| October 18, 1999 Secretary Online Profiling Project -- Comment, P994809 / Docket No. 990811219-9219-01 Comments submitted by: Chris Hankin, Director of Government Affairs NCR is a world leader in data warehousing solutions, and in particular in the new software technologies designed to assist in customer relationship management (CRM). Inasmuch as NCR Corporation is not directly involved in the online profiling, our comments are related to questions 5 and 8 which raise the issue of merging database information to better identify and communicate with customers, and whether this is good or bad for consumers. Data base protection and data base privacy technologies are matters in which NCR is very directly involved and, therefore, some comments in this regard will hopefully be of value to the Department of Commerce and the Commission. Use of the data warehouse is emerging as a key tool in improving the efficiency of both customer acquisition and customer retention. In marketing, this includes the growing use of CRM to attain increased consumer trust and greater consumer loyalty through more up-front buy-in. This trend manifests itself via the growing use of such techniques as "permission marketing", "one-to-one marketing", and "value exchange" with the consumer. As such, the use of data warehousing is changing rapidly and significantly. Whereas in the past the data warehouse has been primarily used for back-office after-the-event analysis, usually called decision support, it is increasingly used for more customer-centric purposes. The technologies being developed and deployed combine databases to attain important customer intelligence based on the capture and mining of data from both internal and external sources. This can, and normally will, involve both anonymous information as well as personally identifiable information. And oftentimes this will include information derived from Internet click stream data. As the META Group recently wrote, "Data mining-enabled analytical CRM packages addressing data enrichment are already entering the market (e.g., IBM DecisionEdge, NCR Relationship Optimizer, Norkom Technologies Alchemist, Quadstone Transactionhouse, SAS Institute CRM, SLP InfoWare Retain/CPS) and already have a proven track record. By 1999/2000, these analytical CRM packages will also integrate third-party data sources from the Web to open the deluge of Web click-stream data for customer intelligence (i.e., profiling, scoring, and segmenting)." We see this as the beginning of a shift in e-commerce away from technology for information, and towards technology for relationships. What we call relationship technologies. The real competitive advantage in the future of e-commerce, we think, will be in harnessing the value of the corporate interactions with consumers, even click streams, and using it to create and sustain relationships in the e-commerce space. NCR terms this opportunity as the opportunity for "transforming transactions into relationships." By no means is this "bad news" for the consumers. To the contrary, allowing companies to better know their customers will enable these companies to offer the right products to the right customers, for less cost, and with greater speed and convenience. Some would argue that the aggregation of a consumer's transaction data could also lead to greater invasion of privacy. But it need not. Indeed, it should not, for consumers that think that their personal information will be abused or misused, will not provide it. Companies therefore have strong incentive not to abuse personal data -- it would destroy the relationship and cost them the customer. In fact, protection of personal data is, in our estimation, the customer requirement most likely to shape the e-commerce landscape in the future. Companies that deliver on this requirement will prosper; companies that don't will fade. The challenge for NCR and other providers of relationship technologies is to provide solutions that, simultaneously, enable vendors to provide customized, personal service to their customers and empower their customers to control the use and accuracy of their personal data. Can this be done? In the data warehouse, we think so, and we have made doing so a strategic initiative for our company. Today, relational databases provide the ability to set up different "views" into the same set of base data, and to establish a specific security level for each view. Different applications and users can then be granted different views into the data. This mechanism can be leveraged in a data warehouse environment to both restrict access to personal data (security), and to enforce "opt-out" (or "opt-in") controls on the use of personal data (choice). A new development in database technology is to collect all information about the data subject in a single repository of metadata that results in a consistent and up-to-date depiction of the data warehouse to all applications. The metadata repository can then be used as a means of enforcing database views and their associated privacy rules on all applications. At a minimum, views can be set up to restrict access to personal data fields by routine users or applications, secondly to make personal data anonymous for analytic applications, and third to prevent access to records relating to opted-out customers to any user or application involved in the relevant activities. As the e-commerce marketplace matures, we can envision growing demand for greater and more sophisticated levels of consumer choice. Our recent surveys, both in Europe and here in the U.S., indicate that consumers not only accept the idea of choice over the use of their data -- deciding when to trade information for value -- they indeed often prefer it (please see attached press release). In other words, anonymity is an option, but not necessarily the preferred option of consumers who are properly afforded notice and choice. Further, consumer access can also be accommodated via the data warehouse. NCR has recently announced that it is developing a Privacy Consumer Access Interface. This is a software product that allows companies to provide their customers with access to their personal data stored in the data warehouse. They can review the information that is being stored about them, the choices they have made relative to privacy, ensure its accuracy, and be able to request corrections. Finally, audit and logging capabilities can be ensured. Access and use of the personal data -- internally or by affiliates or third parties -- can be documented for future reference to audit and ensure that customer preferences and corporate privacy policies have been upheld. |