Security software

How to Mine Customer Data the Right Way

You have to run a business, and that requires understanding what interests your customers. But you also want to do the right thing and protect your customers' privacy.

Data mining
How do you walk that line when trying to mine information from the Web? Some data-mining shortcuts, such as scraping data off of social networking sites, are obvious options. But taking such measures can get you kicked off a site for violating its terms of service, or at the very least it will incur the wrath of your customers.

Here are some simple, nonintrusive methods to track your loyal customers, build your contact lists, and otherwise analyze data to learn about potential opportunities online.

Generate Your Own Lists

You have several ways to generate your own customer lists. One is to write a white paper, post it on your site, and then legitimately collect contact information from anyone who wishes to download the white paper for free. As long as you ask for the minimum of personal information (name, e-mail address, contact phone number), most people will oblige. You could use the same technique to sign people up for a monthly newsletter. MailChimp is a free service that allows you to send up to 12,000 e-mail messages to 2000 recipients each month. Or, you can post a survey on your Website that collects respondents' contact details, using a service such as SurveyMonkey.

Another way to generate a contact list is to use social networks within their terms of service. You can legitimately set up a fan page on Facebook and use that page to promote your company. Using names, you can search for contacts and request that they join the Facebook fan page. By sending out friend requests, you allow the recipient the option of following the site or not.

LinkedIn makes the process even easier by allowing you to create niche groups. Forming a targeted group around your company's interests can also generate leads; both this tactic and creating a Twitter account for your business require a steady stream of new content, if not daily then weekly.

Capture Traffic

Salesforce CRM
If your company has a Website, you can monitor who visits it using various services. Sites such as Pardot capture site visitors, integrating those results into Salesforce CRM. Another service, Etrigue, also integrates with Salesforce.com, as well as with Salesforce's AppExchange or Microsoft Dynamics CRM.

This is a passive opportunity; the contacts simply come to you. And it doesn't require someone to enter the data into your preferred customer relationship management (CRM) tool.

Buy a List

You don't have to do the data collection yourself. You can buy and customize lists to suit your specific needs--for example, to target healthcare professionals earning more than $100,000.

Dun & Bradstreet's Hoovers is perhaps the best-known source, with over 85 million individuals in its database; also using the Dun & Bradstreet data is Zapdata. Yet another source of CRM prospects is InfoUSA, a member of Infogroup.

However, such lists are not without fault, even when purchased at a premium. You can expect to find some "bounces" even on the best of these services as people change jobs (or at least change their e-mail addresses). Perhaps up to 10 percent of the entries may be "bad," so plan accordingly.

Don't Scrape

As mentioned above, the terms of service for most social networks prohibit commercial use of the information contained in their sites. It might seem easy to obtain e-mail addresses from members of a particular social network, but this action violates the terms of service for most networks. Basically, you can use your fan page and solicit contacts by asking them to be your friend or to join your network, but you can't copy someone's information without their permission.

Social networks
What about copying the contacts from a rival or former company? That is also disallowed, although the legal precedents are still being worked out in the courts. In some cases courts have found that a company's contact list on their social network site is public, while other courts have found that that is not the case.

Also, not every social network is the same. Facebook grants members only noncommercial rights, but LinkedIn is designed for professionals to use in building up contacts, so usage of its information for commercial use may be all right.

Use a Targeted Approach

So, on which social networks should you build a page and collect friends and contacts? If you already have a mailing-list program, you can use it to find out which social media services your clients use. The program SocialPro employs MailChimp-generated mailing lists to crawl social media sites and return raw numbers of contacts using Facebook, Twitter, and LinkedIn, among others.

From such results, you can learn which media your clients prefer so that you can better target your marketing campaigns. You can then design video and even applications that best appeal to your audience.

Beware of Unintended Risks From Applications

Last fall Facebook disclosed that developers may have leaked personal information about its users; applications such as FarmVille and Texas Hold'em alledgedly sent Facebook ID numbers to at least 25 advertising and data firms. A class-action lawsuit regarding such third-party access to data has been filed against Facebook. However, that hasn't stopped Facebook from making a controversial move to formally allow third-party apps to access users' personal information. Facebook did pull this feature due to public pressure, but the company appears certain to launch it sometime in 2011.

Customer consent
Despite the given privacy policies of a site, when creating an application make sure that your developers follow some form of secure software development lifecycle. Building Security In Maturity Model (BSIMM) is an open framework, adaptable for both small and large businesses; it is derived from the secure development practices employed at Google, Microsoft, Wells Fargo, and 27 other companies worldwide. By securing their code at the beginning, businesses can avoid the embarrassment of seeing their application singled out as having "privacy issues" by third-party security products.

Follow the Rules

Whatever method you use to build up customer lists, abide by these few simple rules.

  • Always be clear as to what contact information you are asking the customer to provide.
  • Don't overstep; ask for the bare minimum from your customers.
  • Clearly state what opt-out options exist. If sending a newsletter, include an opt-out option within each issue.
  • Create a privacy policy that explicitly states how your company will use the collected information. The greater transparency your company offers, the fewer problems.
  • Design apps that follow the best security practices to avoid embarrassing privacy issues later on.

Robert Vamosi is a security analyst and the author of When Gadgets Betray Us: The Dark Side of Our Infatuation with New Technology (Basic Books, April 2011).

Subscribe to the Daily Downloads Newsletter

Comments