Monday, October 17, 2011

Privacy Policies

Shore Up Your Privacy Policy Before Disaster Strikes
A typical Privacy Policy may state that the website will not use any PII without the user's express permission. The FTC will enforce that obligation if it learns that PII is being used without permission, such as to commercialize it. But if the website's Privacy Policy is silent about protecting PII, then the website may use the PII freely.

Last month, we discussed, from the website owner's point of view, the critical importance of using Terms of Service (ToS) and Click Agreements suited to their business.

Now we will address the need for appropriate consideration of your website's Privacy Policy.

What Type of Information Do Privacy Policies Protect?

Personally Identifiable Information (PII) may include many details such as name, address, email address, phone numbers, social security numbers, credit card numbers and the like. From a technology standpoint, every visitor to every website provides some PII about who they are and where they came from. When a visitor lands on a website, this is what the website owner can access:
• the visitor's unique IP (Internet Protocol) address;
• PII about the last website the visitor accessed; and
• information from cookies it left on the visitor's hard drive from a previous visit to the site, perhaps including credit card information and passwords (usually encrypted).

In addition, website visitors provide PII voluntarily when they register as users on sites such as Facebook and LinkedIn or for services like Gmail. Also, visitors provide credit or debit card information to facilitate website purchases. The critical issue about this volume of information presented to the website from the visitor is how that information is protected and what privacy the visitor is afforded.

Website Privacy Regulation
In the U.S., the Federal Trade Commission (FTC) regulates Internet privacy. Currently, the FTC does not require that websites have a Privacy Policy. However, if a website does have a Privacy Policy, it must adhere to its own terms.

A typical Privacy Policy may state that the website will not use any PII without the user's express permission. The FTC will enforce that obligation if it learns that PII is being used without permission, such as to commercialize it. But if the website's Privacy Policy is silent about protecting PII, then the website may use the PII freely.

Outside the U.S., privacy rules are very different. In the EU, Canada and Japan, for instance, there are very specific laws to restrict the use of PII on any computer, whether connected to the Internet or not.

In Canada, the Personal Information Protection and Electronic Documents Act specifies the "...ground rules for how private sector organizations may collect, use or disclose personal information in the course of commercial activities. The law gives individuals the right to access and request correction of the personal information these organizations may have collected about them."

In Japan the Personal Information Protection Act was enacted after conducting public surveys regarding privacy protection for individuals.
The EU 1995 Data Directive (which started in 1989, in the pre-Internet era) regulates privacy for citizens and businesses that operate in the EU.
The U.S. Department of Commerce established Safe Harbor rules that allow U.S. businesses to operate in compliance with the EU laws, so if your website allows users to conduct business with it in the EU, it makes sense to be in compliance under the Safe Harbor rules.

TRUSTe (discussed in greater detail below) offers a specific service called EU Safe Harbor, which includes the following:
TRUSTe can help you certify your compliance with the EU Directive on Data Protection. The Directive prohibits the transfer of European citizens' personal data to non-European Union nations that do not meet the EU's "adequacy" standard for privacy protection.

Of course other companies offer similar EU services.

What Should Your Privacy Policy Contain?

Like ToS and Click Agreements, my informal surveys show that few individuals, at least in the U.S., take the time to review Privacy Policies. But that doesn't mean you should not have one. You have to consider your visitors' expectations, business issues and laws in countries where you operate.

One approach to create your company's Privacy Policy is to find a website you think has similar issues to your own, and use that as a base for your company's policy (but you should be careful to not violate copyright laws when doing so). This might work, but if you guess wrong about what the Privacy Policy should be, your business may be a risk.

Aggregate Data
Many Privacy Policies say that they will not use visitor PII, but the website may aggregate visitor information for resale. Such information may include the percentage of visitors to the website who came from Google (Nasdaq: GOOG) or The New York Times (NYSE: NYT). The largest company in the data aggregation business is DoubleClick, which was purchased by Google a few years ago.

Most website visitors do not feel that their privacy is violated by such aggregation since PII that is specifically identifiable is not being shared, but even where the law doesn't require disclosure, you should consider -- based on business reasons -- whether your Privacy Policy should let website visitors know whether your website aggregates such information.

Consider Subscribing to Privacy Standards
A number organizations promulgate Privacy Standards. Website owners may subscribe, pay a fee, and agree to adhere to the Privacy Standards of that organization. You often see the logos for these Privacy Standards on the front page of websites and embedded in Privacy Policies.

You may be familiar with the TRUSTe logo. Since 1997, that company has offered a variety of online privacy services. This is what TRUSTe has to say about its services:

The company offers a broad suite of privacy services to help businesses build trust and increase engagement across all of their online channels including websites, mobile applications, advertising, cloud services, business analytics and email marketing... Based upon the comprehensive privacy model of "Truth in Privacy," which is laid on a foundation of transparency, choice and accountability regarding the collection and use of personal information, TRUSTe's privacy seal is recognized and trusted by millions of consumers as a sign of responsible privacy practices.

TRUSTe claims that more than 4,000 websites subscribe, including " companies like Apple (Nasdaq: AAPL), AT&T (NYSE: T), Disney (NYSE: DIS), eBay (Nasdaq: EBAY), Facebook, HP (NYSE: HPQ), Microsoft (Nasdaq: MSFT), Nationwide and Yelp." Among many services, TRUSTe offers website solutions for website privacy, EU Sage Harbor, Children's Privacy, Email Privacy, and downloads.

Of course there are other Privacy Standards like those of the Better Business Bureau, which claims that more than 142,000 websites use its Privacy Standards, and also the Online Privacy Alliance and the CPA WebTrust Program.

In Conclusion
Website owners should make sure their Privacy Policies satisfy applicable legal requirements and also address business concerns, so as to give the website visitors comfort that PII will not be used wrongfully.
Therefore, it is critical that each business review how it manages PII, and consider what it tells visitors to the website.
Question: Is a policy important to your website? Discuss what you will do & incorporate.

Wednesday, October 12, 2011

Business Intelligence

The SMB's BI Software Shopping Challenge
Business intelligence is an umbrella term that refers to a variety of software applications used to analyze an organization's raw data. Companies use BI to improve decision-making and identify new business opportunities. However, due to their high-growth and lean organizational structures, SMBs require a different approach to BI. It's important for these companies to approach their purchasing decision with a few critical questions in mind.
Even with a wide range of business intelligence (BI) solutions on the market, many don't fit the unique needs of small and medium-sized businesses. SMBs have tighter budgets, fewer technical resources and less time to spend on deploying and optimizing a business intelligence solution. For some SMBs, just getting started with a BI systems evaluation can be a challenge.

What follows are five criteria to keep in mind while evaluating BI options for your SMB -- but first, a BI primer.

What Is Business Intelligence and Why Would You Need It?
Business intelligence is an umbrella term that refers to a variety of software applications used to analyze an organization's raw data. These applications include data analysis, enterprise and operational reports, dashboards and data mining analytics.

Companies use BI to improve decision-making and identify new business opportunities. Why do SMBs need business intelligence? For the same reason large companies do: to learn more about their business performance and to better execute on their strategy.

However, due to their high-growth and lean organizational structures, SMBs require a different approach to BI. It's important for these companies to approach their purchasing decision with a few critical questions in mind.

5 BI Solution Criteria for SMBs to Evaluate
1. Software Costs: Price is often a key factor in software solution evaluations for SMBs, and some simply can't afford the high initial prices associated with many BI solutions on the market today.

When it comes to software license costs, there are typically two sets of charges to consider: up front perpetual license costs and ongoing support and maintenance costs. While most BI vendors charge for both, commercial open source can be licensed at a fraction of this cost, and Software as a Service (SaaS) BI companies offer subscription-based pricing, which does not require hefty up-front license costs.

In addition, the pricing metric varies among the different BI vendors. Depending on the vendor, you will typically see one of the following pricing models:
o User-based pricing
o Server-based pricing
o A combination of server- and user-based pricing
Under a user-based pricing model, companies are faced with additional charges every time they add new users to the BI user base. Since the success of a BI initiative is strongly dependent upon widespread adoption and use of dashboards, reports and analysis views, granting access to as many employees as possible can be critical. BI tools that utilize a user-based pricing model can inhibit the success of implementation and adoption. Hence, selecting the right tool with the right price metric is essential.
A server-based licensing model can be a better fit for BI, as it enables companies to grant access to more employees in a much more cost-effective manner. Using server-based pricing, companies are free to distribute BI to as many users as their servers can support, without incurring additional fees.

Your Buying Checklist:
4. Is there an up-front perpetual license cost?
5. How much are the annual maintenance and support costs? Does the maintenance cost go up from the second year onwards?
6. What is the pricing metric: server- or user-based?
Length of the ROI Cycle: SMBs typically need proof of investment quickly, oftentimes within a few weeks. Unfortunately, "plug-and-play" in BI is a myth. Any BI solution you choose will require some level of preparation before the data becomes actionable for business intelligence. This is just as true of on-demand solutions as it is of legacy solutions.
However, there's a wide spectrum of time-to-value tradeoffs in BI. Some solutions require building from scratch, while others offer components that you can leverage for a faster time-to-value.

For instance, although SaaS BI solutions claim instant productivity by providing necessary resources to host and manage the application internally, from a data perspective, this option is equally or more resource-intensive than traditional BI. Prior to the initial upload, the data must be pre-processed and cleansed. This process requires significant in-house work by someone who is familiar with the data.

Similarly, legacy BI solutions that are provided by mega vendors are built around complex data models and data warehousing practices that take months, even years to fully develop.

To properly evaluate the length of the ROI cycle for a BI solution, it's especially important to consider time-to-value and the technical expertise that is required.

Ability to Adjust to Business Changes Rapidly: BI projects are not one-time, one-off projects. As business dynamics change and new requirements emerge (which is especially true of SMBs), business users need the ability to add new key performance indicators (KPIs) and data sources, or to easily change the dimensions by which they measure their metrics.

o Growing sources of data: As BI requirements change -- because of mergers and acquisitions, for example -- so too do the underlying data sources. A business intelligence solution needs to remain open and agnostic to different sources of data in order to quickly adapt to change.
o Changes in data or metrics: Once data has been uploaded and built into analytics, reports or dashboards, it will not remain static. BI solutions that don't have an integrated ETL and BI development environment require a cumbersome and time-consuming change management process to incorporate data changes.

Your Buying Checklist:
2. Can you connect to existing data sources, or does the solution lock you into a specific databases or data warehouses?
3. How rapidly can you add a new data source?
4. How easily can you add new metrics and calculations?
Plan for User Growth: The success of a BI implementation is strongly dependent upon its widespread access and use. Historically, a small, technical group within a company performed all corporate reporting and data analysis. Today, this is less often the case. Successful BI environments expand to more and more people in the organization. To plan for more widespread adoption, one should consider:

o Incremental license costs: A per-user pricing and licensing model can inhibit user growth from a financial perspective. Unfortunately, the majority of BI solutions are licensed per user, with fees as high as US$1,000 to $2,000 per user. Because this is cost-prohibitive to many organizations, access to BI is often granted to only a small number of employees. The rest rely on canned reports that IT produces, which in turn creates an IT bottleneck and consequently forces users to make decisions irrespective of the data.

o Ease of use for end users: It can be strategic to have a BI implementation that's adopted by as many business decision makers as possible. Business people typically come from non-technical backgrounds, so having a BI solution that is easy to understand without excessive IT involvement can be crucial, especially at the SMB level.

Your Buying Checklist
2. Who needs access to BI? Do you need to expand the access in the future?
3. Do you have to pay extra for every additional BI user?
4. How much training is required for the end users to become self-sufficient?
5. How rapidly can the users adopt the solution once built?

Ease of Integration With Other Applications: When assessing your BI options, it is important to ensure that the vendor you choose provides the means for enhancing and extending the solution. Proprietary tools will require a lot of money and highly specialized consultants to build product integrations.

Having extensible APIs and a plug-in architecture ensures that your BI solution can be easily integrated with other software products to meet both current and future needs. For instance, BI that is built to report and analyze CRM data can be embedded into that application to provide a seamless user experience. An open and standards-based plug-in architecture ensures that this integration is easily done.

Your Buying Checklist
1.Do you need to integrate your business intelligence with other business applications?
2.What APIs does your BI solution provide out of the box?

In Summary

SMBs have a wide variety of BI options to choose from. A closer look at the different BI solutions available in the marketplace shows the benefits and drawbacks of each.

The right model depends on your organization's needs, skill levels and decision-making processes.
Exercise: Research one type of BI option for your business and discuss why it would be best for your business!