Facebook Reaps What It Sows

Facebook dropped 20% in one day as the ongoing news about their misuse of personal data began to hit their bottom line a few weeks ago.  Here is a guerilla protest campaign in London which encapsulates their issues:

The problem at Facebook is that they forgot that they were there for their members not their advertisers.  The idea was free content (news, fake news, and social), no editorial review, and monetization of the data exhaust from their platform.

When that happened, truth and privacy became irrelevant.  They can whitewash their actions and pretend that the problems are exogenous to their company, but hiring editors is only the beginning of excising the rot that rests at the center of Facebook’s business model.


Source: Instagram images from ProtestStencil

Rhetorik: What Does GDPR Mean for B2B Marketing? (Part III)

One of the concerns raised by GDPR is fear of draconian fines, but that should not be a concern in the UK, at least for those who act in good faith.  “I have no intention of changing our proportionate and pragmatic approach, said ICO Information Commissioner Liz Denham.  “Hefty fines will be reserved for those organisations that persistently, deliberately, or negligently flout the law.”

And while many have complained that GDPR is a major hindrance to traditional marketing, it redirects efforts towards better targeted accounts and prospects.  “B2B direct marketing is alive and well, and is explicitly envisaged in the GDPR legislation,” said Kevin Savage, Rhetorik’s Chief Revenue Officer.  “You can do B2B marketing, and you should because compliance requirements are really a blessing in disguise. Relying  on Legitimate Interest requires you to be more mindful and selective about the personal data you keep and use. This selectivity enables you to be more targeted in your messaging, to cut through the noise and engage prospects more effectively.”

Please find the underlying statutes for major European countries, courtesy of Rhetorik:

Country Legislation
Belgium The Code of Economic Law, and the Royal Decree of 4 April 2003 (advertising by email)
France Article L. 34-5 of the Code of Post and Telecommunication and  Article L.121-20-5 of the Consumption Code
Germany The German Act Against Unfair Practices 2004 (UWG) and the revised German Telecommunications Act
Ireland The European Communities (Electronic Communications Networks and Services) Regulations 2011 (the “2011 Regulations”)
Italy Protection of Personal Data Consolidation Act (Data Protection Code – Legislative Decree No. 196 of 30 June 2003) & Legislative Decree nr. 69/2012
Netherlands Telecommunicatiewet
Spain Law 34/2002 on information society services and electronic commerce (LSSI)
UK The Privacy and Electronic Communications (EC Directive) Regulations 2003

This is part III of a discussion of GDPR. Part I begins here.

Rhetorik: What Does GDPR Mean for B2B Marketing? (Part II)

Yesterday, I presented a discussion of Legitimate Interest as the basis of GDPR communications.  For B2B companies in the UK, the 2003 PECR (The Privacy and Electronic Communications Regulations of 2003) law is often applicable when assessing GDPR and Data Privacy:

GDPR and Data Privacy under UK PECR and Non-PECR scenarios (Source: Rhetorik)
GDPR and Data Privacy under UK PECR and Non-PECR scenarios (Source: Rhetorik)

The PECR discusses soft opt-ins for individuals, sole traders and some partnerships, but not B2B.  The ICO states that “the term ‘soft opt-in’ is sometimes used to describe the rule about existing customers. The idea is that if an individual bought something from you recently, gave you their details, and did not opt out of marketing messages, they are probably happy to receive marketing from you about similar products or services even if they haven’t specifically consented. However, you must have given them a clear chance to opt out – both when you first collected their details, and in every message you send.  The soft opt-in rule means you may be able to email or text your own customers, but it does not apply to prospective customers or new contacts.”

Legitimate Interest also applies to data licensing relationships and marketing partnerships.  If personal data interest is maintained for a specific purpose (e.g. Technology Sales), data licensing and sharing needs to be kept within the original scope.

Legitimate Interest and Consent also apply within a company.  Data maintained for one product line may not be usable for others, particularly if the firm spans multiple sectors.

The UK Direct Marketing Association published guidance on the subject of Legitimate Interest helping make sense of Article 6.1.f:

“Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

And Recital 47:

“The legitimate interests of a controller, including those of a controller to which the Personal Data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.”

Once the basis of holding personal data is met, companies have additional conditions to meet around transparency (notification and the right to object), data minimization (Is there a legitimate interest in collecting all of the fields? How long is data retained?), and reasonable expectation (limited impact to personal and private life; ensuring data accuracy).

For individuals who opt out, firms must retain suppression lists to prevent the re-collection of personal information.  The suppression list should be the minimal information required to ensure the individual is not added back into the marketing database at a later date.  With B2B, the list may simply be name and email.

The GDPR also sets out expectations which are relationship specific:

  • Suspects – legitimate interest, reasonable expectation, transparency
  • Prospects – reasonable expectation; consent
  • Clients – contract, legitimate interest, reasonable expectation, data minimization, transparency

Part III of Rhetorik’s presentation discusses GDPR myths and applicable laws across Europe.


GDPR Article 6.1
GDPR Article 6.1

Magic Johnson on Business @ Zoominfo Growth Acceleration Summit

I had the distinct pleasure of attending a keynote by Earvin “Magic” Johnson at Zoominfo’s Growth Acceleration Summit.  As the summit was held in Boston, there were numerous anecdotes about Celtic great Larry Bird and their rivalry, but the key business-related anecdote was  that you have to continuously improve.  Bird was a great competitor that forced Magic to up his game.  They were great rivals that made each other better and raised the quality of the game.

There were also a set of business insights as Johnson has taken his game discipline to business.  A few of his tips:

  • Find underserved markets and tailor your product to those markets — For Magic, the biggest underserved market was the inner cities.  He knew that there were few movie theaters in urban America even though the per capita theater spend of African Americans was high.  His first theater in LA had the 10th highest gross in the country.  He then convinced Starbucks that they should open coffee shops in marginalized inner city communities (and opened the first non-Starbucks owned shops).  Magic tailored the music and food to the community (e.g. sweet potato pie) and his stores had a higher gross than Starbucks owned locations.  The key to business success is “you have to know your customer.”
  • Out deliver — It’s not enough in today’s market to meet your customer’s expectations, you need to out deliver.  There is no lack of competition.  If you want customer retention, you need to out deliver.  If you want brand ambassadors, you must out deliver.  Magic Sodexho (food service) passed on its first Disney RFP and waited three years before bidding on the Disney Land contract.  His firm realized that due to the size of the park, many employees had little time to eat.  To support the contract, they developed kiosks and carts to bring food to the staff during their breaks.  This example of out delivering helped them win the larger Disney World contract when it came up a few later.
  • Culture is important — Magic emphasized the value of a winning culture whether helping bring back teamwork to basketball or encouraging principles such as everybody gets onboard, no hidden agendas, and do your job.  Furthermore, employees are better motivated if their company has a social mission such as bringing jobs and opportunities to Urban America.
  • Hire self starters and reward them — Look for young employees that come in early, leave late, and ask a lot of questions.  Then give them opportunities to grow with your company.  His COO began as a secretary and proved herself at each level.  He also emphasized the value of rewarding all employees and not falling into the trap of rewarding only the executives.  You can win the big contract, but if you only reward the execs for the victory, then you won’t have a team ready to out deliver.

Not many people have the pleasure of excelling in one field of battle.  Magic has had great success in both Basketball (Hall of Fame, 5 NBA Championships, 12 All Star Teams, NCAA championship, Olympic champion) and business.

Salesforce: There is a “crisis of trust” concerning data privacy and cybersecurity

A few weeks ago, I wrote about enterprise software vendors calling for an American version of GDPR with Microsoft announcing that it was building GDPR into its global product line as its standard privacy protocol.

On the Salesforce earnings call last week, CEO Marc Benioff observed that the software industry has been going through a “crisis of trust for the past six months” related to privacy and data ownership:

“From the European perspective the way they look at data is data belongs to you, it’s your data. Now for us at Salesforce, we understand that. We’ve had that position from the beginning. Our customers’ data belongs to them, it’s their data. I think in some cases, the companies that are start-ups and next generation technologies here in San Francisco, they think that data is theirs. I think the Europeans with GDPR have really flipped the coin, especially in advertising but in another areas saying hey, this data belongs to the consumer or to the customers, you guys have to pivot back to the consumer, you have to pivot back to the customer.”

Benioff once again called for a US privacy law similar to GDPR which provides “guardrails” around trust and safety. “This is going to help our industry,” said Benioff.  ”It’s going to provide the ability for the customers to interact with great next generation technologies in a safe way.”

Benioff also warned that when AI technologies are indistinguishable from humans, trust will also be an issue.

GDPR Perspectives from Microsoft, Salesforce, and SugarCRM

810px-Flag_of_EuropeIt is less than 36 hours until GDPR becomes the law of the land in the EU Zone.  As the regulation has extra-territorial privacy requirements, non EU companies, even those without a physical presence in the EU, are subject to its requirements with respect to communications with EU citizens and management of their data.

The US has a much weaker set of laws and there is concern that US firms are laggards with respect to compliance.  However, a number of US technology firms have called for adoption of a US GDPR.

On Monday, Microsoft once again reiterated its belief that “privacy is a fundamental human right” and announced that GDPR will be their privacy standard globally.

“As people live more of their lives online and depend more on technology to operate their businesses, engage with friends and family, pursue opportunities, and manage their health and finances, the protection of this right is becoming more important than ever.”

  • Julie Brill, Microsoft Corporate VP & Deputy General Counsel

Companies, therefore, have a “huge responsibility” to protect and safeguard personal data.

Since GDPR was enacted in 2016, Microsoft has dedicated 1,600 engineers towards compliance.  “GDPR compliance is deeply ingrained in the culture at Microsoft and embedded in the processes and practices that are at the heart of how we build and deliver products and services,” said Brill.

She noted, however, that GDPR is a “complex regulatory framework” subject to “ongoing interpretation” by regulators and feedback from customers.  As such, the firm will “determine the steps that we all will need to take to maintain compliance.”

As a provider of corporate infrastructure, Microsoft views GDPR as an opportunity to differentiate itself and assist its customers with compliance on the Microsoft Cloud.  “One of our most important goals is to help businesses become trusted stewards of their customers’ data,” said Brill.  “This is why we offer a robust set of tools and services for GDPR compliance that are backed up by contractual commitments.  For most companies, it will simply be more efficient and less expensive to host their data in the Microsoft Cloud where we can help them protect their customers’ data and maintain GDPR compliance.”

Additional details about Microsoft GDPR compliance can be found in their Trust Center.

Salesforce and SugarCRM have also taken a strong position on GDPR calling for similar legislation in the US.  “What we need is a national privacy law, and that will really not just protect the tech industry; it’s going to protect all the consumers,” said Salesforce CEO Marc Benioff.

This is not a new position for Salesforce.  Back in 2014, Benioff said, “I’m all in favor of consumers having more power and more control over their data. As a consumer, you should have all of the rights. It’s like a cloud Bill of Rights. As a consumer or as an enterprise, you should have the right to be forgotten or to add or take away your data.”

As part of its compliance, the firm named their Senior VP of Global Privacy and Product Legal Lindsey Finch as their new Data Protection Officer.  Finch has been with Salesforce for a decade with previous stints at GE (Privacy Counsel), the Federal Trade Commission, and Homeland Security.

“The official DPO designation is a natural outgrowth of our existing programme. My team and I will continue to partner across the company to foster a culture of privacy – designing, implementing, and ensuring compliance with our global privacy programme, including ensuring that privacy is considered throughout the product development lifecycle,” said Finch. “The top theme I’m hearing is that our customers are using the GDPR as an opportunity to focus on their privacy practices and putting their customers—oftentimes end-consumers—at the center of their businesses. The GDPR is a complex law, but putting the individuals to whom the personal data relates at the forefront, and focusing on their expectations and preferences, is a great starting point for compliance with the GDPR and other privacy laws.”

Finch described Salesforce’s approach to GDPR compliance:

“We started by kicking off a thorough review to ensure compliance across the company. The GDPR is an incredibly rich document—99 articles and 173 recitals across 88 pages! Our Privacy team broke this down into key principles and worked closely with our Technology & Products organization to review our compliance. We found that we were already in a really great place,

Since then, a lot of the work we’ve been doing has been to document how our customers can use our services to comply with some of the key GDPR principles, which we’ve published on our GDPR website. There is no finish line when it comes to GDPR compliance. While Salesforce currently offers the tools for our customers to comply with the GDPR, we will continue to release new innovations that help our customers achieve compliance success.”

Salesforce CMO Simon Mulcahy echoed Benioff and Finch at the Salesforce World Tour event in London last week.  Mulcahy stated that many companies simply view GDPR as a compliance issue and nuisance, not an opportunity to align company interests with customer desires.  “It is a compliance issue, but it’s also a phenomenal opportunity to give your customers what they want. What they want is to know that when they give you their data, you’re looking after it appropriately.”

“Benioff is right that we will need some regulation and I can’t see how we can set two standards–EU and US–so we’ll likely need to adopt what the EU has done or risk chaos.  This also fits well into the narrative of the information utility. GDPR is another driver sending us toward utility formation for the information industry.”

  • Dennis Pombriant, Principal Beagle Research

Larry Augustin, CEO of SugarCRM noted that firms have been lax in their privacy and cyber security processes saying that self-regulation has proven to be insufficient with “too many incidents.”

“Data privacy issues are not going to go away. People are thinking a lot here now about GDPR, because Facebook, Twitter, and all of these issues keep coming. And Experian in the US, about managing personal information related to credit card data… there’s just a constant barrage of issues around data privacy and personal information,” continued Augustin.  “Everyone has to address it, whether it’s in the context of GDPR or the next thing that’s going to come along. There is definitely a heightened awareness and interest.”

SugarCRM has built a data privacy manager into its CRM as a “command center” for the data privacy officer.

In my discussions with clients. they all admit to the regulations being a muddle that initially adds risk to their business models.  The penalties are draconian, but the compliance requirements are ambiguous, particularly for B2B firms.  As such, we are likely to be hearing about issues concerning GDPR compliance requirements over the next few years.

E-Mail Guessing Strategies Work Poorly

I’ve long suspected that email guessing strategies based upon corporate email templates are risky.  If the hit rate is low, you can quickly undermine your sender score and hurt your firm’s ability to communicate with customers and prospects.

Almost every sales rep does it as a quick workaround.  Hell, I’ve done it.  But, as a strategy for building marketing datasets, it is a dead end.  When sales reps do it, there is a high probability that their well drafted email will bounce.  When marketing does it, they will kill their email deliverability.

Two companies provide evidence to the failure of this strategy — DiscoverOrg and SalesLoft.

SalesLoft offered the Prospector service in 2014. It was a gerry-rigged Google search of LinkedIn that employed an email guessing strategy. The service was discontinued when CEO Kyle Porter decided to focus on Sales Engagement.
SalesLoft offered the Prospector service in 2014. It was a jerry-rigged Google search of LinkedIn that employed an email guessing strategy. The service was discontinued when CEO Kyle Porter decided to focus on Sales Engagement.

SalesLoft began as a LinkedIn scraping service that employed Google to build lists and then utilized email guessing to enrich the lists with dubious quality emails.  SalesLoft Prospector grew into a multi-million dollar business, but CEO Kyle Porter saw the business as unsustainable.   Instead, Porter used revenues from Prospector as a financial bridge for building out a sales engagement Cadence service which has grown rapidly.  Porter describes their service as “sincerity at scale.”

Yesterday, they announced the acquisition of partner SalesNinja which provides integrated meeting analytics for their sales engagement platform.   The tool transcribes and tags meetings for sales coaching, new hire training, and meeting note searching.  The goal is to improve sales efficiency and efficacy while identifying best practices.  Instead of dubious lists, the firm is looking to build quality conversations between sales and prospects.

SalesLoft’s mission is to “enable salespeople to sell with true intent and sincerity,” said Porter several years ago.  “The concept of getting a good prospect list and pounding it to death is old, trite and has become a terrible strategy and drag on our customer’s brands. We have never intended to participate in that process. SalesLoft Cadence is a different process, creates a different relationship, much different results and is executed by professionals with professional solutions.”

DiscoverOrg was never tempted by such strategies and employs a large editorial team to research and maintain executive profiles.  In a recent test of 2,700 editorially gathered emails that were also SMTP verified, DiscoverOrg found that basic template guessing was only 62.4% accurate.  When nickname substitution was employed, the rate only rose to 66%.  When they analyzed the incorrect guesses, they came up with multiple reasons for failure:

  • Large companies have multiple email formulas
  • Brands and subsidiaries create complications
  • Subdomains are becoming more popular in email addresses
  • Some companies use multiple email domains for different roles
  • Nicknames are very common
  • Middle initials and middle names
  • Duplicate names
  • Foreign names
  • Secretive email formulas

“A lot of data providers offer ‘confidence levels’ or likelihoods that a specific email is good,” blogged DiscoverOrg SVP of Data and Research Derek Smith.  “They’re just peddling their own guesses. Anybody can pass along their best guess at an email. Real sales intelligence gives you accurate, actionable data that won’t result in a bounce of your carefully crafted prospecting message.”

In the end, prospecting shortcuts are problematic.  The best sales and marketing professionals employ accurate data and insights for their messaging.  Furthermore, in the era of GDPR (three days from now), you can’t have explicit consent to communicate with an EU citizen when you are guessing at how to contact her.


DiscoverOrg Study