October 1, 2011
It has been a few years since Forrester delved deeply into the issues surrounding consumer privacy, and in that time, an awful lot has changed:
- Facebook Connect, Google ID, Yahoo Identity, and Sign In With Twitter have emerged as a whole new way of being recognized across a myriad of websites across the Net. As little as a decade ago, most adults online couldn’t have imagined the convenience of single sign-on.
- At the same time, data capture methods have not only proliferated, they’ve become exceptionally sophisticated. Tactics like Flash-based cookies and deep packet sniffing surreptitiously collect behavioral data about online consumers, while loyalty and membership cards provide more insight into consumers’ purchasing habits at the line item level than ever before.
- All that extra data is hard to protect without big changes to governance policies and technology stacks, and when data breaches happen, they're public and ugly.
- Finally, legislators have forged ahead with regulations to protect consumer data. Europe's answer is the Data Protection Directive – a regulatory framework that governs the capture, management and use of consumer data, while in the US, congressional leaders, egged on by consumer advocacy groups, are introducing bills designed to limit data capture and to provide remediation in cases of data and security breach.
In the face of all these changes — and the panoply of changes yet to come — a new model of consumer data management is necessary. Some advocacy groups and academics are calling for a concept called vendor relationship management (VRM). Think of this as CRM turned on its ear: traditional push models of marketing go away entirely as consumers manage the relationship with vendors and marketers. But advertising is a $300B business in the US — the global market is even greater — and it’s not feasible for that entire industry to simply disappear overnight.
A model is needed that is mutually beneficial for both marketers and consumers, and we think we’ve identified it. We call it personal identity management (PIDM) and define it as:
The rules, standards and processes by which individuals and organizations manage, use, and share personal data and identity with other individuals and organizations.
With PIDM, consumers decide what data they’re willing to share and with whom. Marketers who want access will need to a) explain in clear, straightforward language what they’re going to do with consumers’ data; b) protect, be accountable for, and be respectful of that data; and most importantly c) provide value and/or convenience for consumers who agree to share data.
I encourage you to read my recent report, "Personal Identity Management: Preparing For A World of Consumer-Managed Data," and weigh into the discussion either here or on our message boards. PIDM represents a seminal change in how marketers and consumers build relationships and communicate with one another, and I look forward to hearing your opinions.