Category Archives: Marketing and sales execution

Three Reasons Sales Forecasts Don’t Match Results

“Our sales results never match what’s forecast!” As the saying goes, “if I received a dollar every time I heard this complaint, I’d be contentedly fly fishing in a remote river right now, untethered from the grid.”

Inflated expectations? First, we need to understand what match means in the context of forecasting. If match means equals – as some people believe – we only need one reason: because it’s a forecast. Trying to get sales forecasts to hit actual revenue bang-on is a fool’s errand.

And accuracy might not be as valuable as you think. If I have a customer who reliably places an order for 100 units every month, I can forecast that amount, and – assuming the order is received – my forecast will be 100% accurate. Strange as it sounds, a lot of purchasing is just that way: steady, predictable, consistent.  What is the value of that forecast to my company? Minimal, because they already know it’s coming and they have planned production, personnel, and materials accordingly.

Accurate as it is, there’s little value in my forecast because there’s no intelligence behind it, and little possibility of variability. If you and I are standing in the middle of a nascent hurricane, would there be value to you if I said, “over the next 24 hours, we’re going to experience heavy rain.”? I’d be accurate as all get out, but my statement wouldn’t be particularly valuable. Yet, companies encourage salespeople and their managers to indulge in similar forecast gaming by penalizing them for “inaccurate” forecasts, and rewarding them for playing things safe, and predicting revenue only when it’s solidly assured. This discourages probabilistic thinking and situational awareness – two essential competencies for salespeople today. And vital for planners.

On the other hand, if match means in the ballpark, then companies need to specify what that means in terms of variance, because an acceptable variance for one company might not be acceptable for another. And acceptable variance might change for a given company, depending on market conditions and other forces.

In sales, there are three reasons for forecast variances (defined as the delta between expected results and actual, usually in terms of revenue or unit volume):

  1. Sales forecasts are projections dependent on human decisions, which are exceedingly difficult to predict. That’s true with just one decision maker. And when there are multiple decision makers – for example, with buyer committees or additional levels of approval – forecast complexity skyrockets, often defying intuition and mathematical prediction.
  2. [Stuff] happens – though most sales managers are loathe to admit it. Across a broad spectrum of situations, unanticipated events occur with such frequency that there is vernacular for them: Black Swans. In forecasting, salespeople and their managers seldom allow for them, and they include such things as supply chain interruptions, buyouts, executive defections, sudden strategy changes, and reallocation of project funding.  These are frequently catastrophic deal-killing events, and they are out of the salesperson’s control. Every forecast must consider these possibilities and more, and account for them.
  3. Senior management injects biases. Sales managers commonly demand that their reps carry “healthy” revenue pipelines, and they stigmatize their reps as “low performers” if they don’t project revenue that’s congruent with quota. The result: forecast candor is systemically discouraged, while forecast inflation gets rewarded with a pat on the back.

Sales VP’s often tell me that forecast variances result from sales reps who are “overly-optimistic.” That’s often partly to blame. Optimism can cloud situational awareness, which creates volatility – the bane of CFO’s and production planners. But there are many other risks that come into play, and it’s incumbent on managers to know what they are.

My next article will cover what makes a sales forecast high quality.

Considering a Career in Sales? Find Something Different!

“Do you know what a sales interview is?” a friend of mine quipped. “It’s one person lying about the future, talking to another lying about the past.” My friend knew his joke contained truth. Newly retired from B2B sales, he wasn’t sanguine about the future of the profession. As we chatted over lunch, I added a few of my own anecdotes and observations. It was a lively talk. No need for alcohol.

Selling ain’t what it used to be. It’s possible that my friend stowed his sales bag for the last time because he was burned out. Though, at age 61, it was probably the right time to get off the bricks. The rest of that afternoon and into the next day, I thought about what he shared with me. I ruminated on the meaning of his dark joke. I considered how I might respond if a young person sought my advice about whether to pursue a sales career. The assessment that followed my introspection did not come easily, but here it is: look elsewhere. Today, there are better choices.

When I began my business career in the early 1980’s, things were different. Salespeople were respected. While most of us toiled in offices with a boss sitting nearby, salespeople had autonomy. They worked variable hours. They dressed well, and from all appearances, they lived well, too. At many companies, salespeople could expect higher-than-average income, often garnering better pay than managers. At a time when level of education predicted lifetime earnings, selling careers flamboyantly defied the calculus. A salesperson’s earning ability depended more on his or her motivation, tenacity, and street smarts than having a college degree. It still does.

At the manufacturing company where I worked my first job out of college, you could easily identify the cars that belonged to the salesmen (the company had no female sales reps): big, new, four-door, and well-appointed. A sales rep’s car did not just provide transportation, it proclaimed success. An important message for customers and coworkers to hear.

As the company’s IT Manager, I had nebulous goals. But the salesmen were measured on one thing –  revenue production. And they were paid accordingly. No mealy objectives, no ambiguity, and no boss holding sole power to dictate next year’s income. If salespeople felt anxiety about their compensation at risk, their job perks and upside income potential eased the pain. For these reasons and others, I too became drawn to a sales career.

When I was hired for my first sales job in the 1980’s, Marketing Representative was a common title for entry-level salespeople. Dale Carnegie, Zig Ziglar, and Brian Tracy were popular role models. I read their books, and listened to their tapes on the way to sales calls. Their messages brimmed with optimism, and were consistently inspiring. “Success is getting what you want . . . Happiness is wanting what you get,” Dale Carnegie wrote.

I learned that great power came from an unwavering belief in yourself. Good stuff. Today, those messages can still be heard, but they’re muted beneath the torrent of condescension and humiliation that spills unabated into my newsfeeds. Mislabeled as coaching and tips for self-improvement, today’s writing upbraids the rank-and-file. It carries titles like Salespeople – Shut up and listen!, and Salespeople Can’t Sell Anymore . General Patton would be proud.

What happened? The sales profession has lost its allure. Technological, economic, and social forces have combined to erode many of the once-valuable tasks that sales professionals provided. None have been profound than Artificial Intelligence (AI), data warehousing and distributed information systems, and investor demands to increase profits.

AI: AI has displaced thousands of repetitive, tedious sales tasks, and enables buyer self-service. Lead qualification and content fulfillment, once large drains on selling time, can now be performed better, faster, and cheaper by using algorithms.

Data Warehousing and distributed information systems: The ubiquity of customer information has allowed companies to knock down the massive walls that once surrounded the sales organization. Today, almost any employee can make rain, or generate revenue. In departments as disparate as customer support, maintenance, and route delivery and logistics, employees can take an order, recommend upgrade services, sell new products, and make other changes without referring customers to a “sales desk,” or an assigned salesperson.

Investor demands to increase profits: Spending excess has always been a popular target for the CFO’s scalpel, and sales operations contain conspicuous fat. Peeling back the covers on Sales, General & Administrative expenses reveals copious spending hiding in plain sight. Cutting high sales salaries, generous incentive pay, over-the-top benefits, Quota Club, annual golf outings, and season tickets at sports events, quickly gains approval from investors. “Think about it: If you have to ply your clients with gifts or meals to get them to do business with your firm, then your product  probably isn’t worth its price,” Andy Kessler wrote in The Wall Street Journal this month (The Expense-Account Racket, December 4, 2017).

Young people will find sales and business development careers less promising than when I started out. Some key issues:

Money. Meh. Commonly used as a recruiting tool, the promise of high income for salespeople is often illusory. A chunk of annual comp is “at risk,” which means what’s actually earned might be less than what’s projected (recall my friend’s joke at the beginning of this article).

The University of Virginia McIntire School of Commerce Destinations Report for 2017 reported average total compensation for its newly-minted grads who accepted sales and sales management jobs: $61,300. Tepid, compared to other business disciplines listed in the report. Among McIntire grads, the best coin goes to investment bankers, who were rewarded with a list-topping average annual comp of $115,000. Finance holds the #2 spot, at $90,294. (The average starting pay for 2017 undergraduates across all categories is around $50,000, according to Money magazine.)

Career path. You might think I’m mansplaining, but I’m not. There are two well-established trails:

  1. Revenue you produce meets or exceeds quota – keep your job
  2. Revenue you produce is less than quota – get fired.

If you crave living in northern reaches of the corporate org chart, the likelier route to get there goes through finance. “About 30 percent of Fortune 500 CEOs spent the first few years of their careers developing a strong foundation in finance. This is by far the most common early experience of today’s CEOs,” according to an article in Forbes.

Autonomy. Thanks to CRM software and advanced analytics, selling has become the most scrutinized, measured, and micro-managed business activity. “Drive higher quota attainment across your entire sales team by recording, transcribing, and analyzing their sales conversations,” one product website says. Some reps might welcome the assist. But I question the reasons. If a sales rep or manager needs software and spreadsheets to learn how customers perceive his or her words, or if they struggle to recognize positive things to say, maybe they’re in the wrong job. Or, maybe management simply doesn’t trust them to have adequate judgement.

Culture. A sales organization’s mission is to produce revenue, and its activities are aimed toward that goal. That’s a good thing if you don’t mind thinking about money above all else. But if you’re moved by more than how much business you will close this quarter, or the gross income figure on your W-2, that can become stultifying. Further, employers are often conflicted about sales. Sales VP’s expect reps to open accounts and build customer relationships, but they feel threatened when customers become more loyal to a sales rep than to the company. Hiring managers promise high income, but ratchet it back when they feel reps earn “too much.” It’s a power game, and companies try to maintain hegemony. As one district sales manager I worked with described it to me, “My ideal rep is a young guy with a stay-at-home wife, a mortgage, a baby, and another one on the way.” I’ve heard similar sentiment from others. A rep in a consumption trap can be controlled.

Goal conflict. Almost every sales position faces this problem, and it can be gut-wrenching to navigate. “Above all, make your number!” versus “Serve our customers!” It’s hard to keep two masters happy. But companies put their reps in a moral vise when they tie job security and pay to revenue results.

I don’t mean to imply that sales experience isn’t worth having. In fact, hands down, nothing prepares a young person better for success than gaining the rare combination of skills needed for converting prospects into buyers. This knowledge transfers to every business discipline, and provides understanding for how an enterprise achieves its central mission: acquiring – and keeping – customers.

You can’t learn any of it in a college classroom, and no other business experience provides a person anything more useful. People who have sales background understand not only that revenue doesn’t roll in on its own, they know the nitty gritty details of face-to-face selling. If you can get the opportunity to sell door-to-door, work as a sales intern, or have another sales experience, take it!  And if the work pleases you, stay with it. But keep your options open. There are other careers that are possibly more rewarding, and they can also benefit from your energy, effort, and passion.

From accounting to zoology, every career has its unique set of warts. Those that sully professional selling are no better or worse than any others. But whatever career you choose, make sure the warts that exist are warts you can live with. And as many in sales have learned, stay vigilant, because new ones grow all the time.

“Today, it is estimated there are anywhere from twenty thousand to forty thousand distinct occupations in the United States,” writes Robert Moor in his book, On Trails. “Rapid changes in technology, culture, education, politics, trade, and transportation have combined to allow people access to an array of lifestyles that was previously unthinkable. In the aggregate, this is a positive development, proof that our life’s paths are evolving to meet our varied desires. But a side effect of this shift – halting, gradual, and unevenly distributed as it may be – is that life’s options continue to abound until they overwhelm . . . Collectively we shape [life’s pathways], but individually they shape us. So we must choose our paths wisely.”

A Future Without Secrets? Why We Need Ethical Data Governance

 

Do You Want to Know a Secret? 

When the Beatles released this song in 1963, the world was different. Less frantic, and in many ways, blissfully naïve.

Listen/ Do you want to know a secret/Do you promise not to tell?, whoa oh, oh

Let me whisper in your ear/ Say the words you long to hear/ I’m in love with you!

Fifty years of social progress has obviated the need for partners to wax poetic. In 2014, Good2Go, an iPhone application, was launched to help people bypass romance and jump to a lascivious endgame. Shortly afterward, Apple kicked Good2Go off its platform, citing application guidelines that prohibit objectionable or crude content. There were few protests, because it turns out, Good2Go wasn’t a hit with customers, either. Among the comments: “Even scarier than talking about sex,” and “worse than nothing.”

No secrets, and no promises not to tell. When it was originally released, Good2Go required users to provide the name of their partner du jour, time consent was given, and each person’s state of sobriety. The ostensible purpose for creating Good2Go was to help people document encounters before things got steamy, should there be allegations of impropriety later on.

But once the data was captured, what did the company intend to do with it? I don’t know, exactly. One thing’s for certain: it wasn’t just going to sit there, un-analyzed, or un-shared.

By pressing Submit, key data about the hookup breezed into the cloud. No strings attached, just like the liaison. Good2Go offered a curt privacy disclaimer: “We may not be able to control how your personal information is treated, transferred, or used.” Paul McCartney, step aside! There’s nothing like legal fine print to stoke the fires of passion.

If you’re a control freak about your personal information, some free advice: chuck your computer and iPhone immediately, and get off the grid. Wait about 20 years. After that, there will be no secrets. Personal privacy will be quaint anachronism, and everyone will be part of a scandal. One upside: nobody will care.

Whenever we give up personal details – whether online, over the phone, or on paper – the best we can hope for is that the custodians of our data will behave ethically, and take adequate measures to conceal our information from those who might abuse it. Recently, the Equifax data hack made it clear those are dangerous assumptions. The company’s massive databases contained millions of individual social security numbers, birth dates, driver’s license numbers and credit scores, but Equifax executives didn’t give a tinker’s damn whether consumers were protected.

The company squandered opportunities to prevent outsiders from hacking into this sensitive information, allowing 143 million private records to fall into nefarious hands. “The Equifax hacks are a case study in why we need better data breach laws . . . Equifax handled a disastrous hack poorly. But the core of their behavior isn’t unusual,” read a headline on Vox, an online media website.

Breaches happen more than most people know. Your right to be informed depends on where you live. “The clamor for a standardized data breach notification requirement has become almost as quotidian as a data breach itself. Companies no longer wonder whether they will ever have to notify consumers of a breach but rather when they will do so. Incident response planning, however, is currently complicated by the existence of 47 different state breach notification laws and those of additional jurisdictions such as D.C., New York City, Puerto Rico, Guam and the Virgin Islands. The variety is no doubt confusing and increases the compliance costs for companies,” according to another article, Examining the President’s Proposed National Data Breach Notification Standard Against Existing Legislation.

That article was written in 2015, when Obama was president, and before the government stopped caring about protecting consumers. With Trump in office, don’t hold your breath waiting for this initiative. In the meantime, if you want to navigate the thicket of data breach notification laws state-by-state, click here. Please remind me who has information power: Consumers – or the companies that use their data? I keep forgetting.

Sometimes, a company has good reasons to delay disclosure about a data breach. For example, a forensic investigation might require secrecy. Or, a company might need to learn the full extent of a breach before sharing information with customers. But proving malfeasance can be difficult. Equifax hasn’t disclosed exactly why it waited weeks to inform customers about the breach, but during that time, its senior executives sold millions of dollars of Equifax stock. A company spokesperson told The Washington Post that at the time, the company’s executives had no knowledge of the breach.

“No knowledge” . . . of 143 million stolen records . . . That sounds far-fetched to me, too. The hacking and the timing of the stock sale brought Equifax CEO Richard F. Smith in front of Elizabeth Warren for a Senate hearing. He had some ‘splaining to do, and he didn’t project well in front of the cameras. In characteristic fashion, Senator Warren emasculated him the same way she did Wells Fargo CEO John Stumpf. In a company press release from September 7, after the breach was publicly disclosed, Smith said, “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.” I believe the second part of that sentence, but I’m calling BS on the first.

Personal privacy faces unprecedented threats. In the digital era, almost everything we do leaves a trail of recorded transactions and events that is harvested and maintained. After it’s released into the cloud, it’s hard to know who – or what – controls it. As a result, we have far less control over our data privacy than we did 30 years ago, when smaller amounts of our data were housed in cumbersome silos. But the silos came down, along with the cost of storing data. Most significantly, companies have developed sophisticated tools and algorithms to systematically exploit it. As a result, corporations and government agencies have steadily gained hegemony over our data and our privacy. Today, they control five powerful variables that profoundly affect our privacy: capture, use, retention, protection, and ownership of consumer data.

Capture: Though we might not be aware, we routinely give up a mother lode of personal details every second through our mobile phones, wearable sensors, and the IoT (Internet of Things). Even more digital exhaust gets captured and recorded through devices like Amazon’s Alexa and Google Home, which are at their core, eavesdropping devices. But for now, I’ve stopped fussing because doing so compares to peeing into the wind. Nobody wants to give up the latest digital gadgetry, and or to suffer the indignities of not having “personalized experiences.” I concede that the data capture pig has permanently left his pen. He has grown too strong to restrain, too fat to ever fit back through the gate.

From here, I’ll focus on manageable issues:

Use: Companies can – and should – be held accountable for how they use personal information. “Compliance with federal and state laws” does not absolve them from providing responsible governance and strong consumer protection.

Retention: How long should companies keep personal data? Do customers have a right to be forgotten, as the General Data Protection Regulation (GDPR) laws in Europe (pending May, 2018) will enable? What should companies disclose to consumers? And is it ethical for companies to charge customers for deleting personal information? These not-hypothetical questions were at the center of the Ashley Madison hacking case, in which the company assessed its customers a fee for expunging their personal data. Rather than deleting the data as promised, Ashley Madison simply changed the record status to “inactive,” and moved the files to a backend server. Those records were stolen in the hack, along with the active ones.

Protection: As data has increased in value, it has become a more attractive target for theft. The threats are significant and omnipresent. But regulation and corporate risk mitigation measures such as cyber-security haven’t kept pace. The nine largest consumer data hacks leading up to Equifax in 2017 illustrate the outcomes when companies are lackadaisical about data security. The direct costs are substantial, the indirect costs incalculable.

Ownership: The question of data ownership is central to preserving consumer privacy. But sometimes, provenance and ownership are difficult to track. Further, Terms of Service statements aren’t explicit, and once consumers have created data, they rarely control it. And since data can be copied, sold, and repackaged, and re-sold, custodianship and responsibilities for protecting consumer data becomes a murky issue. Yet, privacy preservation in the digital age demands clarity over this basic matter.

The road ahead. “The increased amount of and use of data calls into questions pressing issues of fairness, responsibility and accountability, and whether existing legislation is fit to safeguard against harm to an individual or group’s privacy, welfare or physical safety,” according to the Open Data Institute’s September 13, 2017 report, Ethical Data Handling. Public safety should not be taken for granted, and the benevolence of government never assumed. As I wrote in an article, The Dark Side of Online Lead Generation, companies routinely use data to exploit the most vulnerable consumers – who can also be the most profitable. 

Access to consumer information confers an obligation on an organization to

1. be transparent about ownership,

2. control how the data is used,

3. ensure the data is protected from unintended use, and

4. ensure that consumers will not be harmed.

This is a monumental order. Why would any company voluntarily sign up? Because it’s the ethical, customer-centric thing to do. But there are self-serving advantages, too: First, without adopting constraints, businesses will undermine their revenue generation efforts. Ethical data governance enables trust. Second, companies that demonstrate strong data governance will achieve competitive advantages over ones that are sloppy and uncaring.

To create good privacy outcomes for customers, executives must answer five data-governance questions:

  1. Does our use of the data reflect consumer preferences?
  2. Is our intended use for this data ethical?
  3. Is our intended use fair and respectful to our customers and prospects?
  4. Have our customers been provided any control over how their data is collected, stored, and used?
  5. Is our organization appropriately transparent about our intentions, policies, and safeguards?

The as-is state, circa October, 2017. A passage extracted from a privacy statement that just landed on my desk serves as a shiny emblem for how far we need to go with data governance:

“To protect your personal information from unauthorized access and use, we use security measures that comply with federal and state laws. These measures include computer safeguards and secured files and buildings. We limit access to your information to those who need it to do their job.”

These strictures, if you want to call them that, offer no solace to the wary.

When a company captures or requests information from customers, they should reveal,

  1. what data is being collected
  2. the entity or company that owns the data
  3. who has access to that data
  4. specifics regarding how the data will be used
  5. existing internal measures that protect confidentiality
  6. whether the data will be shared with third parties, which ones, and for what purpose(s)
  7. the length of time that data will be retained
  8. customer rights for data erasure and/or amendment
  9. where to go within the organization for redress of consumer issues regarding data
  10. the federal, state, and local laws that govern the company’s use of that data

“Business data is everything. Protect it well,” reads a full-page ad for Carbonite, a data security company. In previous articles, I have complained about companies trivializing C-Level roles (do companies really need Chief Listening Officers?). But the tocsin that just sounded from the Equifax hack tells us that it’s past time to give Data Governance a chair in the C-Suite. (Note: the GDPR laws mandate certain companies assign a Data Protection Officer or DPO.) Should a new position be created, CDGO, Chief Data Governance Officer? I’ll make the case in a future article.

A regulated market? “A regulated national information market could allow personal information to be bought and sold, conferring on the seller the right to determine how much information is divulged,” Kenneth Laudon of New York University wrote in a 1996 article titled Markets and Privacy. He was ahead of his time. “More recently, the World Economic Forum proposed the concept of a data bank account. A person’s data, it suggested should ‘reside in an account where it would be controlled, managed, exchanged and accounted for.’ The idea seems elegant, but neither a market nor data accounts have materialized yet,” according to The Economist (Fuel of the Future, May 6, 2017).

Ethical data governance: the way forward. A white paper, Guiding Principles for the Ethical Use of Data   by Jennifer Glasgow and Sheila Colclasure, offers a clear case for corporate data governance: “As in any relationship, business or otherwise, trust needs to be earned, sustained and nurtured over time. To succeed in the long run brands, have to first be accountable. Therefore, a common understanding of what it means to act ethically with consumer data is required. Without a common set of rules or proper governance, it’s unrealistic to assume brands across a vast marketplace can meet this expectation and maintain the trust of the consumers they serve over time.”

Sounds like common sense. Why then, do so many companies choose a riskier, ethically-shaky path? Greed? Naivete? Stupidity? Lack of will? It’s hard to say, exactly.

Listen/ Do you want to know a secret/ Do you promise not to tell?

Ethical data governance will help companies fulfill this critically important consumer expectation.

Author’s note: To read the previous articles in this series about data privacy and risk, please click the links below:

In the Digital Revolution, Customers Have Nothing to Lose But Their Privacy 

Companies That Abuse Consumer Privacy Might Feel Their Fury – Again

Companies That Abuse Privacy Might Feel Consumer Fury – Again

The company Ashley Madison offers an audacious capability: extramarital affairs.  “Ashley Madison is the most famous name in infidelity and married dating,” proclaimed the company’s marketing pitch in 2015. “Have an Affair today on Ashley Madison. Thousands of cheating wives and cheating husbands signup everyday [sic] looking for an affair . . . With Our affair guarantee package we guarantee you will find the perfect affair partner.”

A great value prop for those seeking such experiences – until July of that year, when hackers broke into the company’s data files.  The thieves coined a name for themselves, The Impact Team. A modest appellation, considering the extensive collateral damage their activities produced.

Mission accomplished. The Impact Team’s cyber-haul included 25 gigabytes of profiles describing the people who signed up for Ashley Madison’s services. Many records included email addresses ending with .gov and .mil (the domain extensions for the US government and Department of Defense, respectively), which stoked curiosity, to put it mildly. Had the hackers compromised the US nuclear launch codes, there would have been less panic in Washington.

But unlike most hackers, The Impact Team was motivated by more than extracting ransom. Impact Team ostensibly wanted to preserve morality, citing that the reason for the hacking was Ashley Madison’s facilitation of marital infidelity. Another website, EstablishedMen, was also targeted. Both are owed by parent company Avid Life Media (ALM), which rebranded as Rubylife in July, 2016. “Too bad for those men, they’re cheating dirtbags [sic] and deserve no such discretion,” the hackers wrote. The Impact Team threatened to expose the identities of Ashley Madison’s customers if ALM did not shut down the websites.

There was more. The hackers complained that although ALM charged users $19 to delete personal data from the Ashley Madison website, the company did not fulfill its promise – not fully, anyway. Instead, ALM simply relocated the “deleted” records to its backend servers. “Too bad for ALM, you promised secrecy but didn’t deliver,” the hackers said. Clearly, the hackers feel that philanderers deserve honest treatment from vendors.

Despite getting caught with their cyber-drawers down, “Avid Life Media defiantly ignored the warnings and kept both sites online [Ashley Madison and EstablishedMen] after the breach, promising customers that it had increased the security of its networks. That wouldn’t matter for the customers whose data had already been taken. Any increased security would be too little too late for them. Now [those customers] face the greatest fallout from the breach: public embarrassment, the wrath of angry partners who may have been victims of their cheating, possible blackmail and potential fraud from anyone who may now use the personal data and bank card information exposed in the data dump,” according to a story in Wired Magazine published shortly after the incident (Hackers Finally Post Stolen Ashley Madison Data, August 18, 2015).

The Ashley Madison hacking was not the first incident involving a vendor that failed to adequately protect customer information from hackers. There was TJX, parent company of retailer TJ Maxx in 2003 (94 million stolen records), Sony PSN in 2011 (77 million), Target Stores in 2013 (70 million), Home Depot in 2014 (56 million), and eBay in 2014 (145 million). In fact, of The Nine Biggest Data Breaches of All Time (Huffington Post, August 20, 2015), Ashley Madison doesn’t even make the list.

But if someone maintained a list titled Most Awful, Ashley Madison would rise to the top. Ashley Madison scared the bleep out of everyone because the incident compromised not only financial information, but lifestyle preferences – the kind an individual would not likely share with friends or family. Purloined credit card numbers can be deactivated, but evidence of promiscuity and related information, well, once liberated, those horses aren’t heading back to the barn.

Should companies care about protecting personal customer information? The question is not rhetorical. By being opaque with customers about what they were doing with their sensitive data, Ashley Madison apparently didn’t care enough. Some could say they didn’t care at all. And their cyber-barriers weren’t insurmountable for the dedicated hackers on The Impact Team. Post-Ashley Madison, people began to think about their information in the IT cloud, and the associated risks to personal privacy. “Click to submit!” – software developers have made sharing personal data all too easy.

People worried about where their private information goes, where it’s stored, and who might have access to it. They began to imagine voyeurs who might crave such information, and they wondered what criminals could do with it. Consumers realized they couldn’t entrust their privacy to firewalls, encryption, secure data storage, and other jargony techno-obfuscations that marketers routinely use to sweeten their “privacy assurances.” Poignantly, Ashley Madison meant that most consumers did not need any imagination to understand the outcomes when vendors are lackadaisical about data governance.

Customer worry becomes a marketing worry. If customers can’t trust that their privacy won’t be abused, they won’t trust the many mechanisms that happen in online commerce, notably, allowing their primary information and data exhaust  to be collected, stored, and analyzed. If – when – that happens, marketers will experience a setback in solving a perennial problem: Finding the likeliest buyers. Right now, marketers depend on both to fuel their ravenous lead-generation engines, and to close transactions. With every data hacking, regulators raise their hackles, and customers become ever warier. “Hell hath no fury like a woman scorned!” The same for customers when their trust and privacy are abused.

Fury – aka The Do Not Call Registry. In the ’80’s and ’90’s marketers got increasing blowback from agonized customers who felt their privacy had been violated, a development that directly contributed to the US Federal Trade Commission establishing the Do Not Call Registry in 2003. The registry’s intention was to curtail what became a reviled business practice: marketers using telephone contact to prospect for new business. Many telemarketing calls were made to residences, and numbers-driven marketers didn’t care about customer experience, often prescribing the calls to occur at dinner time, when prospects were more likely to be home.

Telemarketing began with the advent of the telephone, according to Wikipedia. It flourished in the 1970’s, when marketers got savvier about effective tactics, which were widely shared as “best practices.” That was the beginning of its demise.

The primary customer data needed was culled from lists of residential phone numbers, and ZIP Code directories, all available to the public. For marketers, the telemarketing sales channel became stupid-easy to switch on, and – this is crucial –  wicked-hard for customers to avoid. Before caller-id and call blocking, the only choice for a customer when a telemarketer called was to not answer the phone, and wonder whether they had just missed something important. Vendors became addicted to the low costs and revenue results. For senior executives, self-regulating one’s cash cow did not have wide appeal.

Yet, Do Not Call was a bellwether in the customer fight for privacy, and it caught on like wildfire. While today, it appears that Do Not Call doesn’t have sufficient penal claws to deter vendors from flouting its provisions (my home regularly receives numerous daily phone solicitations, despite being on the registry), its symbolic message is stunning.  Today, there are 217 million numbers on the list. Since its inception, that averages to 42,465 numbers added per day for 14 years. I consider that an “opt-in” success story that should make any CMO drool with envy, albeit for the wrong reasons. The message to marketers: “Do not intrude on my privacy. Do not abuse my personal information. Because if you do, you’ll lose your privilege. Sincerely, Your Customers.”

When it comes to privacy, marketers have no scruples. None. COPPA, The Children’s Online Privacy Protection Act was enacted to prohibit the collection and use of personal data from children under 13 years old. But there’s a problem: “More than 50 percent of Google Play apps targeted at children under 13 – we examined more than 5,000 of the most popular (many of which have been downloaded millions of times) – appear to be failing to protect data,” writes Serge Egelman, research director of the Usable Security & Privacy group at the International Computer Science Institute, in a Washington Post article, We tested apps for kids. Half failed to protect their data (August 7, 2017).  For example, when parents download an app from Google’s Designed for Families section in the Google Play store, they assume data about their child (or children) remains safe. Turns out, that’s a bad assumption.

Which kid-generated data is compromised? Device serial numbers (which are often associated with location data), email addresses, and other “personally identifiable information,” according to Egelman, who wrote that his company found such data had been transmitted to third-party advertisers, and that the nature of the data meant that those companies could engage in long-term tracking of these children.Fortunately, Egelman has developed a website for parents to check the “privacy behaviors of the apps” his company has automatically tested. Just when we thought it was safe to allow our children to stay inside and play on the computer . . .

Personal privacy: why ongoing consumer trust isn’t assured. “Today your data can be of four kinds: data you share with everyone, data you share with friends and coworkers, data you share with various companies (wittingly or not), and data you don’t share,” writes Pedro Domingos in his book, The Master Algorithm. As consumers, we’re betting that as companies like Facebook, Amazon, and others gain more data, their learning algorithms improve, returning more value to us. But Domingos says that the “problem is that Facebook is also free to do things with the data and the models that are not in your interest, and you have no way to stop it.”

“When we say we’ll protect your data, you must believe us! . . or not.” Today’s marketers extoll privacy in their customer messaging. After all, they smell money. “Onavo Protect for Android helps you take charge of how you use mobile data and protect your personal info. Get smart notifications when your apps use lots of data and secure your personal details,” the copy on Onavo’s website assures us. But Facebook, which spent $150 million to acquire Onavo four years ago, hasn’t been fully transparent what it does with the data. One thing is certain: Facebook didn’t plunk down $150 million because they fancied the name Onavo. “Facebook is able to glean detailed insights about what consumers are doing when they are not using the social network’s family of apps, which includes Facebook, Messenger, WhatsApp and Instagram,” according to an article in The Washington Post, Facebook’s Affinity for Copying Seen as Stifling Innovation (August 11, 2017) . How private is the data? Will Facebook use it for benign purposes? Will customers experience harm? I don’t know, and the answers aren’t provided in corporate fine print and written disclaimers.

In another example, this year Princess Cruises announced its Ocean Medallion bracelet that promises passengers a unique personalized travel experience:

“It’s cruise planner meets concierge — a guide that you can access everywhere — on touchscreens throughout the ship, your stateroom TV and your own mobile devices. Ocean Compass helps you navigate your ship and your cruise, like streamlining the boarding process, personalized shore excursions invitations, ordering your favorite drink and more . . . Upload your documentation and set your preferences ahead of time so you can swiftly walk on board and communicate everything your ship needs to know about you.”

And:

“Customize your personal Ocean Tagalong™ by body shape, color, pattern and marks (like tattoos) to best reflect your “alter ego”. This responsive digital companion follows you from initial registration to the end of your cruise (as well as rejoin you on future cruises). You’ll find it online within your profile, during interactive PlayOcean games like Tagalong Sprint, as well as through Ocean Portals found onboard Medallion Class ships. Tagalongs even evolve throughout the cruise, reflecting your unique personality and interactions, and will collect ‘charms’ that show off your achievements.”

To me, Ocean Medallion is a marketing name for sophisticated surveillance technology, and there’s “Ewwwwwwwwww!” by the bucket load throughout this cheery write up. Clearly, I’m not the type of customer Princess wants to reach, and I’m sure they’ve heard similar sentiments from others. They’re looking for a much different prospect. One who absolutely, positively cannot stand to separate from technology. Not even for a minute. I can distill Princess’s prose into a single sentence: “We know much about you even before you begin your vacation, and we track you from the time you come aboard, until the time you disembark.”

Where does Ocean Mediallion’s digital information go, who sees it, who uses it, and for what purposes? That’s not spelled out anywhere I looked on the company’s website, though I have little doubt that they have PhD data scientists who know. And it’s not reassuring that Carnival hasn’t updated their privacy policy since December 5, 2014, according to its privacy policy page. Just finding that out required a circuitous content journey. Good thing I liked the photos.

In today’s digital era, batches of delicate personal customer information are produced, captured, selected, sub-selected, curated, sorted, stored, compiled, combined, listed, cut, “value-added,” repackaged, warehoused, transmitted, sold, and shared, like rail cars of soybeans. Your data, e-shot, helter-skelter to the world! A massive logistics system operating in subterfuge, trafficking the data minutia of a human being’s existence, one individual at a time. Without industry self-enforcement, strong governance policies, and legal restrictions, tell me there’s not another Ashley Madison-type wreck about to happen, or already underway.

There’s an entrepreneurial opportunity here, in case anyone wants to step in. Pedro Domingos suggested one in how he envisions a new business model for privacy protection:

“The kind of company I’m envisaging would do several things in return for a subscription fee. It would anonymize your online interactions, routing them through its servers and aggregating them with its other users’. It would store all the data from your life in one place – down to hour 24/7 Google Glass video stream, if you ever get one. It would learn a complete model of you and your world and continually update it. And it would use the model on your behalf, always doing exactly what you would, to the best of the model’s ability. The company’s basic commitment to you is that your data and your model will never be used against your interests. Such a guarantee can never be foolproof – you yourself are not guaranteed to never do anything against your interests, after all. But the company’s life would depend on it as much as a bank’s depends on the guarantee that it won’t lose your money, so you should be able to trust it as much as you would trust your bank.”

I wonder whether a company can honestly commit to never acting against a customer’s interests, when those interests inevitably change. Still, I like his entrepreneurial vision.  In the meantime, Domingos asks, “Who should you share your data with? That’s perhaps the most important question of the twenty-first century.”

Author’s note: This article is the second in a series about consumer privacy. You can read the first article, In the Digital Revolution, Customers Have Nothing to Lose But Their Privacy by clicking here. In an upcoming article, I’ll outline important keys for corporate data governance.

Shaming Customers Drives Conversions, but at What Cost?

Magnolia (not her real opinion)

“Don’t put words in someone else’s mouth!” This sage advice from my first-grade teacher has stuck with me. I have my conversational faults, but I’ve steadfastly avoided this transgression. Yet, the gaffe persists in society today, and it’s growing.

We need a grass roots campaign to stop the spread. First, let’s adopt a more contemporary slogan. How about, “don’t put e-words in someone else’s e-mouth!” It tackles a new wrinkle to this older problem because some major online retailers force people to say things they don’t really think or believe.

“No thanks, I do not want fast, free shipping,” Amazon e-said for me last week when I completed my online transaction, declining their offer for the “free shipping” benefit. Generally, when I don’t want to purchase something, I find “no” a simple and effective response. One that gets my point across fully. No need to embellish.  Whatever . . . my need wasn’t especially urgent. I let Amazon’s default comment stand. I just wanted my epoxy in the next few weeks.

“No, I will not protect my rental car and I agree to pay for damages incurred,” were the e-words a car rental agency attributed to me in April when I populated their online reservation form, indicating to them that I didn’t want supplemental insurance coverage. A more accurate statement would have been, “No, I find these charges a rip off, designed to pad the agency’s profits.” But that choice wasn’t available. Nobody likes to be misquoted, but for now, I’ll have to live with this violation. Sigh. At least the e-words indelicately placed in my e-mouth provided the cost savings I wanted.

In fact, anytime I rent a vehicle, I drive it with the same care that I do for my own, which is pretty carefully. And my personal auto coverages extend to rentals, ergo, protection! For these reasons, the “I will not protect my rental car . . .” isn’t technically correct. Nor is the “I agree to pay for damages incurred,” if, for example, a driver runs a stop sign and hits my rental car. When the at-fault driver has auto insurance, their provider pays. Not me.

I understand the reasons for this subtle humiliation. Shame and revenue are connected. I wonder how many consumers vacillate on decisions, wavering the mouse arrow around that car rental insurance offer acceptance box. “Should I? Should I not? Should I? . . . What to do? I will NOT protect my car? . . . hmmmm. Well, NO! That seems so risky! I WILL protect my car . . .” The consumer reluctantly approves the add-on fee, and proceeds to mull the next needless upcharge. If I ran a car-rental agency, I’d ask to hear a ka-ching play through a loudspeaker at headquarters every time a customer succumbed to this slick online trick. The staff would figure out how to deal with the racket. “Team! All of it goes straight into our profit-sharing plan!”

In the early days of e-commerce, retailers used large bright on-screen buttons to encourage customers to accept an offer, to buy a product, or to release identity information. The alternative, decline, was low-key and polite – usually a smaller button with a simple “no” or “no, thanks.”

Today’s customers proceed through a sophisticated, choreographed “buyers’ journey,” and vendors are loathe to allow them off the path to Transaction City. Shaming has become commonplace. So much so, that the Nielsen Norman Group has even coined a term for the enabling mechanism: manipulinks. “In a desperate attempt to nudge users towards conversions like newsletter signups some websites are adding manipulative link text to their popup modals.  These user-shaming labels are called manipulinks . . . : they employ the practice of what is often referred to as confirmshaming — making users feel bad for opting out of an offer (logically, this practice might better be described as declineshaming).”

Nielsen Norman provides some stunning examples:

Sears.com To decline “Show Me The Deals” [sic], a website visitor must click on “No thanks, I don’t like deals.”

Women’s Health To decline “GET MY TOTAL BODY WORKOUT PLAN”, a website visitor must click on “No thanks, I don’t need to work out.”

Delish.com To decline “SHOW ME 14 SIMPLE DINNERS,” a website visitor must click on “No thanks, I’ll have a microwave dinner tonight.” (I laughed at this one, though I sense jocularity was not the company’s intent.)

I see a hand raised in the back of the room . . . . yes, on the left, blue striped shirt! Could you speak up so everyone can hear you? . . . momentary silence . . . then, a confident voice rings out: “We don’t call it ‘shaming.’ A/B testing has revealed that certain messages produce more conversions. That’s why companies do it.”

I see. Numbers often create compelling arguments. But, as Nielsen Norman explains it, “focusing on conversions to the exclusion of common sense is a recipe for disaster. It doesn’t matter if more people [sign] up for your newsletter if you had to bully them into doing it.” Hands down, that is the most eloquent, sensible CX wisdom I have read in a long time.

The problem is that some marketers are dashboard junkies, and don’t see the risks. While A/B testing provides answers on which message produced the preferred result more often, it doesn’t reveal a cruddy customer experience.

I think it’s a mistake to shame customers. You can discount my opinion. You can say that I’m stubborn, unable to accept new ways of doing things. True, in this case. I confess that when it comes to positive customer experience, I don’t readily budge from particular ideals. One of them is that when customers visit my company’s website, and those of my clients, I want them to feel like winners, not losers. Every customer decision should be respected, even ones we don’t like or disagree with. That insight didn’t come naturally to me, but was discovered and reinforced through many years of face-to-face B2B selling. Today, basic courtesy has been shoved aside. Marketing professionals take note: snarkiness directed at prospects and customers will inevitably bite you in the rear.

“Be all you can be!” Now there was a brilliant aspirational recruiting slogan for the US Army, thanks to visionary agency NW Ayer. A message that every person on the planet could relate to. What happened to spreading good vibes as a marketing tactic? I don’t know. Maybe the wrong people got promoted into the wrong jobs. Or, maybe people started putting too much credence in their A/B tests. And maybe those who knew better didn’t feel safe questioning what the results were “telling” them. That’s why we have the e-words “no thanks, I’ll have a microwave dinner tonight” shoved into our mouths when we have the temerity to opt out of something a marketer wants us to opt into.

Not every company follows the shaming herd. According to Nielsen Norman, “Ace Hardware employs a traditional and more direct approach to promoting its newsletter . . . It presents the offer directly without using a condescending tone. Users can simply say ‘no thanks’ or close the window and move on.”

Civil and respectful communication. What’s not to like? And customer sentiment will likely be reciprocal. A positive result that any marketer should want.

Draw from the social skills that your elementary school teacher insisted that you follow. One of them might accelerate your revenue achievement.