Salesforce: There is a “crisis of trust” concerning data privacy and cybersecurity

A few weeks ago, I wrote about enterprise software vendors calling for an American version of GDPR with Microsoft announcing that it was building GDPR into its global product line as its standard privacy protocol.

On the Salesforce earnings call last week, CEO Marc Benioff observed that the software industry has been going through a “crisis of trust for the past six months” related to privacy and data ownership:

“From the European perspective the way they look at data is data belongs to you, it’s your data. Now for us at Salesforce, we understand that. We’ve had that position from the beginning. Our customers’ data belongs to them, it’s their data. I think in some cases, the companies that are start-ups and next generation technologies here in San Francisco, they think that data is theirs. I think the Europeans with GDPR have really flipped the coin, especially in advertising but in another areas saying hey, this data belongs to the consumer or to the customers, you guys have to pivot back to the consumer, you have to pivot back to the customer.”

Benioff once again called for a US privacy law similar to GDPR which provides “guardrails” around trust and safety. “This is going to help our industry,” said Benioff.  ”It’s going to provide the ability for the customers to interact with great next generation technologies in a safe way.”

Benioff also warned that when AI technologies are indistinguishable from humans, trust will also be an issue.

LinkedIn Sales Navigator Q2 Release

LinkedIn Sales Navigator will be rolling out its Q2 release in the coming weeks. New features include a redesigned Leads page, a mobile new Accounts page, additional SNAP partners, and improved message actions in the Inbox.

LinkedIn also announced that its Sales Solutions are fully GDPR compliant with the following changes being implemented later this year: 

  • Notification of data collection to all LinkedIn members using Sales Navigator at onboarding: We’ll continue to provide notifications of how data is used in our Sales Solutions products before user onboarding for mobile and desktop access to Sales Solutions products, and will add the ability for users to track confirmation of these policies in their LinkedIn account.
  • Export of Sales Navigator data: Exports of user data will be available for entire contracts or on a by-seat basis.
  • Deletion of Sales Navigator data: Deletion of user data will be available for entire contracts or on a by-seat basis.
  •  Requests from individuals and contract administrators: Users and contract administrators will be able to request export or deletion of their user data via a clearly documented request process.

 LinkedIn did caveat its GDPR support noting that “LinkedIn cannot control the specific messages sent by a customer, which ultimately determine the customer’s compliance with relevant laws throughout the world. As such, we advise our customers to seek the advice of their own counsel regarding their specific uses of promotional messaging within LinkedIn.” 

LinkedIn collects marketing consent as part of the terms and conditions during account creation and reconfirms it at the email verification stage.  Users can also opt out of marketing materials and messages in their privacy settings. 

“It’s always been challenging for salespeople to access all the important information about their prospects in one place,” says Doug Camplejohn, VP of product management at LinkedIn Sales Solutions. “We’re constantly looking for ways to improve Sales Navigator, so we’re pleased to release our redesigned lead page, which will save salespeople valuable time and help them better understand their prospects.” 

The Detailed Lead Summary section includes contact intelligence pulled from the CRM..
The Detailed Lead Summary section includes contact intelligence pulled from the CRM..

The redesigned Leads page provides a Show All button for displaying contact information from LinkedIn, CRM contact records, or details entered by the user or her colleagues.  The Lead page summary also includes user tags, a CRM badge that provides a direct link to the CRM contact record, and a contact overview.

While the platform remains view only, sales reps can share contact specific details across the Sales Navigator service with colleagues.  “You can see additional emails, phone numbers, website URLs, social handles and office addresses pulled from both their LinkedIn profile and your CRM in one place. And if you add, say, a social handle for a person in Sales Navigator, that information is shared with other team members on the same Sales Navigator contract,” said LinkedIn.

A Highlights section calls out common attributes such as Groups, shared companies, schools in common, and connections.  Also displayed is the “best path” connection to the individual.  The best path could be via TeamLink or personal and professional connections.  Highlights also includes a synopsis of recent LinkedIn activity such as posts, likes, and comments.

Highlights cover commonalities, best introduction path, and recent lead activity.
Highlights cover commonalities, best introduction path, and recent lead activity.

A Recommended Leads section provides a custom set of additional names at the company based upon search preferences, new contacts at the firm, people with shared connections, and people who have recently viewed the user’s profile.  

The Locate Similar Leads section identifies leads at other firms that are similar to the current lead. 

The iOS and Android mobile apps support a redesigned Company Summary along with new Saved Leads, Recommended Leads, and Best Path Into modules.  News and Updates are also available.

“Our redesigned Mobile Account Page highlights key account details and unique LinkedIn insights about a lead, such as company news like financial milestones or key announcements, basic company info, or recommended prospects,” said Camplejohn.  “Ultimately, this will give salespeople access to the information they need, when they need it, wherever they are, so they can act quickly and be more productive.”

If the user hovers over a message in the Sales Navigator Inbox, she will be presented with Archive / Unarchive and Mark Read / Unread toggles. 

“By highlighting important information about a prospect such as their job title, contact information, common groups or interests, and CRM activity, salespeople can find natural icebreakers to start a conversation so they can personalize their messages, grow their pipelines, and, ultimately, close more deals,” said Camplejohn.

Sales Navigator users can flag the level of detail passed to Leads when the user views a profile.  The lead will see either see the full set of viewer details including name, headline, and location; title and company; or no details (anonymous).

New SNAP partners include Clari (Business Intelligence),  SAP Hybris and Pegasystems (CRM), Oracle Eloqua (Marketing Automation), and Groove (Sales Acceleration).

Beginning last quarter, Sales Navigator adoped a more formalized quarterly release process.  The Q2 release will be available to Sales Admins on May 21st with the enhancements being rolled out to users in the subsequent weeks.

GDPR Perspectives from Microsoft, Salesforce, and SugarCRM

810px-Flag_of_EuropeIt is less than 36 hours until GDPR becomes the law of the land in the EU Zone.  As the regulation has extra-territorial privacy requirements, non EU companies, even those without a physical presence in the EU, are subject to its requirements with respect to communications with EU citizens and management of their data.

The US has a much weaker set of laws and there is concern that US firms are laggards with respect to compliance.  However, a number of US technology firms have called for adoption of a US GDPR.

On Monday, Microsoft once again reiterated its belief that “privacy is a fundamental human right” and announced that GDPR will be their privacy standard globally.

“As people live more of their lives online and depend more on technology to operate their businesses, engage with friends and family, pursue opportunities, and manage their health and finances, the protection of this right is becoming more important than ever.”

  • Julie Brill, Microsoft Corporate VP & Deputy General Counsel

Companies, therefore, have a “huge responsibility” to protect and safeguard personal data.

Since GDPR was enacted in 2016, Microsoft has dedicated 1,600 engineers towards compliance.  “GDPR compliance is deeply ingrained in the culture at Microsoft and embedded in the processes and practices that are at the heart of how we build and deliver products and services,” said Brill.

She noted, however, that GDPR is a “complex regulatory framework” subject to “ongoing interpretation” by regulators and feedback from customers.  As such, the firm will “determine the steps that we all will need to take to maintain compliance.”

As a provider of corporate infrastructure, Microsoft views GDPR as an opportunity to differentiate itself and assist its customers with compliance on the Microsoft Cloud.  “One of our most important goals is to help businesses become trusted stewards of their customers’ data,” said Brill.  “This is why we offer a robust set of tools and services for GDPR compliance that are backed up by contractual commitments.  For most companies, it will simply be more efficient and less expensive to host their data in the Microsoft Cloud where we can help them protect their customers’ data and maintain GDPR compliance.”

Additional details about Microsoft GDPR compliance can be found in their Trust Center.

Salesforce and SugarCRM have also taken a strong position on GDPR calling for similar legislation in the US.  “What we need is a national privacy law, and that will really not just protect the tech industry; it’s going to protect all the consumers,” said Salesforce CEO Marc Benioff.

This is not a new position for Salesforce.  Back in 2014, Benioff said, “I’m all in favor of consumers having more power and more control over their data. As a consumer, you should have all of the rights. It’s like a cloud Bill of Rights. As a consumer or as an enterprise, you should have the right to be forgotten or to add or take away your data.”

As part of its compliance, the firm named their Senior VP of Global Privacy and Product Legal Lindsey Finch as their new Data Protection Officer.  Finch has been with Salesforce for a decade with previous stints at GE (Privacy Counsel), the Federal Trade Commission, and Homeland Security.

“The official DPO designation is a natural outgrowth of our existing programme. My team and I will continue to partner across the company to foster a culture of privacy – designing, implementing, and ensuring compliance with our global privacy programme, including ensuring that privacy is considered throughout the product development lifecycle,” said Finch. “The top theme I’m hearing is that our customers are using the GDPR as an opportunity to focus on their privacy practices and putting their customers—oftentimes end-consumers—at the center of their businesses. The GDPR is a complex law, but putting the individuals to whom the personal data relates at the forefront, and focusing on their expectations and preferences, is a great starting point for compliance with the GDPR and other privacy laws.”

Finch described Salesforce’s approach to GDPR compliance:

“We started by kicking off a thorough review to ensure compliance across the company. The GDPR is an incredibly rich document—99 articles and 173 recitals across 88 pages! Our Privacy team broke this down into key principles and worked closely with our Technology & Products organization to review our compliance. We found that we were already in a really great place,

Since then, a lot of the work we’ve been doing has been to document how our customers can use our services to comply with some of the key GDPR principles, which we’ve published on our GDPR website. There is no finish line when it comes to GDPR compliance. While Salesforce currently offers the tools for our customers to comply with the GDPR, we will continue to release new innovations that help our customers achieve compliance success.”

Salesforce CMO Simon Mulcahy echoed Benioff and Finch at the Salesforce World Tour event in London last week.  Mulcahy stated that many companies simply view GDPR as a compliance issue and nuisance, not an opportunity to align company interests with customer desires.  “It is a compliance issue, but it’s also a phenomenal opportunity to give your customers what they want. What they want is to know that when they give you their data, you’re looking after it appropriately.”

“Benioff is right that we will need some regulation and I can’t see how we can set two standards–EU and US–so we’ll likely need to adopt what the EU has done or risk chaos.  This also fits well into the narrative of the information utility. GDPR is another driver sending us toward utility formation for the information industry.”

  • Dennis Pombriant, Principal Beagle Research

Larry Augustin, CEO of SugarCRM noted that firms have been lax in their privacy and cyber security processes saying that self-regulation has proven to be insufficient with “too many incidents.”

“Data privacy issues are not going to go away. People are thinking a lot here now about GDPR, because Facebook, Twitter, and all of these issues keep coming. And Experian in the US, about managing personal information related to credit card data… there’s just a constant barrage of issues around data privacy and personal information,” continued Augustin.  “Everyone has to address it, whether it’s in the context of GDPR or the next thing that’s going to come along. There is definitely a heightened awareness and interest.”

SugarCRM has built a data privacy manager into its CRM as a “command center” for the data privacy officer.

In my discussions with clients. they all admit to the regulations being a muddle that initially adds risk to their business models.  The penalties are draconian, but the compliance requirements are ambiguous, particularly for B2B firms.  As such, we are likely to be hearing about issues concerning GDPR compliance requirements over the next few years.

E-Mail Guessing Strategies Work Poorly

I’ve long suspected that email guessing strategies based upon corporate email templates are risky.  If the hit rate is low, you can quickly undermine your sender score and hurt your firm’s ability to communicate with customers and prospects.

Almost every sales rep does it as a quick workaround.  Hell, I’ve done it.  But, as a strategy for building marketing datasets, it is a dead end.  When sales reps do it, there is a high probability that their well drafted email will bounce.  When marketing does it, they will kill their email deliverability.

Two companies provide evidence to the failure of this strategy — DiscoverOrg and SalesLoft.

SalesLoft offered the Prospector service in 2014. It was a gerry-rigged Google search of LinkedIn that employed an email guessing strategy. The service was discontinued when CEO Kyle Porter decided to focus on Sales Engagement.
SalesLoft offered the Prospector service in 2014. It was a jerry-rigged Google search of LinkedIn that employed an email guessing strategy. The service was discontinued when CEO Kyle Porter decided to focus on Sales Engagement.

SalesLoft began as a LinkedIn scraping service that employed Google to build lists and then utilized email guessing to enrich the lists with dubious quality emails.  SalesLoft Prospector grew into a multi-million dollar business, but CEO Kyle Porter saw the business as unsustainable.   Instead, Porter used revenues from Prospector as a financial bridge for building out a sales engagement Cadence service which has grown rapidly.  Porter describes their service as “sincerity at scale.”

Yesterday, they announced the acquisition of partner SalesNinja which provides integrated meeting analytics for their sales engagement platform.   The tool transcribes and tags meetings for sales coaching, new hire training, and meeting note searching.  The goal is to improve sales efficiency and efficacy while identifying best practices.  Instead of dubious lists, the firm is looking to build quality conversations between sales and prospects.

SalesLoft’s mission is to “enable salespeople to sell with true intent and sincerity,” said Porter several years ago.  “The concept of getting a good prospect list and pounding it to death is old, trite and has become a terrible strategy and drag on our customer’s brands. We have never intended to participate in that process. SalesLoft Cadence is a different process, creates a different relationship, much different results and is executed by professionals with professional solutions.”

DiscoverOrg was never tempted by such strategies and employs a large editorial team to research and maintain executive profiles.  In a recent test of 2,700 editorially gathered emails that were also SMTP verified, DiscoverOrg found that basic template guessing was only 62.4% accurate.  When nickname substitution was employed, the rate only rose to 66%.  When they analyzed the incorrect guesses, they came up with multiple reasons for failure:

  • Large companies have multiple email formulas
  • Brands and subsidiaries create complications
  • Subdomains are becoming more popular in email addresses
  • Some companies use multiple email domains for different roles
  • Nicknames are very common
  • Middle initials and middle names
  • Duplicate names
  • Foreign names
  • Secretive email formulas

“A lot of data providers offer ‘confidence levels’ or likelihoods that a specific email is good,” blogged DiscoverOrg SVP of Data and Research Derek Smith.  “They’re just peddling their own guesses. Anybody can pass along their best guess at an email. Real sales intelligence gives you accurate, actionable data that won’t result in a bounce of your carefully crafted prospecting message.”

In the end, prospecting shortcuts are problematic.  The best sales and marketing professionals employ accurate data and insights for their messaging.  Furthermore, in the era of GDPR (three days from now), you can’t have explicit consent to communicate with an EU citizen when you are guessing at how to contact her.


DiscoverOrg Study

 

 

Satya Nadella and “Trust in Technology”

Microsoft CEO Satya Nadella digressed from standard earnings call topics two weeks ago to discuss the importance of ethics, privacy, and cybersecurity.  While he did not provide a specific reason for the digression, the Facebook hearings and impending GDPR implementation were likely motivators.

Nadella noted that the intelligent cloud and intelligent edge are “tremendous opportunities” for Microsoft customers, but that it is critical that both Microsoft and its customers “ensure trust in technology” across three dimensions: privacy, cybersecurity, and ethics. Nadella argued that “privacy is a fundamental human right” and that the firm has implemented an “end-to-end privacy architecture” which is GDPR compliant.

“For customers, we will provide robust tools backed by our contractual commitments to help them comply with GDPR,” said Nadella. “In fact, for most customers it will be more effective and less costly to host their data in Microsoft’s GDPR-compliant cloud than to develop and maintain GDPR compliance tools themselves.”

With respect to cybersecurity, the company spearheaded a coalition of 34 global tech and security companies for the Cybersecurity Tech Accord, “an important first step by the industry to help create a safer and more secure online environment for everyone.”

Nadella also announced the establishment of an AI and Ethics in Engineering and Research Committee at Microsoft “to ensure we always advance AI in an ethical and responsible way to benefit our customers and the broader society. This includes new investments in technology to detect and address bias in AI systems. Microsoft stands for trust, and this will continue to be a differentiating focus for us moving forward.”

Up until recently, information technology and social media have been viewed as social goods with few drawbacks, but now that we are all tied into the social communications fabric, we are beginning to worry about the dark side of such connectivity whether it be job losses through automation, the stripping away of privacy, the vulnerability of our networks to hacks, or the undermining of objective truth and democratic systems.

One step towards addressing these problems is the GDPR Chief Privacy Officer requirement with its focus on privacy and cybersecurity.  At most companies, this role is likely to be one of compliance, not ethics or broader social questions.  At a few, however, this role may grow beyond mere compliance and begin to address the broader social and economic issues posed by information technology.

 

Rhetorik Extends its UK/Irish NetFinder Service

Job Function Searching in Rhetorik NetFinder
Job Function Searching in Rhetorik NetFinder

UK Technology Sales Intelligence vendor Rhetorik released an enhanced version of its UK and Irish NetFinder service. The revised edition covers over 40,000 corporate and public-sector sites. The service doubled its technology buyers to 215,000 and increased its technology coverage five-fold including enhanced install data on cloud, enterprise and vertical industry applications, system software and middleware applications.

The Rhetorik database tags over 10,000 products from 6,000 vendors and maintains over 150 technology categories. Data coverage spans 164 biographic, firmographic, and technographic variables including email, phone, revenue, employees, line of business, and site-level technographics. All contacts are GDPR compliant and 92% contain emails.

“Rhetorik has adapted its policies and procedures to upgrade DPA regulatory standards to meet GDPR requirements,” said the firm. “While monitoring closely progress on the e-Privacy legislation, Rhetorik follows best-practice processes as set by PECR – Privacy and Electronic Communication Regulation. We have implemented clear and easy to follow procedures for individuals to be informed and manage their own Business Card Data. We keep access to all B2B information secure and protected.”

Data is gathered through a combination of automated means and editorial research.

Over the past year, Rhetorik has partnered with the European Market Intelligence Group (EMIG) and CNCData to provide European and AsiaPac coverage. The EMIG coverage spans 14 countries, 180,000 companies, and one million contacts. The CNCData partnership delivers over two million contacts and 1.2 million companies across 23 AsiaPac countries.

Rhetorik, which has provided technology intelligence for over two decades, underwent a management buy-out last summer. At the time, CEO Meredith Amdur, set a goal of expanding their “data gathering and analytics capabilities to create new products for technology sales and marketing professionals worldwide.”

GDPR Sales Tips

I came across some excellent tips from Johnty Mongan, Managing Director of The Mongan Group concerning the new European sales environment post-GDPR.  Selling in Europe will be trickier in May as reps need to obtain opt-in approval

Mongan provided the following advice:

GDPR is about protecting our interests from unlawful behaviour. GDPR removes the unwanted cold calls, email campaigns and any other processing that we haven’t agreed to. A transparent and fair existence for all. I really like it, it fits with my karmic views of the world.

It won’t how ever stop marketing activities through publicly available information, like a company email or a company number…

It’s time to go old school… here’s what you can do to reach new customers in a lawful and GDPR way:

  • Get consent from current customers to continue marketing to them. Do it in an engaging way. That’s a must.
  • Provide explicit consent of your intentions to all new prospects when luring them in with shiny content. For example, download this form so I can phone you. That’s a must.
  • Go to the events your customers go to, get over yourself and introduce yourself.  That’s a must.
  • Hold your own events.
  • Get more business cards…. they are not as useless as you may think.
  • Offer referral schemes to current customers. You should do that anyway.
  • Market your services within ethical channels. Where you customers go, you go

My list goes on, but it all centres around building clear authentic relationships. This is a good thing because most “sales” are won on the back of authenticity and trust. I see leading the charge with GDPR compliant sales processes a fantastic way to demonstrate your intentions.

So basically, what’s old is new again.  While marketing needs to be particularly attuned to GDPR, sales reps also need obtain permission.

Full Post

Openprise GDPR Compliance

Openprise provides fine-grained data filters and permission roles
Openprise provides fine-grained data filters and permission roles

Data automation vendor Openprise announced support for the EU General Data Protection Regulation (GDPR) which goes into effect on May 25th.  The new Openprise Data Orchestration Platform capabilities provide “visibility, control, and access management inside and outside of a company, without the added complexity of traditional compliance solutions.”

The GDPR specific functionality “controls the flow of EU data out of your company” via “fine-grained data filters and permission roles,” and flags leads and contacts which are subject to the GDPR even if the records lack country flags.  The firm performs checks based upon emails, IP addresses, phone numbers, and non-standardized country fields.  Both standard and custom fields in sales and marketing automation platforms are GDPR validated.  Openprise maintains an audit trail and logs records which have been processed by partners.

The firm noted a Catch-22 in GDPR regulations.  Enriching records that lack country designators may require enrichment from non-compliant datasets, violating the law.  By utilizing data from within the record (e.g. domain, phone numbers), Openprise avoids violating the law in order to support the law.

“The vast majority of US-based companies are woefully unprepared for GDPR, and this new set of regulations has teeth.  We’ve heard from our customers that they want a central control point to help maintain compliance with GDPR.  Openprise’s position in the MarTech stack as the conductor that manages the movement and processing of data across systems puts it in a unique position to serve as this control point.”

  • Openprise CEO Ed King

The GDPR is broadly written to cover data held by non-EU companies, even those without operations or sales staff within the EU.  Penalties can be quite high, reaching up to 4% of revenue or €20 million, whichever is greater.

“What’s so critical about GDPR is that it affects companies everywhere in the world, whether they have a presence in the EU or not, and unlike many other regulations, this one has teeth,” says Allen Pogorzelski, vice president of marketing at Openprise. “If you’ve got EU citizen data in your databases, you’re subject to GDPR regulations. U.S. companies that ignore these regulations do so at their own peril.”

This summer, Openprise launched a Data Marketplace to assist with ingesting and normalizing third-party B2B and B2C data.  Amongst the platforms supported are Salesforce, Marketo, Eloqua, and Pardot.  The Data Marketplace, part of the Openprise Data Orchestration platform, includes built-in rules to ensure data are properly onboarded.  B2B Partners include Zoominfo, InsideView, Orb Intelligence, Synthio, Salesgenie, and Dun & Bradstreet.

Are you ready for EU GDPR Compliance?

On May 25, 2018 the EU General Data Protection Regulation (GDPR) goes into effect, creating data privacy and security concerns for firms both inside and outside of the EU.  The GDPR covers both companies that provide goods and services to EU residents and those that are part of the value chain.  The regulation covers all individuals domiciled within the EU, regardless of where the company is headquartered.

According to Forrester, the regulation has five key requirements:

  • If a firm has “regular, systemic collection or storage of sensitive data,” they need to hire or designate a Data Protection Officer (DPO).  The function may be filled by individuals with legal, privacy, security, marketing, or customer experience.  The International Association of Privacy Professionals (IAPP) estimates that the regulation will require 30,000 privacy officers.  The DPO will need to work with security leaders with respect to identity and access management (IAM) and encryption.  They will also be involved in purchasing decisions around CRM, analytics, and other platforms.
  • Should a data breach occur, firms have a-72 hour window for reporting breach details to the authorities and customers.  The window begins as soon as the breach is detected.
  • Privacy must be built into any new projects with a “Privacy-by-design” philosophy.  Forrester stated that “sustained collaboration between teams will be critical, so firms will have to establish new processes to encourage, enforce, and oversee it.” For example, privacy officers will need to review business requirements and development plans related to new apps.
  • Extraterritoriality places requirements on firms outside of the EU, making it a global requirement.  Forrester notes that “a US-based data aggregator that collects and resells EU customers’ data to other business partners will need to comply fully with GDPR requirements, rather than simply meeting international data transfer rules.”
  • Firms will be responsible not only for securing data but providing evidence that they have implemented appropriate risk mitigation.  Thus, a firm can be held in violation even if they have not had customer complaints or data breaches.

US companies are still obligated to comply with the 2016 Privacy Shield agreement between the US and EU.  Forrester also warned UK firms to comply with the GDPR as lowering British privacy standards would only serve to complicate UK-EU data transfer rules post Brexit.

Forrester suggested that firms take a cost-benefit analysis to data instead of simply storing everything:

“Firms will learn to better assess the costs and benefits of records they process, store, and protect. They will progressively focus on collecting, buying, processing, storing, and protecting only the data that offers them the most value and will kill the rest.”

Forrester also suggested that privacy should be part of a firm’s DNA and some firms will integrate privacy into brand perception and the customer experience, providing a basis for competitive advantage.

Osterman Research conducted a survey of mid to large companies subject to the law to identify technology expenditure increases for GDPR compliance.

GDPR compliance expenditure increases (January 2017)
GDPR compliance expenditure increases (January 2017)

GDPR non-compliance costs are potentially very high with penalties up to the greater of €20 million or 4% of total worldwide annual turnover of the preceding financial year.