An Appealing Prospect

Fake Manchester United replica shirts were the target of a Trading Standards swoop on Oxford Street in the first week of the New Year. The football club had initiated a complaint about its intellectual property being ripped off which led to the seizures.

It could be argued that the club might just have been looking to divert consumer attention. MUFC has been found guilty in a case brought by the Office of Fair Trading of being in a cartel with shirt manufacturer Umbro and leading retailers to keep prices high. Anybody who bought the club’s shirts in 2000/01 from certain outlets can now get a refund and the club has had to p[ay a substantial fine.

Football shirts and prospect pool data may not seem to have a lot in common. Yet when it comes to protecting the value of an intellectual property, there is no difference. And it is as easy to find data users who feel ripped off over the price of data as it is to find football fans who think they pay too much for shirts.

At the heart of both issues is the way in which third parties build prospect pools. For data owners, there is a constant fear that their files are either given a falsely low position in the de-duplication hierarchy or that prospect pool operators imply do not pay the royalties which are due.

“Six weeks ago, one of our telemarketing team came in and asked about our costing on a complicated prospect pool job. A competitor had given a price which, if they were paying royalties as they should, would have given them a gross profit of just £80,” reports Jon Cano-Lopez, managing director of Ai Data Intelligence.

While acknowledging the possibility that the price was a loss leader, Cano-Lopez says this is a common complaint. Ask around and you will find a couple of suppliers regularly named as offering impossibly cheap prices. One of these suppliers is no longer able to licence data from two leading providers because it does not pay out the expected level of royalties.

“We have got to do something as an industry. That is why a company like ours would be happy to undergo an audit at short notice,” he says. Ai has one of the largest commercial prospect pools on the market, so it has to be perceived as an honest broker by data owners.

The consequences fro data owners, prospect pool builders and data users of non-compliance with intellectual property rules is higher prices – but only for those who play fair. BT has had to increase the rate for its OSIS file because it has not been getting the royalties it expected and which are appropriate to its cost base, for example.

“The people who do play the game end up having to charge more than the people who don’t, says Cano-Lopez. Surprisingly low prices quotes during a pitch can only mean one thing – royalties are not being paid. But proving a prospect pool operator has done something wrong is another matter entirely.

Data owners are wary about signing up to prospect pools, especially where the proposition is entirely new and doubly so if the data is derived from client-side activity. The Trading Floor faced a particular issue when trying to build its insurance enquirer pool.

“In the early days, there was definitely an issue about setting up the pool and its benefits – trust was the biggest hurdle,” says Zoe Vine, head of data services at the company. “We’re just coming to the end of our second financial year so we have a bit of a track record behind us now.”

To counter this, her company had a culture of openness and transparency about the way it operates and puts data together. A new data owner will be taken through a very detailed briefing about each stage of the process.

Vine says this serves two purposes – demonstrating transparency and conditioning expectations. “If somebody has a file of 30,000, only 17,000 may make it into the pool, because 10,000 may be internal dupes, 3,000 goneaways and deceaseds,” she points out.

When the royalty cheque arrives, it is important that the data owner does not feel let down. Prospect pool owners may also9 be able to provide tips on ways to improve data quality and value, for example by using online PAF verification at point of entry.

One of the biggest concerns for data owners is that a prospect pool may take a variable off their file without paying for it. Vine says: “We have data ownership rules which we fully share with our suppliers. We give them scenarios for everything that might happen.”

Each prospect pool involves sophisticated matching and merging rules. Recency ought to be the most heavily-weighted factor, but it is easy to believe that cost is given prominence.

Just how those rules are drawn up and applied is the intellectual property of the prospect pool operator, so they are very unlikely to give too much away bout how it is done. That leaves the sense of a black box approach in which explanations about individual decisions can not be given.

That should not preclude being able to provide proofs of how much data has been used and the revenue it has earned, however. “It doesn’t just come down to trust,” says Annette Holmes, managing director of Prospect Swetenhams.

“There is a way of establishing an audit trail because data owners are concerned about their revenue and people may think they’re getting ripped off, but they don’t know how to prove it,” he says.

Her company sits on both sides of the issue as a data owner, with sources such as Market Monitor, as well as a prospect pool operator with its Business Universe. That has driven an emphasis on correct business practices. “We’re trying to establish a process that should overcome those questions,” says Holmes.

That means detailed reporting of how variables have been picked. While critical to establishing trust and proving royalty levels, this approach does have other consequences – for example, if a data source that routinely sits second in the hierarchy becomes unavailable, the selection programmed needs to be over-written to look for the next available source.

“The reason we are doing this is data quality. We have long-term relationships with end clients. Our aim is to develop their return on investment over time as we refine the model. That only works if the data quality is right,” she says. Unless data owners are earning revenues that allow them to invest in data quality, everybody loses.

Tri-direct has adopted a similar approach. “The client has to report on exactly how they have ended up using the data and what they put into the pot to get to that,” says data director Barry Leeson-Earle.

His company requires a double verification from data users. The client must sign-off on a report about the volume and source of data used, while the mailing house must provide a certificate for the final mailed volume. “Clients have got be willing to sign that off and they take it very seriously because it could be used as evidence in court,” he says.

Getting data users to accept the principle of this process was not difficult, although implementing the process can present challenges. Keeping track of the incoming data sources, the hierarchy used and the way different variables are picked off each list is a more detailed requirement that has been place of them.

Nonetheless, it is critical if data owners are to continue to provide their data and invest in its quality. “They have to be happy in the way their data is being used, so we have put this process in place to ensure they can follow the trail. If they have a q2uestion, they can audit us and the end client,” says Leeson-Earle.

As individual suppliers start to adopt solutions to the question of trust and royalty payments, it should create the impetus for change across the industry. Getting agreement on a common standard is unlikely, but it could make open books and audit trails the standard. Something certainly needs to be done because the current fear and uncertainty is not productive or conducive to data quality. With all other aspects of direct marketing becoming more closely accountable and auditable, data will have to follow suit.

“Unscrupulous practices have been going on for years in various forms and largely as a result of the growing pressure to pay less for data,” says Lisa Neville, operations director at EDM Media UK. “We are in an environment where data processing and manipulation is becoming increasingly sophisticated, while at the same time response rates are down compared to what they used to be. The natural reaction is to do anything possible to reduce the cost per response.”

She adds: “The truth is that data owners know very little about what happens to their pooled data. And sadly it’s inevitable that working practices are subject to unscrupulous behaviour because of some obvious market factors. However, it’s something that can be and needs to be changed.”

Data owners have the ultimate sanction by withdrawing their datasets. They are often unwilling to do this because it reduces their revenue. When those revenues do not match up to expectations, it can trigger an alarm.

Unfair processing is against the Data Protection Act as it relates to data subjects. Increasingly data owners are demanding that they are shown the same respect, and prospect pool operators will have to respond.

(Precision Marketing - 25th Jan 2008)

Trading Floor Expansion Driven By Credit Crunch

Data trading company The Trading Floor, of Sowerby Bridge , is expanding – and it is all down to the credit crunch.

“As the markets have become more difficult, our strength is the fact we supply transactional data that is accurate.”

“And as companies squeeze marketing budgets they are looking to us for a product that delivers results,” said managing director Chris McDonald, who with financial director Harry Cummine, established the business two years ago.

The company, which collects data to sell principally to the financial and insurance industries, has offices at the Warehouse and Calder House and employs more than 30 people locally. In December it opened a southern office at St Albans, in response to an increasingly high level of inquiries from within the City.

“A lot of our major clients are southern based, although it is not critical we are anywhere,” said Mr McDonald.

Last year The Trading Floor was the inaugural winner of the Evening Courier New Business of the Year Awards with sales of more than £6 million. This year Mr McDonald said he was confident of achieving £8 million.

“We are looking for organic growth through some strong partnerships we have already established, but also keeping an eye on potential acquisitions,” he said. “We don’t go out and look for companies to acquire, our organic growth is sufficient to give us our target”, he said.

The southern office will be run by Peter Mayne as head of agencies and he will be joined by two others in the south of England while maintaining the stronghold in the north.

“The Trading Floor is an exciting young company that is making a big impact in the data industry,” he said.

(Halifax Evening Courier - 18th Jan 2008)

Yorkshire Business Insider - Chris McDonald

Chris McDonald, 41 - Managing Director, The Trading Floor and www.thecomparisons.com

After many years working for some of Yorkshire’s top law firms in a sales capacity, McDonald found himself working for a company that specialised in internet lending. He quickly realised that much of the data such companies collected was wasted. McDonald felt there had to be some use for this. “After all, much of the data industry is based on incorrect information,” he says. The result was the formation of Sowerby Bridge based The Trading Floor, a company which specialises in collating “wasted” data and selling it on. “We take the data for nothing, and if we successfully sell it on we share back half the proceeds with the original owner,” he say. The company has over 500 clients, including Barclays, Norwich Union and Asda.

Its success spurred McDonald on in 2007 to launch www.thecomparisons.com, a price comparison site that McDonald says sets itself out from the opposition by charging all companies who want to be featured the same flat fee. He’s already in discussions about customising the site for clients including football clubs and airlines. “It’s exactly how MBNA launched themselves in this country.” he says. “They were producing affinity cards for other people for years before they launched any of their own.”

(Yorkshire Business Insider - Jan 2008)

Time To Beef Up Security?

It couldn’t happen here. That was the common reaction across the direct marketing industry to the high profile data losses which so embarrassed the Government at the end of 2007. For a business which relies on personal data flowing between the key operational and execution points in the marketing chain, it seemed unthinkable that large databases could be allowed to go astray.

Which only goes to prove what short memories data practitioners really have. Last year started with the news that a marketer within Nationwide Building Society had taken home a laptop containing 11 million customer records. Following the theft of the computer, the bank was ultimately fine £1m by the Financial Services Authority.

Press those in the know and few would deny that the exposure of personal data in this way is by any means unusual. Data has to be moved around and it has to be worked on. Each of these stages opens up a vulnerability which at best can lead to human error and loss and at worst to exploitation by criminal elements.

Jon Cano-Lopez, managing director at Ai Data Intelligency, says honestly that, “we try to insist with clients that they treat data in a particular way, but sometimes it is not as secure as it should be. Some do just want to send data to us on a CD. We tell them not to”.

The reality is that a two-speed industry exists. Suppliers are moving fast to embrace the highest levels of security, but clients are often much slower to implement necessary measure. They routinely insist that their data services partners work to a higher standard than they themselves embrace.

“The gold standard is secure FTP. That is much better than physical media. And never, ever email.” Says Cano-Lopez, before adding that, “people do. I have seen instances of emails with Zipped files and password protection, but they send the password in the same email.”

Some clients sending data files by email think that using a separate message to provide the password is more secure. But if an intruder has gained access to an individual’s inbox, they will see both messages. Set against this is the tight security applied within database bureaux’ data centres. “Nobody can access any data at all unless they are working in our centre. Even I can’t access and upload files. The data keys are walled off and there is a secure firewall between me and the production sit,” he says.

The issue of access rights is one which is likely to cause a lot of argument across the data industry in the coming year. To keep personal data secure, it should only be available to a handful of individuals who need to carry out specific actions. That means marketers should not be able to download databases onto laptops, disks or portable hard drives for offsite access. That is contrary to the existing culture in which data flows freely and risks are not considered to be high.

Cano-Lopez argues that what is needed is a cash handling culture. “The Government’s problem is both good and bad for us. It is bad because the public becomes aware that we are sending their personal data around and consumers would have a heart attack if they knew. It is good for the industry that people are becoming aware of the issue.”

Solutions to the problem of sustaining data led marketing without exposing data controllers to risk do exist. If recent experiences do nothing else, they are likely to drive greater interest and adoption in new encryption and data management applications.

One of these is LogicBox, which was recently acquired by The Trading Floor. Its ListKnife solution was specifically developed to allow non-technical users to carry out counts and analyses on laptops without creating any risk of data losses.

“The application uses unique reference numbers, not actual names and addresses,” points out Stephen Church, head of business development at The Trading Floor and co-founder of Logicbox. “If you leave your laptop behind, the data remains secure.”

Moving onto systems like this is likely to become widespread on the client side as marketers catch up with what data services providers have been doing. “I’m used to it from working at Equifax where data security was critical. It would be a very naive client and an inconsiderate data services providers that did not bring the issues to attention,” he says.

Church acknowledges that physical media transfers are still a fact of life within the data industry. Disks are still routinely used to send databases to a supplier using courier services. These are assumed to be more secure than the regular mail, but they have just as much propensity for loss and theft, possibly more.

He doubts that it is likely that increased data security concerns will lead to the end of physical media. For databases containing multiple million records, secure FTP is not yet quick or reliable enough. Errors in the transfer could corrupt whole parcels of data and make processing significantly more complicated.

Critically, Church points out that the data industry is not usually dealing with bank account details and certainly never National Insurance numbers. That ought to be seen by consumers as a major reason for having greater trust in commercial data owners than they place in the public sector.

“You can’t say to HM Revenue & Customs that you will not provide them with the data they need or that you will stop dealing with them. But if I lose a client’s data, they would stop using us.” Says Church.

Many bureaux are aware of the vulnerable points in their business and also the limitations in the various methods of transferring data. Part of their proposition is the secure methods they can offer to ensure databases are moved without risk and without exposing either the consumers or the clients to potential loss.

“At Celerity, we always aim to go beyond government best-practice guidelines,” says managing director Jason Lark. “For example, data transfer to and from our clients happens over a multi protocol label switching network, in essence a UK-wide VPN that allows clients to connect directly to our network in a secure and controlled manner.”

The network offers three-tier encryption coding which gives extremely secure data transfers. However good the technology might be that is applied to data transfers, the major vulnerability remains the human factor.

Lark points out that, “finger print and iris recognition technologies are the way forward for data protection on the move. We currently use finger print recognition within our business and it’s an area we’re looking to develop”.

He notes that there is a reluctance among staff to accept iris recognition. This stems from fears about the potential long-term effects on the eye of being exposed to pure light sources. For those working most frequently with data, this could be a latent health problem.

What is not in doubt is the good faith that exists among database bureaux around data security. As Sue MacLure, head of marketing and business development at EHS Brann Discovery, says: “It is almost unbelievable our industry is having this conversation. Having dodgy data practices is like stealing money from grandma’s handbag – it’s unacceptable.”

She adds: “It is unlikely that the direct industry would commit bad data practice out of malice. Mistakes are probably made due to a deadly combination of time and cost pressures, naivety, and failure to take responsibility.”

Processes for keeping data secure take considerably longer than just copying a file onto a disk, zipping it and giving it password protection. Instead, the data has to be properly encrypted and the keys kept entirely separately from the file.

For secure FTP transfers, names and addresses are replaced with codes which are transmitted separately. All of that requires more attention and more time than marketers have been used to giving to their data.

“The industry’s offenders are probably seeing data handling as a process, rather than understanding what the data is, i.e, not just a list of records, but people, with characteristics, behaviours, spend patterns and history. Perhaps thinking of a dataset as a collection of personal diaries would give people the tendency to be a little more careful with how they dealt with it, “says MacLure.

Probably the greatest threat to the data industry is simply that of complacency. It is very easy when data management has become routine and risks seem remote to cut corners or fail to follow correct procedures. This is what is essentially happening every time a marketer loads a database onto a laptop.

What tends to increase security is any extra layer of regulation that might apply. In financial services, for example, there is much more awareness of the need to protect data and to ensure that all parties are compliant.

As Richard Webster, commercial director at DLG, notes: “For companies operating within the financial sector, there are APACS accreditations that can only be obtained with compliance to strict criteria and testing.”

But he adds: “For those operating in consumer data, there isn’t a benchmark at this moment in time. It is a case of businesses operating in accordance with codes of conduct and best practices – and within the Data Protection Act – a position which it is in our interests to evaluate.” That is a thought which many more in the industry are likely to share this year.

(Precision Marketing - 11th Jan 2008)