Managing Customer Opt-Outs in a Complex Global Environment
Matt Leonard1, Mayra Rodriguez1, Richard Segal2, Robert Shoop3
1 IBM Customer Relations, Policy, & Privacy, White Plains, NY, USA
2 IBM Thomas J. Watson Rearch Center, Hawthorne, NY, USA
3 Harte Hanks, Austin, TX, USA
Abstract. The day to day rhetoric associated with spam control focus on measures, technology, rules or fees to
impo order or control. The efforts concentrate on the broad range of messages throughout the internet in the
avenue怎么读torch relayhope that by reducing or stopping the flow of ‘spam’ the problem of spam will be solved. This is analogous to
fighting a fire when it is at its apex rather than preventing it in the first place. IBM’s opt-out management
广播电视新闻学就业application, The Global E-mail Cleansing System (GECS), and the associated business process attempts to
control the e-mail communications between the enterpri and its constituencies. This increas the satisfaction
of its customers while ensuring that, at least in the ca of IBM’s communications, customers and others can feel
confident that IBM is doing its best to ensure their privacy is respected.
1 Introduction
It’s no cret that e-mail marketing is an emotionally charged issue. What started out as a great way to communicate, to share information, to collaborate, has instead turned into an irritating burden. Individuals feel violated by spam. Their in-boxes are swamped by unwanted messages over which they have no control. The term “Spam” has become a cry for relief from “too-much” email, from “inappropriate” email, and from poorly targeted e-mail. Industry, advocates, and governments have reacted by proposing tools or regimes to eliminate spam. Some have propod placing a price tag o
n email transmission to deter the nding of large volumes of unwanted e-mail [1]. Lost in all the noi is the idea that e-mail can be an excellent way to start and develop relationships on the internet. Business leaders ek privacy nsitive ways for email to help build relationships as part of the marketing mix.
E-mail marketing can be a great way to efficiently reach customers and prospects. In the optimal e-world individual preferences and interests are shared between groups allowing marketing efforts to be coordinated into sophisticated planned messaging strategies. Practically speaking continued cooperation between marketing groups is difficult to achieve. Companies have a political dimension and its not surprising that there is competition to ‘control’ the e-mail address and a reluctance to share customer knowledge internally. Brands, Divisions, even in-country Company organizations want to control their customer t and resist passing control, or even knowledge, of their customer to others. Another method must be sought. In IBM’s ca it’s the Global E-mail Cleansing Service (GECS).
We believe that e-mail can be an effective tool for business and customer relationship management. We believe that both business and consumers benefit when e-mail is ud effectively in relationship development and management [2]. We believe that consumers, who are willing to accept e-mail, wo
uld appreciate highly targeted and relevant messages. We believe that consumers should be able to express their opt-out preferences and have tho expressions honored.
This document describes IBM’s approach to managing opt-out preferences. We believe that the approach taken by IBM, using GECS as its centerpiece, is a unique and highly effective customer centric approach.
2 Limits of Existing Tools
There have been few attempts, beyond normal marketing databa tools, to build applications where consumers can express their opt-out directives. Existing tools encompass the normal ‘do not e-mail’ codes that most platforms are capable of capturing. Marketers can be trained to lect net of the ‘do not e-mail codes’ and to honor customer opt-outs in this way. Once tho codes are in place, it’s fairly easy for a databa manager to create a list of
individuals who do not want e-mail and to nd that list to third party list owners for suppression when they ll names to the company or generate marketing messages on behalf of the company.
By way of background, the marketing list business is comprid of four participants: The List Owner,
the List Manager, The List Broker and the List Ur. The Manager reprents the owner and lls the owner’s lists. The Broker finds lists for the ur. List Owners can be list urs. In a company, divisions/brands often act as owners.
The situation is more complex when renting lists from third party list providers. The marketer does not want to provide the list provider with their suppression list and potentially compromi the privacy of the individuals on their suppression list. There is no guarantee that the suppression lists nt to a third-party list provider will not be ud by that provider to add to their own or other company’s marketing lists! Individual marketing campaigns can include many individual lists and without a central suppression processing facility the marketer might have to nd individual copies of the suppression list to each list owner and trust them to eliminate the records. The idea of putting dozens, maybe hundreds, of copies of a company’s suppression list into the list industry is frightening. Even the FTC is hesitant to suggest that an FTC sponsored Do-Not-Email list could be safely distributed. List owner’s have similar concerns about nding their list to individual marketers for processing into their marketing messages.
All parties in the basic infrastructure are scared of sharing their individual lists yet feel that they have to find a way to comply with CAN-SPAM and honor suppression directives. Everyone fears theft of d
ata, misu and loss of control yet all want to protect the privacy of their customer ba.
IBM has first-hand knowledge of suppression lists being inadvertently misud when nt into list owner environments. The long term viability of opt-out management that is dependent on nding suppression lists to every supplier for every order is very poor. To cope with that complexity the middle men (List Brokers/List Managers) in the information sales chain have, in some cas, begun to offer ‘suppression list maintenance rvices’. In the the list brokers/list managers have offered to manage a business’ customer suppression list on behalf of the business. While the middle-men are often more trusted then many list owners the volume of suppression systems increas complexity and, in most cas, results in the list owner receiving the suppression list anyway! It also creates an environment where more copies of a company’s suppression lists are expod.
Besides the difficulty of maintaining corporate opt-out lists, large business must address a host of internal challenges that make even the maintenance of suppression lists a difficult prospect with existing tools. Larger business tend to have veral suppression databas and veral bulk e-mail applications distributed throughout their organization. When sales forces in multiple divisions, each with their own customer relationship management tools, are added to the mix the situation quickly becomes untenable. Large business basically have three choices: •All data and preferenc
es can be consolidated into a single databa with a single control structure.
•When a preference is expresd and recorded in one databa, it is immediately communicated, and accepted by all other databas. This is applicable only if the company has a consistent brand identity and honors preferences across all divisions.
•Provide parate privacy statements for each different application so that they can operate independently. This is only acceptable if consumers think of the parate constituencies within an organization as parate entities. It also rais issues regarding when a company share data between entities.
All three of the approaches fall short. Consolidation is an admirable goal but it cannot be achieved over night. While a consolidated databa and management environment provides the best approach, it is often not practical. Most complex enterpris have many databas, often in different geographies. Customers can engage with many divisions and each may create records in veral of databas. Consolidation of multiple applications and databas in is often not possible in a dynamic environment where individual divisions have differing needs.
To implement the cond option, a process has to be created where opt-out information received is s
ent to all other databas within an organization. However the same privacy concerns that ari when dealing with third-party list brokers can ari within a company with multiple privacy domains. Application owners and marketing group leaders may be reluctant to share their suppression lists with other divisions for fear that they may be misud and hurt their relationship with individual clients. The idea that a customer record might exist in more than one customer databa begs the question: ‘Who customer is it?” Honoring a customer’s instruction to opt-out of UCE must not be contingent on a company resolving its internal political conflicts.
Separate privacy statements, and parate relationships for each brand handily solves the ‘technical’ issue but it precludes the free sharing of data across the enterpri. As a business integrates its operation or tries to rve the ‘total customer environment’ it might well find that it has compromid its ability to rve the customer through potentially conflicting promis in the privacy statement or conflicted instructions from the customer depending on
the division/brand the individual was interacting with.. Never-the-less the third possibility is the most viable of the three from a business perspective.
3 Protecting the Customer
IBM is a complex enterpri with a global prence and identity. An individual logging onto an IBM website might easily find they are interacting with a site outside their home country. An individual can brow products outside the scope of their existing business relationship. How does a company like IBM fulfill customer expectations that their information will be ud in a manner that recognizes its importance? More importantly how does a company like IBM enable a customer to exert some continuing control over the u of their personal information across the enterpri. When a person’s information might reside on the databa for more than one division, or in more than one country, how is a person’s instruction maintained and honored?
An individual can have a variety of relationships with a company. The more complex the company, the more complex the relationships. Some possible relationships include direct contact resulting from an ongoing engagement, customer rvices interactions, subscriptions to company newsletters or to specific information products, and transactional correspondence such as bills, shipping notices, and warranty renewals. Of cour, they may have no relationship with the company at all and be a total prospect or, as a customer of one brand, they might be a prospect for other brands.
From a Business perspective there is no benefit to antagonizing existing customers. Uptting customers can only eliminate future information flows and hurt business. Finding a way to capture a
nd honor an individual’s opt-out instructions is important to ensuring that the individual welcomes information that they have asked for and greets, positively, ongoing calls from the sales reprentatives or other personnel that rvice their relationship. IBM has invested significant energy and resources to develop an application and associated process to do just that.
The global scale of large enterpris rais additional problems. A customer asking to opt-out may expect that the unsolicited commercial e-mail stop from the company. Yet they may have interacted with multiple databas in multiple countries. The ideal solution must transmit suppression data across the business. Since there is no requirement that databas nd their opt-in records to other databas a customer exists in more than one databa as the result of their action. Generally, the rules that govern marketing to an existing customer are tho in effect in the databa where the customer’s record exists.
This paper does not tackle the gathering and u of customer ‘interests’ for targeting. The challenge of gathering customer interests is best handled in the marketing databas using survey or other methodologies. Combining suppression/permission with interest code generation creates additional complexity by combining marketing tactic generation with suppression administration.
Approach
手写印刷体
4 IBM’s
IBM has developed an application and related process to deliver on its privacy promis and to minimize the perception that it is nding ‘spam’ to its customers and other constituencies. IBM ensures that the customer, at the point of capture of personally identifiable information, can know about its information practices, is prented with their choices about the u of that data and is given the opportunity to, in most cas, interact anonymously. The databas that support IBM’s applications capture and store the codes that result from customer choices.
Another important element is the continuing prentation of opt-out opportunities. All outbound marketing e-mail messages contain instructions that allow the recipient to opt-out of ALL unsolicited commercial e-mail messages from IBM. Newsletters and subscription products carry their own ‘’unsubscribe’ instructions. Since individuals are continually being prented with Notice and Choice and given the opportunity to update their permission in the cour of normal business many their instruction from YES to NO and, back again. Some interact more than others but the point is a “NO” is not forever.
IBM targeting personnel are trained to lect their marketing lists net of records that have opted-out.
This is the first line of customer protection. A customer responding to an e-mail with a ‘no more UCE’ instruction has that value coded in the nding databa first. This is the most likely place for the next commercial e-mail to originate and the immediate encoding of the opt-out instruction in the nding databa provides some immediate protection.
The cond level of protection is the Global E-mail Cleansing Service (GECS) which tackles the challenge of communicating an individual’s instruction across the enterpri. IBM developed and implemented GECS with Harte-Hanks, a global information processor. GECS enables individuals to communicate and change their opt-out value to IBM and have that value communicated to other databas across the enterpri that contain that e-mail address. Synchronization to GECS ensures that other data repositories receive opt-out information in a timely manner. GECS functions in a way to minimize political conflicts between groups so the customer is protected and does not suffer as the result of any inter-divisional conflicts or rivalries. IBM anticipates that, until all databas are consolidated into a single environment, GECS will be a valuable part of its Privacy Management System. The balance of this paper describes GECS and its implementation within IBM.
5 Global Email Cleansing System (GECS)
GECS was conceived in 1999 while the IBM Guidelines for Processing Business Personal Information and the IBM Commercial E-mail Guidelines were being developed. The incorporated a policy that Notice and Choice would be prented wherever Personally Identifiable Information was gathered. It also required that: “All marketing or other commercial e-mail, including newsletters, must include a ntence tting forth a simple procedure that a recipient can follow to let IBM know that he or she does not want to receive future marketing or other commercial e-mail from IBM.”[3] An individual following this opt-out procedure expects IBM to stop all future marketing related correspondence. To meet customer expectations, IBM’s guidelines further require: “Before nding a marketing or other commercial e-mail, the IBM employee or agent must screen the prospective recipient against IBM's own suppression lists and, if nding to recipients who e-mail address have been obtained from third party lists, other suppression lists that are recognized and required by IBM.”[4] This required the creation of a databa and the incorporation of that databa into IBM Process to assure the individual of a high level of protection. GECS was developed to meet this need. GECS was developed with the following design principles:
1.An individual can say “Yes you may nd me unsolicited commercial e-mail” or “No you may not nd me
unsolicited commercial e-mail”. Or they may leave the question unanswered. The Yes or No values are the only two that are proactively provided by an individual.
2.Third parties providing personal information to IBM should be able to screen their lists against the suppression
list before providing data to IBM without fear that that data might be moved into the IBM environment. The application was developed at a trusted third party (Harte Hanks) and is accesd via their web site (). The GECS databa does not maintain a record of lists submitted for cleansing nor does it provide any lists submitted to IBM.
3.GECS is neither an e-mail nding engine nor a corporate governance tool. It is ‘politically’ neutral.
4.The databa must function worldwide and adapt to new databas. It was implemented in Brusls to addressup yours
concerns about transferring European Union data out of the Union.
5.Individuals can change their permission values and be able to start or stop UCE as they desire.
6.Individuals can interact, on the web, with an IBM site anywhere in the world. Opt out requests must be honored
world wide.
Traditional approaches to email cleansing often include one or more of the following:
•The creation of a single databa with all data,
•The creation of a single e-mail nding engine with a suppression file,
•The simultaneous transmission of opt-out values from one databa to all databas with the resulting synchronization/prioritization problems.
•The creation of a single messaging authority to control all e-mail
允诺的意思IBM took another approach by developing a single, simple application that exists for the sole purpo of honoring an individual’s opt-out or opt-in requests. This single goal focus meant that it is not bound to the limits of customer data systems and could concentrate solely on the management of customer opt-outs.
GECS receives suppression data from marketing databas in all geographies IBM rves. Additionally sales reps and other customer contact personnel are trained to capture and record customer opt-outs. GECS links to the
Direct Marketing Association’s Do-Not-Email list and can link to other ‘recognized’ suppression sources as required.
The design of GECS is relatively straightforward. However, we still faced a challenge in integrating GECS into our marketing and operational process in order to take advantage of the protection it affords. Any internal IBM marketer or agent nding unsolicited commercial e-mail to an IBM customer or prospect must either screen against GECS or lect from a databa that is currently in synch with GECS. GECS screening is not required when an IBM marketer is responding to a customer request (e.g. a subscription) or is in correspondence as part of a transaction or relationship. GECS is a mandatory part of IBM’s e-marketing process.
Figure 1. displays the GECS screening process. The GECS screening process works as follows. A marketer uploads their e-mail list via the Harte Hanks website. GECS checks incoming e-mail address for structural validity. E-mail address with non-valid formats are returned with a ‘rejecte
d’ indicator so the submitting databa can correct their records. Rejected records might contain delimiters (commas or quotes for instance) or might be incorrectly formatted. GECS removes any suppresd e-mail address from the list and then nds the list to a protected ftp site with the suppresd e-mails removed. The marketer is notified by e-mail that the list is ready to be picked up from the GECS ftp site. The transaction completes when the marketer picks up the cleand list and the list of purged e-mail address from the GECS ftp rver.
Figure 1. The GECS screening process for comparing marketing lists against suppression databas.
E
6 System Architecture
Figure 2 prents the five basic components of GECS overall architecture:
A. Source list to be cleand. Generally a flat file in a defined format.
B. Processing engine includes logic, input/output processing, rvice levels, and exception reporting.
interesting怎么读C. Repositories of opt-out information. The may be company proprietary or market standards.
D. Touch points or information gathering applications where suppression information is captured and maintained. Generally the are ur applications.
月饼的英文>高中英语辅导E. System and product documentation includes: rvice standards, operational procedures, troubleshooting requirements and ur help information. Life cycle management and change control is included in this component.
Each interaction IBM has with an individual where an opt-out is recorded is captured in GECS. GECS retains only the information needed to fulfill its mission: e-mail address, suppression date, value, reason code, and source identification. GECS stacks the records taking the most recent customer supplied value (YES or NO) and rippling it across the enterpri. The non-customer supplied value, ‘UNANSWERED’ or BLANK, never replaces a YES or NO. This logic is reflective of IBM’s privacy practices. Table 1 shows veral examples illustrating GECS internal logic. IBM prents a consistent Notice and Choice across all groups and its opt-out encompass all of IBM. The example records shown in the table reprent interactions happening in various databas and
countries over time. They illustrate that as permission changes the rules associated with the record change and tho rules apply across
playbook
Source
Date Address value ID data Lotus
9/8/
YES Source
Date Address value ID data msm
7/14/ NO GECS would continue to report this value as NO even though in the interaction with Denmark the permission question was unanswered.In IBM's environment the lack of value makes the record ineligible
for UCE.On 4/15 the individual gave a value of YES which is the value that is synchronized across the environment.In an interaction with MSM they become NO on 7/14.A year following the NO at MSM they provide a YES to Lotus on 9/8/2003
Table 1: Sample GECS fields illustrating the logic ud to ensure customer privacy.
Marketing Databas are synchronized, on a regular basis, with GECS. The synchronization process is fairly simple. The E-mail address (with their values and the date that value was recorded) are submitted to GECS. Each address is checked against the GECS databa. Where a match is found the values and dates are compared. The most recent value is recorded, or left, in GECS and returned to the databa. An update process encodes the most current ‘customer provided’ value in the nding databa. In this manner the overall e-mail address inventory is kept current. The synchronization process enables IBM to honor a customer opt-out very quickly
Tables 2 and 3 provide some summary statistics about GECS usage. Opt-in address are former
Opt-outs who have changed status. Folks change from No to Yes in significant volumes. This illustrates that individuals, given the chance to express their preferences may feel more comfortable providing permission back. GECS demonstrates
