information we've put together from the other photos you've been tagged in".

So we see that Facebook must be more or less continuously checking images from members' photo albums against its store of facial recognition templates. When a match is detected, a tag suggestion is generated and logged, ready to be displayed next time the member is online.

What concerns us is that the proactive creation of biometric matches constitutes a new type of PI Collection, for Facebook must be attaching names -- even tentatively, as metadata -- to photos. This is a covert and indirect process.

Photos of anonymous strangers are not Personal Information, but metadata that identifies people in those photos most certainly is. Thus facial recognition is converting hitherto anonymous data -- uploaded in the past for personal reasons unrelated to photo tagging let alone covert identification -- into Personal Information.

Facebook limits the ability to tag photos to members who are friends of the target. This is purportedly a privacy enhancing feature, but unfortunately Facebook has nothing in its Data Use Policy to limit the use of the biometric data compiled through tagging. Restricting tagging to friends is likely to actually benefit Facebook for it reduces the number of specious or mischievous tags, and it probably enhances accuracy by having faces identified only by those who know the individuals.

A fundamental clash with the Collection Limitation Principle

In Australian privacy law, as with the OECD framework, the first and foremost privacy principle concerns Collection. Australia's National Privacy Principle NPP 1 requires that an organisation refrain from collecting Personal Information unless (a) there is a clear need to collect that information; (b) the collection is done by fair means, and (c) the individual concerned is made aware of the collection and the reasons for it.

In accordance with the Collection Principle (and others besides), a conventional privacy notice and/or privacy policy must give a full account of what Personal Information an organisation collects (including that which it creates internally) and for what purposes. And herein lies a fundamental challenge for most online social networks.

The core business model of many Online Social Networks is to take advantage of Personal Information, in many and varied ways. From the outset, Facebook founder, Mark Zuckerberg, appears to have been enthusiastic for information built up in his system to be used by others. In 2004, he told a colleague "if you ever need info about anyone at Harvard, just ask" (as reported by Business Insider). Since then, Facebook has experienced a string of privacy controversies, including the "Beacon" sharing feature in 2007, which automatically imported members' activities on external websites and re-posted the information on Facebook for others to see.

Facebook's privacy missteps are characterised by the company using the data it collects in unforeseen and barely disclosed ways. Yet this is surely what Facebook's investors expect the company to be doing: innovating in the commercial exploitation of personal information. The company's huge market valuation derives from a widespread faith in the business community that Facebook will eventually generate huge revenues. An inherent clash with privacy arises from the fact that Facebook is a pure play information company: its only significant asset is the information it holds about its members. There is a market expectation that this asset will be monetized and maximised. Logically, anything that checks the network's flux in Personal Information -- such as the restraints inherent in privacy protection, whether adopted from within or imposed from without -- must affect the company's futures.

Conclusion

Perhaps the toughest privacy dilemma for innovation in commercial Online Social Networking is that these businesses still don't know how they are going to make money from their Personal Information lode. Even if they wanted to, they cannot tell what use they will eventually make of it, and so a fundamental clash with the Collection Limitation Principle remains.

Acknowledgements

An earlier version of this article was originally published by LexisNexis in the Privacy Law Bulletin (2010).

References

Greenleaf G., "Global Data Privacy Laws: 89 Countries, and Accelerating", Privacy Laws & Business International Report, Issue 115, Special Supplement, February 2012 Queen Mary School of Law Legal Studies Research Paper No. 98/2012

Moubarak G., Guiot A. et al "Facebook activity of residents and fellows and its impact on the doctor--patient relationship" J Med Ethics, 15 December 2010

Oracle Acquires Responsys

Constellation Research

J. Bruce Daley is a former vice president and principal analyst at Constellation Research, Inc.  , Title: Big Ideas Age Before Beauty Before there can be a wholesale conversion to the Cloud legacy applications must be converted. This will take decades and not every vendor has taken this obstacle into account when projecting growth. Professional Services Firms Need a Recurring Revenue Model The services business has a lot of advantages but one big disadvantage in that you are always going out of business. Some organizations are using the Cloud to offer clients new ways to spend money than just time-and-materials or fixed price projects. ...

Read more

Adding to its portfolio of CRM solutions, Oracle Corporation (NYSE: ORCL) has entered into an agreement to acquire Responsys (NASDAQ: MKTG),  a cloud-based email and social marketing company to be part of the Oracle Marketing Cloud. Under the terms of the deal Oracle will acquire the company for $27 per share in cash or approximately $1.5 billion, net of Responsys’ cash. This represents a 38% premium over its share price the day before the transaction. In response to the annoucement, Responsys shares climbed to $26.90 in morning trading. Oracle Corp.'s stock added 3 cents to $36.63.

Founded in 1998 to sell software to design, execute and manage email campaigns Responsys launched the industry’s first Cloud email marketing platform. By 2004, with a new management team, Responsys started moving towards engaging customers in an interactive dialogues beyond email. In 2005,  the company introduced the concept of Cross-Channel Lifecycle Marketing. In 2009, the company introduced the Responsys Interact Suite. But it was only in April 2011, Responsys became a public company.

In a press release Oracle stated "By bringing together Responsys and Oracle Eloqua in the Marketing Cloud, for the first time CMOs that support industries with B2C or B2B business models will be equipped to drive exceptional customer experiences across marketing interactions and throughout the customer lifecycle from a single platform"

“As a part of Oracle, we will only accelerate our efforts,” said Dan Springer, CEO, Responsys and former McKinsey consultant. “We couldn’t be more excited about what this means.”

Customers include Ascena, JetBlue, City Sports, Freshpair.com, Barratts, Build.com, Pictage, Epson, Lenovo, and Lufthansa.

This transaction comes on the heels of Salesforce.com's similar acquisition of Exact Target and will make Constant Contact (Nasdaq: CTCT) a more appealing acquistion. This news will fuel venture capital investment in marketing software companies and contribute to the bubble forming around cloud and marketing CRM companies. 

The proposed transaction is subject to Responsys stockholders tendering a majority of the outstanding shares , certain regulatory approvals and other customary closing conditions, and is expected to close in the first half of 2014. 

If this happens (and it is very likely to) it will give existing customers yet another way to innovate around the edges of Oracle Siebel.

My analysis of the FIDO Alliance

Steve Wilson

Former Vice President and Principal Analyst
Constellation Research

Steve Wilson is former VP and Principal Analyst at Constellation Research, leading the business theme Digital Safety and Privacy. His coverage includes digital identity, data protection, data privacy, cryptography, and trust. His advisory services to CIOs, CISOs, CPOs and IT architects include identity product strategy, security practice benchmarking, Privacy by Design (PbD), privacy engineering and Privacy [or Data Protection] Impact Assessments (PIA, DPIA). Coverage Areas: -  Identity management, frameworks & governance-  Digital identity technologies-  Privacy by Design -  Big Data; “Big Privacy”-  Identity & privacy innovation Previous experience: Wilson has worked in ICT innovation, research, development and analysis for over 25 years. With double…...

Read more

I've written a new Constellation Research "Quark" Report on the FIDO Alliance ("Fast Identity Online"), a fresh, fast growing consortium working out protocols and standards to connect authentication endpoints to services.

Download the Quark snapshot

With a degree of clarity that is uncommon in Identity and Access Management (IDAM), FIDO envisages simply "doing for authentication what Ethernet did for networking".

Not quite one year old, 2013, the FIDO Alliance has already grown to nearly 70 members, amongst which are heavyweights like Google, Lenovo, MasterCard, Microsoft and PayPal as well as a dozen biometrics vendors and several global players in the smartcard supply chain.

STOP PRESS! Discover Card joined a few days ago at board level.

FIDO is different. The typical hackneyed IDAM elevator pitch in promises to "fix the password crisis" but usually with unintended impacts on how business is done. Most IDAM initiatives unwittingly convert clear-cut technology problems into open-ended business transformation problems.

In welcome contrast, FIDO's mission is clear cut: it seeks to make strong authentication interoperable between devices and servers. When users have activated FIDO-compliant endpoints, reliable fine-grained information about the state of authentication becomes readily discoverable by any server, which can then make access control decisions according to its own security policy.

FIDO is not about federation; it's not even about "identity"!

With its focus, pragmatism and critical mass, FIDO is justifiably today's go-to authentication industry standards effort.

For more detail, please have a look at "The FIDO Alliance".

Download the Quark snapshot

Siebel Open UI in 3D

Constellation Research

J. Bruce Daley is a former vice president and principal analyst at Constellation Research, Inc.  , Title: Big Ideas Age Before Beauty Before there can be a wholesale conversion to the Cloud legacy applications must be converted. This will take decades and not every vendor has taken this obstacle into account when projecting growth. Professional Services Firms Need a Recurring Revenue Model The services business has a lot of advantages but one big disadvantage in that you are always going out of business. Some organizations are using the Cloud to offer clients new ways to spend money than just time-and-materials or fixed price projects. ...

Read more

In his Siebel Essentials blog, Alexander Hansal continues his exploration of  the Siebel Open UI.

You won't need any anaglyph glasses for viewing Open UI in 3D. All you need is a recent version of Firefox or its 64bit sibling Waterfox and WebGL enabled on your computer.

Siebel Open UI (with applet menu) in Waterfox' 3D inspector.

I recently discovered this while debugging Open UI in Waterfox and it is a great developer aide. Of course it works with any web page as this video shows.

To use the 3D inspector, simply inspect any element on the page and then hit the 3D button on the bottom of the screen.

This post originally appeared in the Siebel Essentials Blog.

Are we ready to properly debate surveillance and privacy?

The cover of Newsweek magazine on 27 July 1970 featured an innocent couple being menaced by cameras and microphones and new technologies like computer punch cards and paper tape. The headline hollered "IS PRIVACY DEAD?".

The same question has been posed every few years ever since.

In 1999, Sun Microsystems boss Scott McNally urged us to "get over" the idea we have "zero privacy"; in 2008, Ed Giorgio from the Office of the US Director of National Intelligence chillingly asserted that "privacy and security are a zero-sum game"; Facebook's Mark Zuckerberg proclaimed in 2010 that privacy was no longer a "social norm". And now the scandal around secret surveillance programs like PRISM and the Five Eyes' related activities looks like another fatal blow to privacy. But the fact that cynics, security zealots and information magnates have been asking the same rhetorical question for over 40 years suggests that the answer is No!

PRISM, as revealed by whistle blower Ed Snowden, is a Top Secret electronic surveillance program of the US National Security Agency (NSA) to monitor communications traversing most of the big Internet properties including, allegedly, Apple, Facebook, Google, Microsoft, Skype, Yahoo and YouTube. Relatedly, intelligence agencies have evidently also been obtaining comprehensive call records from major telephone companies, eavesdropping on international optic fibre cables, and breaking into the cryptography many take for granted online.

In response, forces lined up at tweet speed on both sides of the stereotypical security-privacy divide. The "hawks" say privacy is a luxury in these times of terror, if you've done nothing wrong you have nothing to fear from surveillance, and in any case, much of the citizenry evidently abrogates privacy in the way they take to social networking. On the other side, libertarians claim this indiscriminate surveillance is the stuff of the Stasi, and by destroying civil liberties, we let the terrorists win.

Governments of course are caught in the middle. President Obama defended PRISM on the basis that we cannot have 100% security and 100% privacy. Yet frankly that's an almost trivial proposition. It's motherhood. And it doesn't help to inform any measured response to the law enforcement challenge, for we don't have any tools that would let us design a computer system to an agreed specification in the form of, say "98% Security + 93% Privacy". It's silly to us the language of "balance" when we cannot measure the competing interests objectively.

Politicians say we need a community debate over privacy and national security, and they're right (if not fully conscientious in framing the debate themselves). Are we ready to engage with these issues in earnest? Will libertarians and hawks venture out of their respective corners in good faith, to explore this difficult space?

I suggest one of the difficulties is that all sides tend to confuse privacy for secrecy. They're not the same thing.

Privacy is a state of affairs where those who have Personal Information (PII) about us are constrained in how they use it. In daily life, we have few absolute secrets, but plenty of personal details. Not many people wish to live their lives underground; on the contrary we actually want to be well known by others, so long as they respect what they know about us. Secrecy is a sufficient but not necessary condition for privacy. Robust privacy regulations mandate strict limits on what PII is collected, how it is used and re-used, and how it is shared.

Therefore I am a privacy optimist. Yes, obviously too much PII has broken the banks in cyberspace, yet it is not necessarily the case that any "genie" is "out of the bottle".
If PII falls into someone's hands, privacy and data protection legislation around the world provides strong protection against re-use. For instance, in Australia Google was found to have breached the Privacy Act when its StreetView cars recorded unencrypted Wi-Fi transmissions; the company cooperated in deleting the data concerned. In Europe, Facebook's generation of tag suggestions without consent by biometric processes was ruled unlawful; regulators there forced Facebook to cease facial recognition and delete all old templates.

We might have a better national security debate if we more carefully distinguished privacy and secrecy.

I see no reason why Big Data should not be a legitimate tool for law enforcement. I have myself seen powerful analytical tools used soon after a terrorist attack to search out patterns in call records in the vicinity to reveal suspects. Until now, there has not been the technological capacity to use these tools pro-actively. But with sufficient smarts, raw data and computing power, it is surely a reasonable proposition that - with proper and transparent safeguards in place - population-wide communications metadata can be screened to reveal organised crimes in the making.

A more sophisticated and transparent government position might ask the public to give up a little secrecy in the interests of national security. The debate should not be polarised around the falsehood that security and privacy are at odds. Instead we should be debating and negotiating appropriate controls around selected metadata to enable effective intelligence gathering while precluding unexpected re-use. If (and only if) credible and verifiable safeguards can be maintained to contain the use and re-use of personal communications data, then so can our privacy.

For me the awful thing about PRISM is not that metadata is being mined; it's that we weren't told about it. Good governments should bring the citizenry into their confidence.

Are we prepared to honestly debate some awkward questions?

Has the world really changed in the past 10 years such that surveillance is more necessary now? Should the traditional balances of societal security and individual liberties enshrined in our traditional legal structures be reviewed for a modern world?

Has the Internet really changed the risk landscape, or is it just another communications mechanism? Is the Internet properly accommodated by centuries old constitutions?

How can we have confidence in government authorities to contain their use of communications metadata? Is it possible for trustworthy new safeguards to be designed?

Many years ago, cryptographers adopted a policy of transparency. They have forsaken secret encryption algorithms, so that the maths behind these mission critical mechanisms is exposed to peer review and ongoing scrutiny. Secret algorithms are fragile in the long term because it's only a matter of time before someone exposes them and weakens their effectiveness. Security professionals have a saying: "There is no security in obscurity".

For precisely the same reason, we must not have secret government monitoring programs either. If the case can in fact be made that surveillance is a necessary evil these days, then it would actually be in everyone's interests for governments to run their programs out in the open.

Be the Change you Want to See - Great Future of Work Products Begin with Great Company Culture

Company culture: the secret ingredient in the creation of the industry's leading HRtech products

Future of Work Visionaries panel at Constellation's Connected Enterprise. Four future of work executives share their companies' approaches to producing the industry's most intuitive and innovative HR products.

RSVP now for  Constellation's Connected Enterprise 2014

Event Report: The Atlantic Silicon Valley Summit - Exploring The Culture Of Innovation [VIDEO] #AtlanticSVS

R "Ray" Wang

Principal Analyst and Founder
Constellation Research

R “Ray” Wang is the CEO of Silicon Valley-based Constellation Research Inc. He co-hosts DisrupTV, a weekly enterprise tech and leadership webcast that averages 50,000 views per episode and blogs at www.raywang.org. His ground-breaking best-selling book on digital transformation, Disrupting Digital Business, was published by Harvard Business Review Press in 2015. Ray's new book about Digital Giants and the future of business, titled, Everybody Wants to Rule The World was released in July 2021. Wang is well-quoted and frequently interviewed by media outlets such as the Wall Street Journal, Fox Business, CNBC, Yahoo Finance, Cheddar, and Bloomberg. Short Bio R “Ray” Wang (pronounced WAHNG) is the Founder, Chairman, and Principal Analyst of Silicon Valley-based Constellation Research Inc. He…...

Read more

What’s Next In the Valley?

Silicon Valley has reached the status of international myth, as the promised land of creative thinking and innovation, and the home of leaders who are shaping the way we interact with the physical world. What is it about this place that draws the world’s most forward- reaching minds?  As pockets of innovation spring up across the country – Silicon Alley, Silicon Beach, and Silicon Priarie, for example, how can the Valley maintain its status?

An Inside Look On The Culture Of Innovation From A Historian, A Practitioner, And A Futurist

On December 16th, The Atlantic drew together cutting edge technologists, investors, and digital futurists for its first Silicon Valley Summit: Listening To The Innovators.  Held at the Computer History Museum in Mountain View, CA, the panelists included:

• Leslie Berlin – Project Historian for the Silicon Valley Archives at Stanford University
• Ben Galbraith – VP of Global Products at Walmart Labs
• Marina Gorbis, Executive Director at the Institute for the Future

The panel was challenged with addressing the key pillars of innovation, where other hotspots could take foothold, what is inside the DNA of an innovative organization, and what to expect next in 2014. A few highlights from the event include:

• Identifying key pillars of innovation. The panelists identified audacity, optimism, innovation, culture of no permission, good network, and the constant influx of new people as key pillars.
• Taking Silicon Valley elsewhere. The panelists overwhelmingly thought it was not going to be possible to bring the valley elsewhere.  The valley itself is a unique culture.  However, they believed that areas such as Silicon Alley, Silicon Beach, Silicon Prairie, and Silicon Roundabout could build their own nexus of innovation.
• Ensuring future access to Silicon Valley. The panelists also felt that it was important to provide access to the innovation in Silicon Valley to the rest of the world.

 
Video: The Atlantic Live – Exploring The Culture Of Innovation

Exploring the Culture of Innovation from The Atlantic

Reprints

Reprints can be purchased through Constellation Research, Inc. To request official reprints in PDF format, please contact Sales .

Disclosure

Although we work closely with many mega software vendors, we want you to trust us. For the full disclosure policy, stay tuned for the full client list on the Constellation Research website.

* Not responsible for any factual errors or omissions.  However, happy to correct any errors upon email receipt.

Copyright © 2001 – 2013 R Wang and Insider Associates, LLC All rights reserved.
Contact the Sales team to purchase this report on a a la carte basis or join the Constellation Customer Experience!

Social Communities Spur Innovative Customer Support

Constellation Orbits
Constellation Research, Inc.

Elizabeth is a well-recognized industry-leading analyst. She was previously Vice President and Principal Analyst at Constellation Research.  Prior to Constellation, Elizabeth spent eleven years at Forrester Research as vice president and principal analyst.  She has managed large consulting projects for business and government organizations and provides technical insight and guidance to business and government organizations on their communication issues. Prior to her role as an industry analyst with Communication Initiatives and Forrester Research, Elizabeth held senior management positions with IBM, ROLM and Siemens ICN where she was a senior manager for strategic planning and alliances. Expertise Elizabeth’s expertise includes in-depth knowledge of unified communications,…...

Read more

As customer support managers plan for the upcoming year, one area I suggest for consideration is to create an online customer community for product support.  During the last year, a sizeable number of organizations have discovered the many benefits for building an online community to better serve their customers and partners. Online communities reduce support costs and improve response times by accessing the collective intelligence of its members and deflecting support calls.  Brands that have created online communities find they offer technical support to customers over a shared content management system and direct input from peers with knowledge of their product.  Crowdsourcing promotes faster problem resolution and transparent engagement. Additional benefits for online customer support communities include providing a forum for customers to share opinions, find information and give and receive advice. 

It is easy for members to become involved, as communities support interactive content, such as blog posts and, chat sessions. Communities attract self-directed individuals who want a trustworthy resource for problem solving.  Several innovative customer support communities use gamification techniques to encourage members to become active and continue their participation.  Gamification offers recognition and rewards to members based on their degree of contribution in the community.  For example, members may earn badges or honorary titles that reflect their status as active supporters.

Communities are self-directed but require brands oversee the content to ensure its integrity.   Costs for community development and management are offset by fewer assisted transactions, improved customer satisfaction and new sales revenues. 

Online Communities Offer Amazing Customer Care

Download the report snapshot