Speed Data 2 - The birth of a customer database
Upcoming SlideShare
Loading in...5
×
 

Speed Data 2 - The birth of a customer database

on

  • 403 views

An Post & Data Ireland came together in January to host a breakfast event called ‘Speed Data’ - a 60-minute session that gave insight and practical know-how for Data Protection in Ireland. The ...

An Post & Data Ireland came together in January to host a breakfast event called ‘Speed Data’ - a 60-minute session that gave insight and practical know-how for Data Protection in Ireland. The event was a sell-out and the feedback was incredible.

The inimitable Linda NiChualladh gave a highly energised 60 minute presentation with practical information for marketers.

Due to the outstanding demand, we are delighted to host two more Speed Data sessions this year, with the most recent held on Wednesday 19 June.

Speed Data 2: The Birth of a Database

Over 150 marketers joined us at the Westbury Hotel for the second Speed Data Briefing to learn how to build a compliant database in just 60 minutes.

In less than one hour, we covered:

• How to ensure any of your existing databases are fully compliant with data protection laws
• How to acquire new customer details in accordance with regulations
• How to use third party information, and ensure it too is compliant
• The state of play in Brussels concerning the new data protection laws
• The impact of data protection laws and how to prepare for coming changes
• A marketing focused analysis of the DPC’s 2012 Annual Report

Statistics

Views

Total Views
403
Views on SlideShare
402
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 1

http://www.pinterest.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Speed Data 2 - The birth of a customer database Speed Data 2 - The birth of a customer database Presentation Transcript

    • SPEED DATEall you need is love?Linda NiChualladhRegulatory CounselAn Post Group
    • WARNING!!!!! DISCLAIMER!!!!!The content of my presentation does not constitute legaladvice nor does it purport to be legal advice.The content of my presentation does not represent nordoes it purport to represent in any way the views,opinions or positions of An Post, it’s board, directors orstaff.Any mistakes, errors and/or ‘typos’ are my own, unless Ican attribute them to someone else!ALWAYS ENSURE YOU GET YOUR OWNINDEPENDENT LEGAL ADVICE SPECIFICALLYTAILORED FOR YOUR COMPANY/BODY.
    • A LOVE STORYKind of.....
    • Fran’s Story• Single. Wants to meet new people• Fran gets information about other singlepeople:– “Personal” ad– Business contacts– Online contacts– Contacts from friends etc
    • LESSONS: DATING AND DATA• Not all that different:– Partnership– Connection– Relationship– Trust– Authenticity– Exclusivity
    • LESSONSIT ISPERSONALIT ISBUSINESSSTOPLYING!
    • LESSON: THINK LIKE PEOPLE• People think like people• The DPC thinks like people• PURPOSIVE APPROACH– Aka ‘Surprise!”
    • FRAN’S NEW BUSINESS VENTURE• Was in IT but was fired• Watched a lot of Dragon’s Den while‘analysing the employment market’ at home• Was always creative• Living ‘organically’ and now ethically• Made soap and bath accessories• Some medicinal/wellness claims• The Natural Soapy Accessories Company
    • The Natural Soapy Accessories CompanyGetting closer to you withoutyou even noticing
    • Lessons learned.• Fran looks at whether he needs to register as a datacontroller• He gets to grips with the lingo:– What is personal data– What is a data subject– What is a data controller– What is a data processor– Who will he be working with and what DP ‘title’ will theyhave?– Does he have a privacy policy?– Is worried about SARs ... But who wouldn’t be?!• Did you do this amount of prep work?
    • Fran learned his lesson.......I hopeThe five worst business database mistakes you can make -By Frazer Hossack | Publication date: 30/01/2013 |Category: Tactics > B-to-b focus1. Not keeping it clean… 35% decay rate annually2. Not planning ahead… do you have enough leads? Is it arelaunch?3. Not looking to improve… it probably is broke and it ain’tgood not to fix it4. Not picking the right man for the job… so why not letwomen do it right?!5. Not choosing the right data specialist…Source: http://www.catalog-biz.com/tactics/The-five-worst-business-database-mistakes-you-can-make_4019.asp
    • Lessons learned:Do we need to bother about the data protectionlegislation? What impact could it have on us?What does registering (notifying) involve?What are the penalties likely to be, if we havent notifiedwhen we should have done?How do the authorities decide who gets assessed?We hear there are scams involving notification. How canwe tell if the correspondence we have received isgenuine?Someone working for one of our sub-contractors nowwants copies of all the information we have in whichhis name appears. Do we have to provide it?Some of our customer records are still held in paper form.Are they covered by the Data Protection Act?Do we really have to get our customers to agree that wecan send them marketing information?Do we have to get our customers to agree if we want tosell our mailing lists or disclose customer details tothird parties?What do we have to do, if we want to use a third party todo payroll processing or direct mail marketing for us?If we conduct our direct mail marketing through a foreignfirm, what do we have to do to stay on the right side ofthe law?If I take notes at a recruitment interview, can I be forced toshow them to the interviewee?Is there any problem over us monitoring our employees useof office phones, internet access or email system?Do we have to provide employees (or customers) withcopies of the information we hold on them?Do we have to provide former employees with copies of thereferences that we have given about them to thirdparties?We are thinking of installing CCTV. Will we land ourselveswith any data protection obligations if we do?We have a problem with petty pilfering, of employeesbelongings as well as stock, and want to installcontinuous CCTV. Will that cause us problems?Do we need to tell customers if we operate a CCTV system?We put up CCTV cameras to deter break-ins, and caught oneof our staff stealing. Can we use the tapes fordisciplinary or court proceedings?What sort of penalties might we suffer for breaching theData Protection Act?http://www.lawdonut.co.uk/law/data-protection-and-it/data-protection/data-protection-20-faqs
    • Lessons learned: Creating a database• What does Fran have in ways of contacts?– Agency/ third party suppliers– Electoral roll – edited– Publicly available information– Anyone who has given him information– Businesses who agree to work with him• Can NSA contact these contacts?– Consent– Legal right– Legitimate purpose?• LETS’S DO THE CHECK: WHERE’S THE CONSENT? CAN HEPROVE IT? LOOK AT HOW STRINGENT GERMAN DP LAWS ARE!
    • BeginningGetting theDataMiddleWhile you havethe dataEndDisposing ofdataInform andget consentJustificationto processRespondto accessrequestsSpecifypurposeOnly gatherwhat isrequiredKeepaccurateKeep secureand disposesecurelyDiscloseonly ifcompatibleor allowableexceptionHave aretentionpolicySource: www.dataprotection.ie DPCwebsite
    • this option. For a electronic communication to a business, an option tounsubscribemustbeincluded.Postal Text/EmailPhoneMarketingtoLandlinesFaxPhoneMarketing toMobile PhonesIndividualCustomerOpt-OutOpt-0ut(provided similarproduct orservice)Opt-Out Opt-Out Opt-OutIndividual Non-CustomerOpt-Out Opt-InOpt-In if onNDD,Opt-OutotherwiseOpt-InOpt-InBusinessContacts(Customer &Non-Customer)Opt-out Opt-OutOpt-In if onNDD,Opt-OutotherwiseOpt-In ifon NDD,Opt-OutotherwiseOpt-InDON’T FORGET TO CHECK THE IDMA OPT-OUT LIST!
    • Lessons learned: Creating a database• Who does NSA need to contact?– Businesses• Marketing• Cloud providers• Retail partners• Service providers– Customers• New• Existing• Can NSA contact these contacts?– Consent– Legal right– Legitimate purpose?
    • BeginningGetting theDataMiddleWhile you havethe dataEndDisposing ofdataInform andget consentJustificationto processRespondto accessrequestsSpecifypurposeOnly gatherwhat isrequiredKeepaccurateKeep secureand disposesecurelyDiscloseonly ifcompatibleor allowableexceptionHave aretentionpolicySource: www.dataprotection.ie DPCwebsite
    • this option. For a electronic communication to a business, an option tounsubscribemustbeincluded.Postal Text/EmailPhoneMarketingtoLandlinesFaxPhoneMarketing toMobile PhonesIndividualCustomerOpt-OutOpt-0ut(provided similarproduct orservice)Opt-Out Opt-Out Opt-OutIndividual Non-CustomerOpt-Out Opt-InOpt-In if onNDD,Opt-OutotherwiseOpt-InOpt-InBusinessContacts(Customer &Non-Customer)Opt-out Opt-OutOpt-In if onNDD,Opt-OutotherwiseOpt-In ifon NDD,Opt-OutotherwiseOpt-InDON’T FORGET TO CHECK THE IDMA OPT-OUT LIST!
    • Lessons learned – creating a database• What channels for contact?– Leaflet drop– Posters– Radio– Postal• Addressed• Unaddressed– Social Media– Email– SMS• Not really direct advertising?– Competitions– Special offers through voucher/discount channels– Surveys/questionnaires– Sponsorship– Trade shows• New cool advertising– Like addressed mail but not– No issues with DP because it’s unique addressing
    • BeginningGetting theDataMiddleWhile you havethe dataEndDisposing ofdataInform andget consentJustificationto processRespondto accessrequestsSpecifypurposeOnly gatherwhat isrequiredKeepaccurateKeep secureand disposesecurelyDiscloseonly ifcompatibleor allowableexceptionHave aretentionpolicySource: www.dataprotection.ie DPCwebsite
    • this option. For a electronic communication to a business, an option tounsubscribemustbeincluded.Postal Text/EmailPhoneMarketingtoLandlinesFaxPhoneMarketing toMobile PhonesIndividualCustomerOpt-OutOpt-0ut(provided similarproduct orservice)Opt-Out Opt-Out Opt-OutIndividual Non-CustomerOpt-Out Opt-InOpt-In if onNDD,Opt-OutotherwiseOpt-InOpt-InBusinessContacts(Customer &Non-Customer)Opt-out Opt-OutOpt-In if onNDD,Opt-OutotherwiseOpt-In ifon NDD,Opt-OutotherwiseOpt-InDON’T FORGET TO CHECK THE IDMA OPT-OUT LIST!
    • FRAN’S MANTRADPC= Data Purpose Consent DPC= DataPurpose Consent DPC= Data Purpose ConsentDPC= Data Purpose Consent DPC= DataPurpose Consent DPC= Data Purpose ConsentDPC= Data Purpose Consent DPC= DataPurpose Consent DPC= Data Purpose ConsentDPC= Data Purpose Consent DPC= DataPurpose Consent DPC= Data Purpose ConsentDPC= Data Purpose Consent
    • Fran even gets to grips with otherregulatory laws/ codes• Anything else I should consider?– Are there regulatory rules that apply?• Financial Products• Consumer protection– What is the nature of the contact?• Health?• Sensitive data?
    • External Contracts• For your company to operate– Procurement– R&D– Marketing• For products/services you intend to offer for sale– OUTSOURCING– Hosting/cloud/IT– Data management• For customers– What you will do with their information?MANDATORY or VOLUNTARYSECTORAL SPECIFIC RULES???Nondisclosure AgreementsConfidentiality AgreementsDistribution AgreementsSupply AgreementsLicensing AgreementsProcurement RulesIT ContractsHostingCloudSupportBC/DRUser AgreementsTerms and ConditionsPoliciesStatementsReceiptsPhone/online/hard-copy
    • Now understands contracts are in fact‘biographies’What type of clauses should I include?Definitions• (recitals)• Scope/Services - Obligations– Usually more detailed in the schedules• The promises - obligations– Data protection standards– Indemnity– Insurance– Cooperation with NRAs/ breach• The checks– Audit/ Inspection/ reporting/ certificates/registration• The punishment– Liability– Litigation– Alternative dispute resolution• The odd bits– Third party beneficiary– Severability– Choice of law and jurisdiction• THE END– Termination• AFTER THE END– Post-termination– Indemnity– LiabilityRemember the story you are telling:What we doWhat we promise to doWhat we won’t doWhat responsibilities we have/haven’tgotWhat if it all goes wrongWho can do whatIF YOU DO NOT UNDERSTAND THECONTRACT, HOW WILL YOURCUSTOMERS OR YOUR PARTNERS?THIS IS NOT JUST A LEGAL MATTER.THIS IS THE STORY OF HOW YOU DOBUSINESS
    • BeginningGetting theDataMiddleWhile you havethe dataEndDisposing ofdataInform andget consentJustificationto processRespondto accessrequestsSpecifypurposeOnly gatherwhat isrequiredKeepaccurateKeep secureand disposesecurelyDiscloseonly ifcompatibleor allowableexceptionHave aretentionpolicySource: www.dataprotection.ie DPCwebsite
    • this option. For a electronic communication to a business, an option tounsubscribemustbeincluded.Postal Text/EmailPhoneMarketingtoLandlinesFaxPhoneMarketing toMobile PhonesIndividualCustomerOpt-OutOpt-0ut(provided similarproduct orservice)Opt-Out Opt-Out Opt-OutIndividual Non-CustomerOpt-Out Opt-InOpt-In if onNDD,Opt-OutotherwiseOpt-InOpt-InBusinessContacts(Customer &Non-Customer)Opt-out Opt-OutOpt-In if onNDD,Opt-OutotherwiseOpt-In ifon NDD,Opt-OutotherwiseOpt-InDON’T FORGET TO CHECK THEIDMA OPT-OUT LIST!
    • No more of this• Promotion– Enter the competition to win SOMETHINGAMAZING!!!!!!!!!!!!!!!!– All you need to do is fill out the form with your details– Terms and Conditions apply– Please tick here if you want to receive AMAZINGupdates about more competitions and exciting stufffrom us– NSA– Address – Contact -• What does this allow you to do?• If they don’t opt out...........
    • BUT MORE OF THIS– Enter the competition to win SOMETHING AMAZING!!!!!!!!!!!!!!!!– All you need to do is fill out the form with your details– Terms and Conditions apply– We will use your details for the purpose of administering the promotiononly– Please• Tick here if you don’t want to receive AMAZING updates about morecompetitions and exciting stuff by post from Lindy Luck• Tick here if you don’t want to receive stuff from Lindy Luck’s partners by post• Tick here if you want to receive stuff from Lindy luck by email• Tick here if you want to receive stuff from Lindy Luck by SMS• Tick here if you want to receive stuff from Lindy Luck’s partners by email• Tick here if you want to be contacted by Lindy Luck telephone• Tick here if you don’t want to be contacted by Lindy Luck’s partners by telephone• CLICK HERE or go to www.lindyluck.ll if you want to opt-out/ change preferencesat any time alternatively you can contact us at 1580 REALLY EXPENSIVE CALL• Any Problems?
    • WIN BACKS• If you want to contact a former customer– Check if they have agreed to post-term contact• You can specify this: “we would like to contact you aboutnew products and services during your time with us andafter......Please tick etc etc”– AND: Follow specific sectoral rules/ time-limits• Telecommunications• Financial services– No post-term contact?• Choose a method that doesn’t require opt-in• What method would that be?
    • Fran became THE ‘Rules’ guy?• Obtain and process the information fairly• Keep it only for one or more specified and lawful purposes• Process it only in ways compatible with the purposes for which it was givento you initially• Keep it safe and secure• Keep it accurate and up-to-date• Ensure that it is adequate, relevant and not excessive• Retain it no longer than is necessary for the specified purpose orpurposes• Give a copy of his/her personal data to any individual, on request.
    • Please please please please Mr.Postman• “We have received several complaintsconcerning communications fromNSA............... Under the DPA we are notifyingyou of the commencement of aninvestigation.......”• Fran is shocked.• What went wrong?
    • Complaints• Addressed direct mail– Letters destined for Mr. X at 1 Main St. Were putinto envelopes for 2 Main Street. The wholesequence out of synch– Some people found out that other people hadeczema and dermatitis and used prescription-drugs– Some people got advertising offers for otherproducts that NSA liked but didn’t sell
    • BeginningGetting theDataMiddleWhile you havethe dataEndDisposing ofdataInform andget consentJustificationto processRespondto accessrequestsSpecifypurposeOnly gatherwhat isrequiredKeepaccurateKeep secureand disposesecurelyDiscloseonly ifcompatibleor allowableexceptionHave aretentionpolicySource: www.dataprotection.ie DPCwebsite
    • this option. For a electronic communication to a business, an option tounsubscribemustbeincluded.Postal Text/EmailPhoneMarketingtoLandlinesFaxPhoneMarketing toMobile PhonesIndividualCustomerOpt-OutOpt-0ut(provided similarproduct orservice)Opt-Out Opt-Out Opt-OutIndividual Non-CustomerOpt-Out Opt-InOpt-In if onNDD,Opt-OutotherwiseOpt-InOpt-InBusinessContacts(Customer &Non-Customer)Opt-out Opt-OutOpt-In if onNDD,Opt-OutotherwiseOpt-In ifon NDD,Opt-OutotherwiseOpt-InDON’T FORGET TO CHECK THEIDMA OPT-OUT LIST!
    • Complaints• Unnatural amount of text messages sent• No consent for text messages– Some sent by NSA– Some sent by NSA’s service provider• Other people being contacted by Consumer InformationAuthority (CIA) conducting research interviews• Fruity Beauty Inks (FBI) also contacting customers– Fran has had on-going arguments with them. His former ‘friend’who worked the market stall with them upped and left• Emails about accounts with ‘NSA product placement’ onthe account data
    • Complaints• Credit card receipts found flying around localpark– Local authority also ‘doing’ him for illegal dumping– He’s also being investigated for security breaches.
    • DPC 2012 Annual ReportSharing personal data in the public sector• “data sharing can bring benefits in terms of efficientdelivery of public services but cautions that it should bedone in a way that respects the rights of individuals tohave their personal data treated with care and notaccessed or used without good reason. ”• Department of Social Protection INFOSYS database* :Full audit report carried out• Audit “uncovered significant breaches of the dataprotection legislation in relation to access to andgovernance of personal data”.
    • 2011 - Breakdown of complaints opened by dataprotection issue2011 Percentages TotalsAccess Rights 48% 562Electronic Direct Marketing 22% 253Disclosure 10% 118Unfair Processing of Data 6% 62Unfair Obtaining of Data 4% 42Use of CCTV Footage 3% 37Failure to secure data 2% 25Accuracy 1% 14Excessive Data Requested 1% 14Unfair Retention of Data 1% 12Postal Direct Marketing 1% 11Other 1% 11TOTAL 100% 1161Source: Annual Report 2011 – DPC Website
    • DPC ANNUAL REPORT 2012ComplaintsTable 1 Breakdown of complaints opened 2012/by DP issue*Electronic Direct Marketing 44.93% 606Access Rights 32.77% 442Disclosure 7.86% 106Unfair Processing of Data 2.59% 35Unfair Obtaining of Data 0.96% 13Use of CCTV Footage 2.37% 32Failure to secure data 2.59% 35Accuracy 1.41% 19Excessive Data Requested 1.78% 24Unfair Retention of Data 1.26% 17Postal Direct Marketing 0.74% 10Other 0.74% 10TOTALS 100.00% 1349