It is worth noting that this practice is not new. It has been around for decades. However, as technology has advanced, this tool has become even more economical, effective and versatile. For example, technology now allows even the smallest of businesses to capture, use, and segment data. These advances in technology provide a wide range of marketing opportunities that were not available when messaging on statements was limited to a few lines of black text on a printed document.

 Data is critical in our information age, so we will take a closer look at how advances in data technology can be used to create an effective statement marketing campaign. Databases are no longer no relegated to Fortune 500 companies. Almost every business has some type of electronic database populated with valuable customer data. This data can (and should) be used to create targeted, relevant messaging that speaks directly to the recipient of the message.  There is a local restaurant chain that I go to that presents a good example of data collection. They have a loyalty program that provides members with discounts after a certain amount is purchased. Every time I go there, I hand them my card with the check. They swipe the card and know how often I visit, which location I visit, what I order and how much I spend. They own a wealth of information about my dining habits.

 So how could they make use of that data? There are many ways, but because we are discussing statements, let us examine how the data collected by my local restaurant could be used on their loyalty club statements (by the way, this is a hypothetical, as this business does not send loyalty club statements – a big mistake in my opinion). So hypothetically, they could send me my loyalty club statement with information about specials on food similar to what I have ordered in the past (Buffalo Wings). They could send me my statement during a time that I have historically not eaten at their establishment. They could add a coupon for a higher margin item I do not typically order. All of these things have the potential to get me (and my money) into their restaurant at a time I usually do not eat there to buy food I usually do not buy. By using the information (data) I give them, they can tailor the messaging on my statement in such a way as to benefit both the business and me.

 If you think about it, there are many such opportunities for them to personalize their communications to me. I receive email updates from them frequently that could be personalized just like the statements.  They could create a referral program if I get my friends to sign up for the loyalty club. That would give them even more data to use in their customer communications.

 With data, which is now easier to capture and use, messaging can be personalized and specific behavior encouraged.  That is just one example of how statement marketing can impact a business’ bottom line. Can you think of any others? Please share your ideas in the comment section.

 If you are looking to take your business’ marketing to the next level, give us a call. Perhaps we can help make the process easier and start putting that additional revenue into your cash register even faster.

201 CMR 17.04, titled “Computer System Security Requirements,” mandates “every person that owns or licenses personal information about a resident of [Massachusetts]” and stores or transmits that data electronically, include in its comprehensive information security program the establishment and maintenance of a data security system that covers its computers, including wireless systems.  To the extent technically feasible, the comprehensive information security program must contain the following elements:

1.  Protocols for user authorization that include:

A.  Password protected access;

B.  A secure method, such as passwords or biometrics, to limit access to the protected data;

C.  Systems to protect the passwords and access maintained in such a way as to not compromise the security of the data;

D.  Limitations on the active users who have access to the protected data;

E.  A method to block access to any user who has multiple, unsuccessful login attempts.

2.  Secure access control measures that:

A.  Restrict access to protected data to only those persons who require access to perform their job functions;

B.  Assign unique user IDs and passwords, not generated by default within the particular computer system, and that are designed to maintain the integrity of the security of the protected data.

3.  Encryption of all data that is transmitted wirelessly or across public networks (like the internet).

4.  Methods of monitoring actual or attempted unauthorized use of or access to protected data.

5.  Encryption of all personal information stored on laptops or any other portable device (flash drives, discs, external hard drives, etc…).

6.  Firewall and operating system protection, designed to maintain the integrity of the system, for all systems holding protected data that are connected to the internet.  This should include regular firewall and operating system security patches.

7.  Reasonably up-to-date anti-virus and anti-malware software (what that nebulous statement means will end up before a judge, as what is reasonable to a particular business might not be reasonable to the government).  The security software must be updated regularly, including relevant security patches.

8.  Documented training programs for all employees who will access the computer system containing the protected data.  This training must emphasis the importance of protecting personal information.

Businesses must be complaint with the law examined in this series right now.  Section 5 of the regulation mandated compliance by March 1, 2010.  If your business is not complaint, it is critical that you create a comprehensive information security program.  If you need any assistance, please contact us.  We can help you develop your comprehensive information security program.  While resources, whether in-house or outsourced, must be dedicated to this effort, it necessary to protect your business from a data breach and limit your liability in the event a breach does occur.

Like insurance, we all hate spending the time and money to protect against an event we hope will never happen.  However, we all carry insurance.  We carry insurance because we know that in the event of an accident or disaster, the cost of being covered is far less than the cost of not being covered.

Please leave your thoughts and comments on this subject.  If you have any questions, please feel free to post them here or contact us directly for a no-cost, no-obligation initial consultation.  Our job is to help you make sure your business is protected and thriving and we welcome the opportunity to serve you.

DISCLAIMER:  The information presented here is general in nature, does not take your jurisdiction or actual circumstances into account and therefore may not apply to your circumstances or in your jurisdiction.  You should not rely on this general information as a substitute for legal advice from your attorney.  This is not an attorney-client communication.  You should seek individual advice from an attorney of your choosing if you require assistance in any legal or compliance matters.

How Secure is your data?

Let us review what we have covered thus far.  It has been a while since we discussed this topic (sorry for the extended period of silence and thank you to everyone who checked in during that time.  It was just a busy business schedule, but your concern is appreciated).  Thus far, we identified a general need for data security and the need for a comprehensive written privacy protection policy relative to personal information.  We then started to review the Massachusetts Regulations regarding data security.  In Section 1, we looked at the purpose and scope of the Regulations.  We then reviewed the definitions within the Regulations and how the Regulations could affect your business even if you have never set foot in Massachusetts. 

 This article will examine the obligations companies that own or license covered data must take to safeguard that data.  These details are found in Section 3 of the Standards For the Protection of Personal Information of Residents of the Commonwealth.  If you would like to see the entire set of Regulations, they are available for a free download at the White Space Resource Center. 

201 CMR 17.03, titled “Duty to Protect and Standards for Protecting Personal Information,” mandates “every person” that owns or licenses personal information about a resident of Massachusetts“ develop, implement and maintain” a written, comprehensive information security program.  This written data security program must be readily available and contain administrative, technical and physical safeguards that are appropriate for:

     (a)  the size, scope and type of business;

     (b)  the resources available to the business maintaining such data;

     (c)  the amount of data; and

     (d)  the need for security and confidentiality of both consumer and employee information.

 The comprehensive information security program must be consistent with all state and federal laws under which the entity possessing such information is covered.  This means that each state’s laws, in addition to Federal laws, regarding data security must be followed.  How all of these laws, and the interplay among them, will end up being interpreted by the Courts is still an unknown.  Please keep in mind that the laws of a state can apply to your business even if your company is not physically within that state.  The Massachusetts regulation covers any business (or individual) that “owns or licenses information about a resident of … Massachusetts.”  Theoretically, you could be looking at the need to comply with 51 sets of laws. 

Section 2 of this part of the Regulation provides a detailed framework for a compliant, written, comprehensive Information Security Program.  I will distill it here, and the entire regulation is available at the White Space Resource Center.  Notwithstanding, I suggest that you seek professional assistance in drafting your company’s data security program.  Regardless of who drafts your plan, it should contain the following:

      a.  Identification of one or more key employees who are primarily responsible for the data security plan.

     b.  Identify the “reasonably foreseeable” threats (internal and external) to the “security, confidentiality and/or integrity” of the data and take steps to limit such risks.  These steps can include, but are not limited to:

           1.  ongoing staff training;

           2.  employee compliance with the program; and

           3.  means for detecting and preventing data security system failures.

      c.  Develop security policies for employees relative to the storage, access and transportation of the personal information.  This would also include safeguards when selling, renting or transferring any such data. 

     d.  Impose disciplinary measures for violations of the company’s data security policy.

      e.  Develop measures to prevent departing employees, whether terminated or voluntarily departing, from accessing protected data. 

      f.  Oversee vendors with access to protected date by:

           1.  Choosing vendors that comply with these regulations and those of the Federal government.

           2.  Contractually require vendors to have their own compliant data protection and security programs in place.  (NOTE:  there is an exception to this mandate.  Contracts entered into prior to March 1, 2010 do not need to contain a data security provision.  This exception remains in force until March 1, 2012.)  (AUTHOR’S NOTE:  just to be on the safe side, I would suggest that even if you do have a contract that fits into this exception, that you make sure your vendor has adequate safeguards in place.  Again, while it might your vendor, but if they use your customer data improperly, you will be blamed by the customer, even if the government gives you a break – just my two cents – now back to the article already in progress…)

      g.  Place reasonable restrictions on access to protected data.  This can include limiting access to electronic data with passwords and inscription and locking physical records in a secure location.

      h.  Monitor the data security safeguards you have in place to ensure they are adequately protecting the personal information.  Upgrade the systems as required. 

      i.  Conduct reviews of the comprehensive data security program as business requires, but no less than annually to ensure that changes in the business have not compromised the security of the data.  

      j.  If a security breach does occur, you must immediately conduct a post-incident review.  In this review, make sure you properly document all corrective action taken, including employee discipline if warranted.  Also, document any changes to your comprehensive information security program that come about from lessons learned as a result of the incident.

 While this is a lot of information, most of what is mandated is just good business practice.  If you have questions or would like to comment on this post, please leave a comment.  I welcome the opportunity to help you with your data security compliance needs.  In the next part of this series, we will look more closely at electronic data security. 

 DISCLAIMER:  The information presented here is general in nature, does not take your jurisdiction or actual circumstances into account and therefore may not apply to your circumstances or in your jurisdiction.  You should not rely on this general information as a substitute for legal advice from your attorney.  This is not an attorney-client communication.  You should seek individual advice from an attorney of your choosing if you require assistance in any legal or compliance matters

Now we move on to Section 17.02, which pertains to definitions used in the regulations.  This is an important part of the regulation and any business with any data or personal information should familiarize themselves with these definitions.

Breach of Security: The regulation defines a breach of security as the unauthorized use or acquisition of data that could compromise the “security, confidentiality or integrity of personal information” that creates a substantial risk of identity theft or fraud against a resident of Massachusetts.  If the acquisition of the information is lawful and the information was acquired in good faith but not authorized, it is not a breach.  An example of this might be procuring a list from a licensed list broker who represents that the data is legal and the use authorized, but in reality, the use was not authorized.  In such a case, there is no breach.  This is a somewhat loose definition and I am predicting that this will be the subject of litigation and judicial interpretation.

Electronic:  This is a lot more straightforward.  Electronic data is data stored in an electronic medium.  That could be digital, magnetic, wireless, optical or the like.

Encrypted:  This definition pertains to transformation of data into a form that cannot be used without the corresponding encryption key.  Encrypting data, especially when transmitting it, is a good practice no matter where you are doing business.

Owns or Licenses:  This definition is wide reaching.  It pertains to any person (defined below) that receives, stores, maintains, processes or has access to personal information in connection with the provision of goods or services or in connection with employment.

Person:  A person is considered a natural person (like you or me) or a corporation, association, partnership or other legal entity (trust, LLC, etc…).  The exception here is that agencies and offices of the Commonwealth of Massachusetts appear to be immune from these regulations.

Personal Information:  This is the data that needs security and for which your written comprehensive data security policy should be aimed at protecting.  This data includes the first name or first initial and the last name of a Massachusetts resident with one or more of the following data associated with the name:

1. social security number;
2. driver’s license number or state issued ID number;
3. financial account number, including bank or credit card numbers.

Note that personal information that is public record, such as that contained in the Registry of Deeds, is not considered confidential personal information and that data is not subject to compliance so long as it is legally available to the general public.

Record or Records:  Here we have another wide reaching definition.  Records can take the form of any material on which the data in question is written, drawn spoken, imaged or otherwise recorded and preserved.  So if your CRM system is a series of index cards, or cocktail napkins for that matter, it is covered and you must provide data security to remain in compliance.

Service Provider:    A service provider is one who, through their provision of services to those covered under this law, receives, stores, maintains, possesses or has access to covered personal information.

So there we have a through review of Section 2 of the Standards For the Protection of Personal Information of Residents of the Commonwealth. Next, we will take a look at Section Three, which discusses the duty owed to protect the data and the standards for that protection.  So check back often or, even better, sign up for our RSS feed or email notifications.  That way, you know you will not miss a single bit of information that could lead to a violation of the law.

As always, if you have any questions, please feel free to contact us.  And if you have any comments of thoughts on this subject, or a subject you would like to know more about, please leave a comment.  Your input is always welcome.

You better have better data security than this!

We discussed in a previous article the growing concern among State and Federal lawmakers regarding protection of data.  More specifically, protection of consumer’s personal information.  This issue was escalated to the forefront of compliance practitioners and consultants with the implementation of a Massachusetts regulation (201 CMR 17.00), acknowledged to be the strictest rules on data security in the United States (so far).  The regulations and related laws are available for download in their entirety at no cost or obligation at the White Space Resource Center under “Privacy Laws and Regulations.”  As most businesses will have to address data security and protection of personal information, it is worth taking a closer look at the Massachusetts regulations.

The regulation, entitled Standards For the Protection of Personal Information of Residents of the Commonwealth, is divided into five sections.  This series of articles will analyze each of these sections.

Section 17.01 – Purpose and Scope

The regulation implements the provisions of the Massachusetts Consumer Protection Statute, Massachusetts General Law Chapter 93H.  The law applies to “persons who own or license personal information about a resident of the Commonwealth of Massachusetts.”  This means that no matter where your business might be located, if you own or use personal information about any resident of Massachusetts, you must comply with the law.  The law’s stated purpose is to provide a minimum standard for the protection personal data.  The law is intended to protect against the “unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.”

The most important take-away for this section is that any business that owns or licenses data related to a Massachusetts resident is required to comply with the regulation.

Answer:  They all use personal data in one way or another.

The subject of protecting the almost limitless amount of data about people that is out there in the world’s databases has become a concern to those occupying State Houses across the country and throughout the halls of Washington, DC.  Because we all deal with data on a daily basis, the topic of data security compliance requires particular attention in order to protect your customers, your business’s reputation and avoid hefty fines and penalties.

Recently, apparently brought about by the challenging (read: disastrous) roll-out of Google Buzz, outgoing Federal Trade Commission (FTC) Commissioner Pamela Jones Harbour criticized technology companies for their  ’[t]hrow it up against the wall and see if it sticks” approach to data security.  Of particular concern to Commissioner Harbour was a comment by Google Chief Executive Eric Schmidt, who during an interview with CNBC reportedly stated, “[I]f you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”  I can only imagine that upon learning of this comment by Mr. Schmidt, Google’s Chief Communications Officer fell out of their chair and wept openly.  While Ms. Harbour made it clear her comments were her own and not that of the FTC, the fact that it was the topic of discussion at such a high level demonstrates that the powers that be are concerned.

Technological leaps in the capability to capture consumer data, the capacity to store and analyze this data and the ease with which we can manipulate and transmit this data has resulted in a reduction of the level of privacy we can expect.  Consider the data that Amazon.com obtains on an individual with the sale of one book.  They know the buyer’s name, address, credit card information, and some buying behavior information, all with one transaction.  Now consider the information obtained when walking into your local bookstore, paying cash for the same book and walking out.  The “brick and mortar” seller makes the same sale, but gets no personal information.  Thus, many of these privacy issues are attributable to consumer’s online behavior.  Additionally, blogs, Tweets and other social media have eroded, for better or worse, the line between information that is private and that which is public.  In this context, Mr. Schmidt’s comment is valid.

Of immediate concern to those of us working with data is a regulation passed by the Commonwealth of Massachusetts.  This new regulation, (201 CMR 17.00, et. seq.) implemented through the State’s Consumer Protection Law (Massachusetts General Law, Chapter 93H) is generally acknowledged to be the strictest in the nation (at least so far).  Copies of the laws and regulations are available for download at the White Space Resource Center.  These new regulations, which went into effect on March 1, 2010, mandate that all businesses that collect, handle or own certain information on Massachusetts residents institute and make available for inspection, a comprehensive written information security program.

Before you think, “Heck, my business is in not in Massachusetts, I don’t care what they say in Beantown,” hold on a minute.  The law does not care where your business is.  If you possess personal information on any Massachusetts residents, you are legally required to comply with the data security law.  And that is not necessarily a bad thing.  The better we secure our data, the more trust our customers will have in us.  So this is an opportunity to help secure your data and build trust among your customers.

Now that we know that there is a growing concern among state and federal regulators regarding data security, and that we should have a comprehensive data security policy in place, we must take the next step and create a policy that is in compliance with the law.  As the Massachusetts law provides a clear road map for compliance, in the next post we will examine the regulation in greater detail.  Specifically, we will look at the regulation point by point and discuss creating a compliant comprehensive written information security program.

Should you require any assistance in this matter, please do not hesitate to contact me.  If you have any thoughts on this subject, please leave a comment.  The more we share, the smarter we all become.

     So where do we get the data we need to personalize our communications with our customers?   Well, there are a lot of places we can get data.  Some of it is great and helps us to better serve our customers, and other data leads to wasteful spending and spam.  The real question is how do we get GOOD data?  How do we get data that helps us understand our customers and their needs?

     In the previous part of this series, we discussed using data we already have.  We (should) have data about every customer.  Aside from name, address and email, we should also know about their buying habits.  What do they order? How often do they order?  Within what time frame do they need their order filled?  The basic customer data that is collected will differ with every business.  A national Donut franchise will have very different data than a local law firm.  How you compile and use that data will also differ. 

     For the purposes of this article, let’s assume we are starting at square one.  We are looking to acquire customers and data regarding potential customers.  How do we do it?  There is no single way, or even a best way, but there are ways.  Here is one suggestion.  For this scenario, let’s assume that you have no data and are starting a data capturing campaign.  (In future posts we will look at alternate approaches, but for now we are casting a wide net).

     STEP 1:  GET A LIST– First look at a set of very basic demographic data into which your customers, or potential customers, fit.  Of course, you did your market research and have this information available, right?  The target audience for almost every business will differ.  Characteristics like geography, age, gender and countless others will help you pinpoint the right audience, deliver the right message and obtain the best data  for your specific campaign.  Doing your research, and knowing who you plan to target is a key to success.  We will assume you have done your homework and know the data about the demographic you want to target.  With this information, you or your marking services provider can obtain a list of prospects that meets those needs.  There are many, many list brokers out there, and some are better than others.  Some due diligence here will serve you well.  Once you have purchased the list, you will use it to create and send your message, whether by printed material, email or if you want to be even more effective, a combination of both. 

     STEP 2:  CREATE A COMPELLING, PERSONALIZED MESSAGE – Now that you have your data in the form of  a thorough list of your target audience, you will want to personalize your offering to them.  Remember, every person in your audience is unique.  Treat them that way.  Whether you are using ink on paper, email or both to communicate with your audience, personalized message get read more often and are thus, more effective.   Use their name in your message.  Use variable graphics and variable data to personalize the message to each recipient.  Add a personal URL or a QR Code to bring people to their own page on your website.  Your goal here is to engage your potential customer.  Simply stated, personalization has been shown to improve your ROI. 

     STEP 3:  HAVE AN APPEALING CALL TO ACTION – Now that you targeted your audience and delivered to them a timely and relevant personalized message, you want to get them to do something.  Perhaps you would like them to supply an email address, register for a webinar or complete a survey, but you definitely want them to opt-in to future communications from you.  To achieve this you must grab your reader’s attention immediately and let them know the benefits of what you are offering.  Use strong headings like:  John, the information in this message can help your company wallop the competition.  Or:  Don’t miss your chance to be among the first to receive an industry-changing information.  While the call to action must be compelling, it must also be true or you will lose your credibility. 

     STEP 4:  CAPTURE AND USE THE DATA – Make it easy for the reader to provide the data.  And make it easy for you to maintain and use that data.  There is a lot of software that can automate this.  Many hosting companies will provide this service to you as part of your hosting package.  However, data security and privacy are important to keep your customer’s trust and to comply with an ever growing body of law (check back here next week for a post on that very subject). Still, after the effort to obtain the data, you want to use it to better know your customers and of course, use in subsequent campaigns.  Analyzing your data is another great way to use the information you captured.  Was your research correct?  Were your respondents who you thought they would be?  While the data you just obtained is a great start for ongoing marketing campaigns, it also can help you target even more customers interested in your products and services.  However, that is a subject for another post.

     None of this has to be rocket science, but it does require time and attention.  And the more complex the campaign, the more time and effort it will take to execute properly.  If you too are busy running a company or department, you can have the bulk of this work done by a marketing service provider.  They can help with everything from obtaining to analyzing your current customer data, procuring a targeted prospect list, crafting and designing your personalized messages and call to action and analyzing the new data for even more effective future campaigns.   

THE TAKE_AWAY:

STEP 1:  GET A CURRENT, TARGETED LIST

STEP 2:  CREATE A COMPELLING, PERSONALIZED MESSAGE

STEP 3:  HAVE AN APPEALING CALL TO ACTION

STEP 4:  CAPTURE, ANALYZE AND USE THE DATA    

     If you have any thoughts about this topic, please share them  Your input is alway welcome. Let’s share experiences.  All of us together are smarter than any one of us alone. 

Until Next Time, John

Let’s take a look at some different types of data that you probably already have and can use to enhance your communication efforts today. There are many ways to capture data, including buying lists that match your desired customer demographic (more on that in the next post).  However, buying a list is not always financially feasible, nor is it always necessary.  You could be sitting on a gold mine of data that you already own free and clear. Data you can use immediately to further your targeted, personalized communication campaigns.  In this article, we will look at two types of data you probably possess in one form or another right now.

TRANSACTIONAL DATA:  This is simply the data that you obtain as a result of doing business with a customer.  The data each business has will vary depending on the nature of the business.  Still, every business will have some kind of transactional data they can start using today.  It could be as simple as a list of names and addresses where you sent an invoice.  It could be a list of email address you have on record as a result of a series ebay transactions.  It could be a massive and highly complex, cross-referenced database like the one Amazon.com uses.  The point is that the regular, daily transactions of your business, you can find a wealth of information that will help you pinpoint your target audience and personalize your messaging to them.  Of course, the better the data, the more option you have with how to use that information.  By maintaining good transactional data, you will know who is buying from you, when they are buying, what they are buying and how they are buying (online, retail, etc…).  That is really valuable stuff.  You can use that information to identify new leads, drive new sales and improve customer loyalty, satisfaction and retention.  What if you have not had any transactions and thus have no transitional data?  Don’t worry, we have a solution for that too.  Moreover, it is simple and can be acted on immediately.

EXISTING PROSPECT DATA:  Unless you are a start-up (and perhaps even then), you probably have a sizable list of prospects – even if you never refer to it that way.  The form of this data could be anything from a detailed CRM database with information about when you met or acquired the prospect, how you met them, their business needs, purchasing time frame, etc…  Such systems can remind you where you meet the person (was it at a conference or did they sign up for your electronic newsletter?), what efforts have you made to market to them (are they receiving your email newsletter?) and what has the result of those efforts been?  Again, the more detail you have the better.  However, your prospect list could also be a stack of business cards that you have collected over the years.  It could be your Linkedin network or the membership roster of your local Chamber of Commerce.  Just remember that the more up-to-date your data, the more effective your communications will be.  Timely data allows you to create relevant messaging and the more relevant your messaging, the better your results.  Whatever your prospect data looks like, make use of it to find new leads, heat up cold leads and close more business.

THE TAKE-AWAY: Every organization, whether a one-person company or a business giant has some type of existing data they can use to help make their marketing and communication efforts more effective.  Marketing that is more effective means more goods sold or services rendered, and hopefully, an even better bottom line.  Remember, the better job you do maintaining your data, the more effective it will be in your communication efforts.

In the next article, the last in our three part series, we will look at what to with that data once you have it.

What data do you have that you can use today to make your communications even more effective?  Let’s share experiences.  All of us together are smarter than any one of us alone.

Until Next Time, John

Welcome to the first part in our three part series about data and its use in effective, personalized marketing.

I talk a lot (what did you expect, I’m a lawyer). But let me be more contextual: I talk a lot about marketing and communications strategy. There is a lot that goes into a comprehensive communication strategy and all of it important. Yet in reality, success in our marketing and communication efforts comes down to one item that is far more critical than any other. Data.

In our customer-centric, interactive universe, it is just a simple fact that in order to communicate with customers (or any other audience) effectively, you need good data. Data, and the information gleaned from thoroughly analyzing data are the Holy Grail of targeted marketing. It allows you to construct your message in such a way that it is more relevant to the recipient and thus, more likely to be read and acted upon. If your message is one of a hundred or so received by your target, it had better be relevant to them or it will simply not get a second look. And you need to know more than just name and address, regardless of whether the message is delivered by direct mail, email, TransPromo communications, Morse Code or smoke signals. The days of sending out mail to “Addressee” or “Current Resident” and expecting it to end up anywhere but the recycle bin are long gone. However, targeted communications full of rich, relevant graphics, timely information and personalized messaging will almost always get a second look. And that gets you more business.

THE TAKE-AWAY: You must know that your audience expects you to know them, and if you want to communicate with them, you had better get to know them. Personalization is an effective strategy for your business and your customers and prospects will appreciate the effort.

I hope that you are now at least convinced that you need data and you need to target your audience and personalize their experience. Communicating with your customers and prospects on a one-to-one basis will help build relationships, enhance your brand and make your messages stand out from the many others that are seen every day. But now we face another set of questions: where is all this data supposed to come from? In what form should the data be? How do I use my data to create relevant, personal messages for my target audience? And most importantly, what is the payback for this effort?

There are answers to all of these questions and the good news is that it does not have to be a costly or time-consuming process. However, you will have to wait for the next post where the subject of data acquisition will be discussed. In the meantime, please leave your comments about any data issues you have experienced or any personalized communications you found to be effective. Let’s share experiences. All of us together are smarter than any one of us alone.

Until Next Time, John

On March 15, 2010, the FED posted proposed modifications to the provisions of the CARD Act that will become effective in August 2010 and want your input.  Our blog has a brief and to the point summary, but if you love reading regulatory documents, we have the relevant section of Federal Register available for download as a PDF.  Happy reading.

Penalties would have to be “reasonable.”  We lawyers love the term reasonable.  It can mean just about anything depending on your point of view.  Charging a $29 late fee for a $15 payment that is a day late might seem completely reasonable to the likes of Bernie Madoff.  It would likely be seen as less reasonable to the person whose payment was delayed a day.  Under the new regulation, the punishment would have to fit the crime.  In other words, card issuers could not impose penalties that exceed the dollar amount of the infraction.  So in the example above, the fee could not exceed $15.00.

In addition, card issuers can only charge a customer one time for one violation (sounds pretty reasonable to me). So if you are late paying your bill, the company couldn’t keep charging you a late fee for that one incident.

Paying not to pay:  Some credit card companies were going to charge you for failing to use their cards.  Under the proposed regulation, card issuers could not charge you for inactivity.  So if you keep your card in your wallet, you can still keep your money there too. 

Increasing Rates:  Under the new legislation, card companies could not arbitrarily raise your interest rate.  The issuer would have to cite specific reasons for raising your interest rate.  Further, if your rate increased after January 1, 2010, the company would have to evaluate your account from time to time.  If the reason your rate was increased were no longer an issue the company would have to reduce the rate.

Stay tuned.  I am sure we have not heard the last of the proposed changes to the CARD Act.  After all, August is still five months away.  What has been your experience with the CARD Act to date?  Let us know by leaving a comment.