How to protect customer privacy in managed CRM
in recent years, there have been a lot of customer information leakage incidents caused by information system security issues. Last month, the "Nissan customer information outflow" incident once again attracted people's attention, and information security has become an issue of increasing public concern. With the continuous warming of SAAS and ASP modes, the restriction of the security of system data and information on this mode has gradually emerged. How to ensure the information security of the managed system? It will become a problem that both system trusteers and users have to face. This paper introduces some practices of customer privacy protection in managed CRM in the United States, hoping to provide some reference for the managers and users who have good reputation and quality in the testing equipment
many companies have chosen hosted or on demand CRM (managed customer management) for their good service support, return on investment, and timeliness of updates. The whole system is managed by a managed CRM supplier, so the company no longer has to take care of the overall affairs, and the IT department no longer has to worry about it. At the same time, it can save a large amount of IT budget
although the CRM system is not built within the company, it does not mean that it personnel can stay out of the business and entrust all customer management responsibilities to the CRM custodian. Just as it is necessary for the company to manage managed applications such as storage, the customer information in the managed CRM system, especially customer privacy issues, should also be coordinated and managed with suppliers
managed CRM needs to give consideration to both security and customer privacy.
"in addition to security factors, another issue that must be first investigated when selecting a managed CRM supplier is to understand how the custodian handles customer privacy. The more detailed such investigation is, the better." Ms. Angela bandlow, vice president of marketing for CRM solutions of sap, said, "according to our rules, it is necessary to make everything as perfect as possible to meet the needs. It is necessary to ensure that such privacy rules are not violated."
if the custodian fails to do so, it will eventually bring disaster to the companies entrusted with data management, and make them feel embarrassed when facing the privacy problems of their customers
bandlow also believes that there are many topics that need to be negotiated and discussed. For example, in terms of geographical location, where should the data be stored? How is it accessed? Are old storage records transferred to any different storage media? After the storage medium is changed, how are the previous records handled Of course, it is also very important to understand the cooperative relationship between the custodian and other companies
"you must know who manages the host and who is responsible for the software operation." "Sometimes it's not in the same place, but through some kind of partnership," she said
bandlow also pointed out that companies must also know whether the data has physical data partitions or virtual partitions? Generally, the data stored on the logical partition can obtain higher security and adopt more effective security control strategies
bandlow finally reminded: "even though there are no problems with the partition management of the hosting provider, the risk of hackers still exists. After the partition, the provider still needs to ensure the security of the data."
managed CRM has legal risks
another hot topic about managed CRM is how to manage the information of customers in other countries. Bandlow especially emphasizes European countries. EU and US laws are different on how to manage customer data. What makes the situation more complicated is that the countries within the EU also have their own schools, adding to the EU law
bandlow specifically illustrates this. In the UK tax laws, there are clear provisions on customer data. For example, information that is not locally hosted in the UK cannot be stored in the database
this means that if a hosting provider has a hosting center in the UK, it is easier for the company to legally store data. However, if the trusteeship center needs to classify and dispose the garbage in Iowa at ordinary times, it wants to meet the requirements of customers and store the data records in Des Moines, the capital of Iowa, when the button on the screw is located in the key slot of the pendulum
"you must make sure that the custodian supplier understands the national laws and regulations," Ms. bandlow further explained. "Some national laws are very strict, and they are relentless in pursuing such issues as how to contact customers and how to use customer information. Therefore, if your customers are abroad, you must understand the local policies of the custodian."
develop their own privacy protection policies
grant emery Smith, senior director of CRM products at Oracle, pointed out that obviously the hosting provider has its own default privacy protection policies, and the company can also customize its own privacy policies. Oracle also cooperates with other CRM custodians, who jointly launch privacy standards that meet the needs. These rule-based privacy management, rather than relying solely on hosting providers to maintain customer privacy, can allow enterprises to flexibly implement their own policies
emeny Smith stressed that this kind of privacy management can also be applied to any application related to CRM system, as if it were like a "gold administrator", constantly improving the management of privacy issues through a series of application schemes. In other words, the management of Mr. Bert Bakker, chief executive officer of the privacy Alliance Group, can become a part of the CRM system
"our existing general rule engine for CRM product privacy management is based on the privacy laws of the United States. Using this general rule engine will help to build a practical and rule-based privacy management platform, but it will more or less favor the deep-rooted American characteristics." Further analysis by emeny Smith
different companies can have different rules. For example, European companies have European characteristics for privacy, and even different industries, such as medical or financial fields, have different rules
emeny Smith pointed out that to improve the performance of this platform, the first step is to master the privacy needs of customers. For example: if a customer is not willing to receive a call and prefers to communicate via e-mail, it is necessary to input these relevant information and store these data in a transaction processing system
privacy requirements vary from person to person and from place to place. A good hosting system must be able to meet such needs. In the words of grant emery Smith from Oracle, privacy means "although it is sometimes protected by law, it is more often just a matter of customer choice. The key is to adapt to the needs of different environments, and the hosting provider should pay attention to the differences of these needs. (end)