expōnere

“To maintain confidence, to maintain trust we need to secure independence by focussing on a proper dependence” – Lessig

Are NDAs a sign of trust or mistrust? My thoughts.

Over at 100Open there is an interesting post on the use of Non-Disclosure Agreements (NDAs) and whether they are a tool of trust or mistrust.  I won’t regurgitate the post here but essentially it is posing that being asked to sign an NDA may actually be a sign of trust.  My initial thoughts are that if one views trust as a single state thing (trusted or mistrusted) then sure maybe life would be better if we all viewed NDAs as a sign of being trusted, but…

Trust isn’t singular, it’s more a scale with context.

I may trust someone wholly with my bank card and details, whilst someone else just the card itself.

Contracts in all their guises (and I’d love to be proven otherwise) assume a default position of mistrust, otherwise why put it in a contract?  NDA’s may stick a stake in the ground at the point on the scale where you have become trusted enough but I still find it hard to view them as little more than;

i) validation that one was mistrusted, and

ii) that whilst trusted enough to view/hear/learn something it is only under the proviso that there is legal recourse.

In an ideal world things would be so much simpler if we assumed a default position of trusting others. I think it was Anthony Seldon that once said “to be trustworthy one must first be trusted.”

Of course we don’t live in an ideal world (

What Will Happen to East Kent?

Two days ago Pfizer announced the closure of their enormous R&D plant in Sandwich, Kent.  Some 2,400 people will lose their jobs and despite plans being discussed for area rejuvenation by the UK Business Secretary, Vince Cable, personally I can see this as nothing less than devastating for the area.  For anyone that knows the area the plant dominates what is a pretty depressed area.  It is enormous, landscaped and all very corporate.  All around is run down, derelict and rather past it’s best.

In fact much of the Eastern coast of Kent is, from an industry point of view, rather lacking.  Sure Saga have their offices just outside Folkestone but that’s about it as far as really big employers go, and whilst there are some very chic spots (Sandgate, Broadstairs and such) an awful lot of the once vibrant tourist industry has wilted.

One only has to spend a few hours on a weekend milling around any of the more fashionable seafronts to see that there are plenty of affluent families in the area, but I can’t help but think a lot of the apparent wealth must lay with those employed by Pfizer.  What will happen to those people when the plant closes?  I don’t know of any other major pharmaceutical research opportunities in the area.  Where will all those highly skilled, highly paid people go?  I can’t see them hanging around.

And of course that has a huge knock on the the local economy.  With no yummy-mummies in their X5s and Volvos (just go have a look) a number of the often packed coffee shops, boutiques, beauticians and such which have sprung up will surely find themselves bereft of custom.  Whilst this may not seem like an intolerable loss, history shows that without that disposable income everything and everyone suffers.  Things like house prices and investment stagnates.  Both vertical and horizontal industry falls apart.  The wider service industry goes into decline.  You get the picture…. it isn’t pretty.

Which would be a real shame.  East Kent was once a jewel in the UK’s tourist industry and after massive decline has seen something of a resurgence over recent years.  Recessions and “economic climates” aside the whole of East Kent, not just Sandwich, needs help and a lot of it.

On the upside I did get sent a job advert this morning so maybe there are opportunities, saying that I would probably give this one a wide berth.

So Mozy Expire My Account AND Debit My Bank

Day 2 with no backups and oh dear.  Today strangely as I expected Mozy confirmed that something is very wrong with the change over to the new billing by still hitting me up for my unlimited subscription whilst leaving it in an "expired" state.

Mozy Changes the Rules AND Still Gets it Wrong

As I’m sure many of you know, first thing this morning Mozy, the popular and rather natty online backup service, changed their paid offering. Significantly.

UPDATE: I actually clicked through on the “renew” link and it appears that Mozy have decided that whilst the new plans come into effect in March they are trying to force me down the route of “upgrading” now for immediate effect.  Not happy.  Unfortunately, and I’m pretty sure they know this, the cost of moving online backup suppliers is high and can take several days so for myself and many others it means signing up to their new terms whilst hunting for alternatives.

Is there value to be added to location data?

Last night I was involved in a brief Twitter conversation with the inimitable Tony Fish, author of “My Digital Footprint” about mobile operators adding value to location data.  Personally I don’t see any (intrinsic) value in location data, that horse bolted years back (totally disrupting Alcatel et al’s monopoly at the switch level for location data).  The value in location data come from what you do with the data.  Anyway…

Tony’s thinking raised the question over placing delay on location data as a privacy guard.  His blog post on the subject is over here.  I have taken the liberty of posting my response here and on his blog.

Hey Tony

I can totally see where you are coming from but a couple of points if I may;

The notion of applying a “false” location to things is of course technically feasible but to be caught deliberately falsifying one’s location would probably do one’s reputation more harm than any good it might achieve.  Far better to merely omit the location data in the first place than try to put people of the scent as it were.

I don’t want the operator to take control of my location.  Firstly if one lives in a low signal area or indeed a highly built up and populated (read cell overloaded) area then the operator’s true understanding of one’s location is actually pretty coarse.  Sure they could get all clever and pull timing data from each cell and trilaterate back at a central point BUT as you have already stated the API is silly expensive – it’s already been disrupted by the handset itself.

Secondly, and you’ve eluded to the privacy enhancing nature of such a service, even with a user-pays service provided by an operator I would have little faith that my location data would not be aggregated and mined for their own purposes.  Far better to leave the collection, aggregation and control with the user methinks.

So how would I approach this? Well…

Certainly the handset is the right place to gather the location information. Assisted GPS (aGPS) utilising any number of beacons from cell towers to wi-fi nodes to locate the phone is easily the most reliable method of getting an accurate location.  It’s what you do with it next that counts.

If one looks at the Fire Eagle service from Yahoo! (one of the first true identity information brokerage services IMO)  it allows one to post and update an accurate location from any number of applications.  Then the user is able to decide to which location gobbling services that location is shared and more importantly to which degree of accuracy is exposed.  In fact Google Latitude does this fine:coarse sharing but to a far lesser degree.

From a single metre accurate location update to Fire Eagle it would be possible to see one location service getting your locale (as opposed to location) being at a City level when another service gets it down to the street.

That then brings me on to the notion of time-shifting or delayed location.  It would be entirely possible to build a service that sits as a layer on top of Fire Eagle (with permissions for fine grained access probably) and allows one to add delay (or even decay) to the outgoing location sharing.

However to me it would seem a feature so valuable (not in monetary terms but in usability) that it would be far better baked straight in to Fire Eagle.

I’m certain this conversation has been had before however it seems to have sunk back into the murky waters of location based services as they all vie for superiority and control of the user’s data.  To that end I tip my hat and thank you for bringing it up again.

A need for multiple social graphs?

A couple of weeks back Chris Dixon, co-founder of Hunch.com, wrote a widely regarded piece on social graphs; moreover the need for multiple social graphs for differing contexts.

I’d marked the article for comment but just haven’t had time (and still don’t) to really do a response justice so here are a few preliminary thoughts.

Graphs have been around an awfully long time, like hundreds of years but their use in computer science really was a child of the 80s & 90s.  Their current framing is in the social context, a map of all the relationships one has within a social network for example.

However as Chris points out this is limiting.

The thing is ALL my “social” relationships across all contexts, sites, online and offline are my social graph.  So my Twitter followers/following may indeed represent the portion of my social graph that is interests however that context spreads across any number of other properties.

And this is where I think Chris’ thinking butts heads with my own – but only slightly..

Chris talks about “the rising importance of other types of graphs” and gives examples of graphs for Taste, Financial Trust, Endorsement, Local(e).

To me these are all the same graph.  It’s just they represent differing (social) relationship types.  If each were to be represented on separate graphs then the power of graphs in general would be lost – at least without serious jumps forward in semantic technology that is.

What do I mean?  Well, take me for example;

My relationships to my family take on many types (father, husband, son, brother) but they also occur in other contexts such as “financially who do I trust” or “who am I local to.”

To break these into separate graphs would mask the true picture of me.  It would be an administrative nightmare for me to maintain relationships this complex across all and every property in a way meaningful to others.

Far better in my head is an overarching graph that contains all my relationships (this does not mean centralisation of everything as distributed graphs are fine) marked up appropriately with context.

That’s all I have time to write now but this does need more thought.

Hell – The Right Approach to a Data Breach

There are any number of approaches to data breaches in business today.  Whilst regulation is ever trying to get to the point where notification of breach is mandatory there are still plenty of businesses out there who will go to all sorts of lengths to sweep things under the carpet rather than own up.

Not so Hell – a truly rocking pizza company in New Zealand.  Certainly no stranger to controversy – some of their marketing campaigns have been widely criticised, Hell seems to be taking the bull-by-the-horns and going all out to keep people happy.

Today I received an email from them…

Dear Valued Hell Customer,

We have been approached by a party claiming to be in possession of
customer details from the previous Hell website which is no longer in
operation.  The samples that we received included details of four customers
from 2006, including phone numbers and email addresses and order
information. We can confirm that credit card data was not at risk as this
is held independently on a secure banking website.

Whilst we are still investigating the matter, we can confirm that the
information was obtained without our knowledge and we have approached the
New Zealand Police with a view to lodging a formal complaint.  Hell
recognises the importance of protecting customer information and additional
security measures were implemented earlier this year when our new website
was rolled out (again, we reiterate that this is not an issue affecting the
new website). As a further security measure your may wish to consider
changing your passwords on other sites if they were the same as the old
Hell Pizza website.

We apologise for the incident and any inconvenience that this may have
caused.

Sincerely,
Stu McMullin – Director Hell Pizza

We acknowledge that some of you have asked to be removed from the database
and we have only included you for the purposes of this notification.

No mucking about, no bull just a straight forward there might be a problem, we know, the police know so go do this just to be safe.

This IS the right approach to notification in my opinion.

I’m not totally up to date on NZ privacy law (a couple of years out of date), so it could well be that by now notification is mandatory.  Even if it is, props to Hell for getting it out there.

FYI: Hell pizza really is very very good.  Think PIzza Express with attitude.  Even better you can get them in the Hell Pizza UK – well London with branches in Fulham, Shepherds Bush and Clapham.

Trust in Imagery – Have BP Been Caught Out Faking Things Again?

Pretty well EVERYONE by now has seen the poorly faked up Reponse HQ photo from BP.  It’s even done mainstream news and there’s been an apology from BP.  Seemed dumb, especially as all they were actually doing was filing in two or three blank screens.

Well, today another photo has emerged that also looks decidedly odd (the original is here).

All looks fairly innocuous but there are a few bits out of place.

1. The control tower top left?  It would be over 200 feet tall to be up there surely?

2. The footwell light bottom right is a totally different colour to the surrounding sea.

3. A close look at the status screens shows doors and ramps as being open – at this height, really? (unfortunately I don’t know enough about the instruments to delve further).

4. That’s a very odd blur below ship in left hand windscreen – not at all like a smear on the screen.

BUT the best thing is the guy on the left has his fingers crossed.  Was it trepidation at the pending take-off (come on we all know this was pre-flight) or is he a BP exec just hoping people won’t notice?

Now of course there may well be plenty of image experts out there who will be able to prove this is an original and un-doctored image, BP may even come out fighting but honestly given their recent muppetry just how much do you trust the image above?

“Putting a Price on Data” or “Do Marketing People Get It?”

Here is my rapidly put together (and therefore apologies for it not necessarily being totally thought through) response to Ian Hitt’s post over on Reputation Online about “Putting a Price on Data.”

Many marketing professionals think that client data is something they own, have a right to or an ability to sell. Most data professionals will know they’re wrong.  Good data is indeed a corporate “asset” and if utilised appropriately have a high monetary value but…

The thing about client data is that most people in the marketing profession just don’t really understand “data” – sure they can get all righteous about lifeblood, insight and segmentation but actually data itself is not that simple; data is not a database.

Let’s break it “client data” down and see if we can’t get some clarity.

“Client” who’s client?

cli·ent  n.

1. The party for which professional services are rendered, as by an attorney.

2. A customer or patron: clients of the hotel.

3. A person using the services of a social services agency.

4. One that depends on the protection of another.

So from a marketing database perspective there are two clients; the first being the paying customer of the agency (ala point 1) and arguably the data subject, the end user about which data is collected (ala point 4).

It doesn’t take a rocket scientist (or a data professional) to work out that actually when marketing companies talk about a “client database” what they are actually referring to is the later; a database of stuff about any number of individual people, often collected overtime under various pretences and situations.

In this context the client (albeit often unwittingly) is an individual for whom they rely upon the protection of data about them by the database “owner” – or data controller.

“Data” who’s data?

da·ta  pl.n. (used with a sing. or pl. verb)

1. Factual information, especially information organised for analysis or used to reason or make decisions.

2. Computer Science Numerical or other information represented in a form suitable for processing by computer.

3. Values derived from scientific experiments.

4. Plural of datum.

The key part here is point 1; data is factual information organised for analysis or decision making and is surely the cornerstone of marketing?

And so to my thoughts on Ian’s post.

A business does not “optimise the value of its database” it seeks to gain value from the quality of the analysis of the data held within that database.

Looking at a couple of Ian’s individual points;

“Volume is important but data quality is paramount. Every record has a value and the whole list needs to be viewed as part of the corporate asset.”

Quality of data is indeed paramount but the very traditional process of acquiring, storing and analysing personal data undertaken by the marketing industry is counter-productive to achieving high levels of data quality.   Why?  As an example think of some of the simplest personal data held by marketing databases; contact information.  My email address, telephone number, even my physical address are not concrete – they change in time.  It doesn’t matter how rigid one’s checking for a valid postcode or email address may be when gathering personal data is, if the data you are gathering naturally decays then you’ve failed.

Several marketing insight groups are starting to see the light here.  Why pay to acquire and store stuff that is by its very nature junk.  Far better to ask for the information as and when needed, never to store it (for anything more than easing end-user experience) and to just accept that 100% cleansed data is a myth – it can’t be done.

As for being a “corporate asset” well not really.  Firstly as with the example above, it is patently a liability to pay cold hard cash to gather, store, analyse upon and market to data that is incorrect.  Secondly a corporate doesn’t “own” the data per se.  I won’t get in to the philosophical arguments over whether data is in fact even “ownable” here but the asset lies not in the data but rather the relationship with the data subject and their willingness to maintain that relationship.

“Customer relevance is key, and marketers need to understand consumers in order to appropriately segment them and track their behaviour over time, so that they receive market information which is relevant to them.”

There is, in my opinion, value in trying to understand consumers over time – especially where the level of financial risk (normally through long product lead-times) is high.  However this is becoming harder and harder to do.  Aside from regulatory restriction the simple fact is that consumers are spreading their attention more thinly across an ever increasing number of online and offline properties.  To capture a picture of that consumer through any single database is likely to become less and less accurate.

Loyalty schemes are a good example of this failing.  Not your local coffee shop and their paper based card but the big ones, the Nectar cards of the industry.  To the consumer they offer a perception of value exchange based on their loyalty to certain brands, in reality they are price discriminators trying to force consumer choice into any single outlet within a vertical market – that’s why you only ever get a single supermarket, garage chain or clothing outlet per scheme.

But the reality of life is that average consumers don’t just use a single supermarket.  Take me for example.  I use our local Co-Op on a day to day basis, but they don’t sell a particular brand of cereal that #1 son likes, so we do a weekly shop in Waitrose or Sainsbury.  Of course if we are over the river in Thurrock we might pop in to the Tesco superstore or if at Bluewater we might hit up the local ASDA.  We are kind of loyal to Co-Op but situation matters.

So our share-of-wallet spending in Sainsbury (on the Nectar scheme) is not actually representative of our food spend.

And the same goes for any insight gathering activity.

The “simple” answer actually lies in flipping the model to where the consumer requests stuff from the marketing agency.  It’s a wonderful utopian idea, but one which I’m sufficiently pragmatic to accept is unlikely – at least anytime soon.

For me the mid-term solution lays in a third party providing aggregation for consumer behaviour at the bequest and under the control of the data subject, the consumer themselves.

This intermediary, a broker, would offer a service where the consumer can easily record, augment and share their data with businesses they want to.

This doesn’t mean the end of marketing insight – but it would spell the end of marketing databases.  The playing field would be levelled with marketing agencies competing on their ability to analyse the data to which they are given privileged access rather than who can build the biggest database.

“Emails and resulting data should be collected as a matter of course. There are numerous opportunities to collect emails from customers and it’s surprising how many companies don’t prioritise this activity. Emails should always be as personal as possible. It doesn’t take much effort to have one-to-one communications with thousands, or even millions of customers.”

The enlightened have long since realised that email based marketing really isn’t the way forward.  Sure if you send out a million emails for £1 and get a handful of responses it seems like great R.O.I – but honestly I don’t want to get into this, you all know there are better, smarter, more elegant solutions out there.

“Ensure compliancy.  It sounds obvious but ensuring your email collection policy is compliant with data law is even more important when you remember that the ICO has the power to fine you up to £500,000.”

For anyone that knows me, or even hears me speak on this issue, I apologise you already know what’s coming.

Why is it that whilst many CEOs “think that client data arrives on its own, costs nothing to source and has little or no value” that many Marketing Professional’s think that data compliance is;

• only worthy of a fourth place mention in a list of deriving value from data,
• a purely legal issue,
• and in the event of failure only going to cost £500,000?

Compliancy is at a minimum two part.  Sure remaining within the legal framework set out by the ICO matters – A LOT.  But don’t forget that actually any business holding personal data in the EU is also beholden to the higher and more punitive powers of the EU.

The second part to compliancy is the real sting though, and the one which is often (as here) forgotten.  Breaching data protection legislation may result in fines or restriction BUT it will most assuredly have a greater effect on a business’ reputation.

Consumer trust in businesses holding personal data is already under great scrutiny, breaching that trust could very well cost an awful lot more than £500,000.  Just ask Phorm.