Good evening. I will begin with the traditional announcement that as a Commissioner of the Federal Trade Commission (FTC), I speak only for myself, and my remarks do not necessarily represent the views of either the FTC or any other Commissioner.
- It is a real pleasure to be here today. The pace of technology is affecting our lives in so many ways -- mostly positive, but some troubling negatives. Many forces tug at us from various directions, including incredible access to information, more choices, and freedom, but also intrusions into our lives, privacy concerns, and fraud being conducted at warp speed. The diversity of talent engaged with us here is impressive. College professors like Joe [Phelps], privacy advocates like Paula [Bruening], and long time business leaders like John [Ford] make discussions like these today and tomorrow most meaningful. I know it is Marty's [Abrams] intent to keep this dialogue going until we find the answers -- a dialogue that is intended to cover the many factors and demands before us and to leave us all more informed.
- Marty tells me that this dialogue has a beginning, but that we won't know the middle and the end until we conclude the journey. That might take one year, or two, or ten. The purpose of the journey is to seek norms or standards for information collection and management practices. We want and need norms that provide for information exchange that enables firms to operate effectively and satisfy customer demands and, at the same time, satisfies the need to protect the personal privacy of those customers. BOTH of these are essential requirements if Customer Relationship Management (CRM) is to be truly meaningful
- I am a bit concerned when Marty says the end of the dialogue is not in sight. In 1969, after about 3 years a POW, I was being interrogated by a North Vietnamese officer. He asked me how long I thought the war would last. I told him I did not know, but I turned the question around asking his opinion. He replied, "Soon," immediately perking up my interest. I asked, "How soon?" He replied, "Soon -- maybe not this year or next year or the next, but soon." A bit distressing to say the least. Or perhaps Marty is referring to the old Will Rogers comment about government programs, when he said they all have three things in common: a beginning, a middle and no end
- Those norms or standards that we should be collectively seeking might be industry self-regulatory codes like the DMA Member Guidelines. They might be the new market etiquette that the Privacy Leadership Initiative discusses. Or they might be new laws, rules and regulations governing the use and exchange of information. Whatever form they take, however, these standards should not be driven by -- as my colleague Commissioner Tom Leary termed it -- "hysteria." Emotional reactions can result in some bad law -- bad law with (in Will Rogers's words) "no end."
Topics for Discussion Tonight
I'd like to explore two topics with you tonight.
- The first is why we are here discussing CRM.
- The second is how the Federal Trade Commission has changed over the past month and what that means for the privacy debate.
This dialogue series has value in part because its objective is discovery through quality discussion. We aren't here under pressure to write regulations, pass legislation, or correct past harms. Rather, we are here to gain the understanding that will enable the formulation of rational and practical corporate and public policies that balance the conflicting values and desires that exist among all of us.
We all want a better life for our children. We all want better choices more targeted to our particular life styles. And, we all want a space that we can call our own, free from intrusion and surveillance by both the government and private entities.
Is there anyone in the room who is happy with Title V of GLB?
- There are lots of reasons to be troubled by GLB privacy rules. They are complex and are proving very expensive to implement -- truly a case of good intentions being mugged by reality. The remedies are not clear. The notices required by the regulations are turning out in practice to be confusing and inconsistent.
- GLB Title V was our first attempt to implement regulations concerning privacy in a CRM environment. Experience to date in this field, as well as with the Children's Online Privacy Protection Act (COPPA), teaches us that it's better to look well before we leap. I believe something can be said for legislating in areas like this, but only -- and I emphasize only -- when we understand the purpose of the legislation and the effects of the solution. And, we should never lose sight of the Law of Unintended Consequences. (One firm's recent experience was that it cost $243,000 to comply with the GLB notice requirement. However, only 0.4% of its customers responded to the notice to "opt out" of information-sharing. What would the consequences be if customers were required to "opt in" to allow companies to share consumers' information?)
I suggest that all of us -- industry, privacy advocates, legislators, and regulators -- have to do better than the GLB "solution."
Customer Relationship Management
CRM -- customer relationship management -- brings to light the dilemma we face in creating norms for balanced information use.
- For example, an automobile company has many touch points, of which some are part of the corporate structure and others are not. The latter group may include the dealers who sell and service vehicles and originate financing. Research shows that consumers want all of those touch points to have knowledge of the consumer and of his or her history with the company
- Meeting that customer demand requires the technology of CRM. To be successful, the company must build a common data warehouse with information from all touch points. The organization then needs to use that knowledge to make everything it does more customer-driven. This means that the knowledge should be used to make auto recalls, service, sales, developing market strategy, and other functions more effective for the consumer.
- However, all that information gathered in one place from so many sources begins to feel like surveillance. We like customization and personalizing, but we hate surveillance. Customization is the service manager knowing I have a service contract that will pay for the repairs. Customization is also the auto company starting the tooling for a new car or truck today that will create the vehicle that I (and other consumers like me) will want four years from now.
- Surveillance, on the other hand, is an intrusive, poorly conducted sales call, or the unnecessary gathering of information. Surveillance is an auto insurance company plugging into the auto manufacturer's data warehouse. Surveillance is also inappropriate government access to that information.
- We seek norms assuring that CRM amounts to effective personalization -- leading to customization, better products, and better service -- without facilitating intrusion and surveillance. CRM is not, and should not be, about intrusion and surveillance. The search for this balance is the purpose of Marty's "unending dialogue." I appreciate your allowing me to be a part of the discussion.
The Federal Trade Commission
Now let's turn to the Federal Trade Commission. I know everyone in the room is interested in how the personnel changes at the Commission over the past month will affect what we do and how we do it.
- Tim Muris has joined the Commission as Chairman. Just as Bob Pitofsky before him, Tim becomes Chairman with a great deal of FTC experience. He has served in multiple senior staff positions. He understands the mission and structure of the Commission.
- As Chairman, Tim brings a new senior staff with him. Most important to the interests of this group tonight is Howard Beales, the new Director of the Bureau of Consumer Protection.
- Tim's presence means a 3-2 Republican majority on the Commission as well.
- Tim leads a very strong and experienced set of Commissioners, a bright and dedicated group. They do their homework and work very hard. Tim will be one of five votes, and all five of the Commissioners are willing to debate their positions with energy and passion. The staff that Tim brings to the Commission will only enhance what is already an extraordinary group of professional employees at the FTC.
Initial Media Observations Concerning the Muris FTC
- Tim told the Washington Post that he was in agreement with about 90% of what Bob Pitofsky did as Chairman. I suspect that most of that 10% area of disagreement involved antitrust enforcement
- Tim also told the Washington Post that privacy would remain on the FTC's agenda, especially as it relates to sensitive information such as personal health and financial data.
- Tim said he will spend the next month learning privacy from the staff and the following month learning privacy from those outside the Commission. Many of you will be part of that educational process, I am sure. Please participate. We need your input and experience. Consider your involvement a continuation of Marty's "unending dialogue" with the FTC.
Howard Beales, Director of the Bureau of Consumer Protection, is an economist who is very concerned about the costs associated with regulation. Like Tim, Howard had lots of experience with the FTC back in the Reagan Administration.
- Many of the BCP staff members who worked on privacy investigations and workshops are still in place. There is an old saying that the Commissioners (and Bureau Directors) come and go, but the staff stays forever.
- The Commission's current direction on privacy and marketing began with the 1993 revised consent agreement with TRW that defined which credit data could be used for non-credit purposes. That consent order was negotiated with a Republican Chairman and a Republican majority at the Commission. Privacy in a digital age is neither a Republican nor a Democratic issue. It is a national issue and a global issue, and it is very important.
My Personal Concluding Thoughts About
the Commission's Future Approach to the Privacy Issue
- I believe that we will step up our use of Section 5 of the FTC Act to ensure that businesses not only talk the talk but also walk the walk in their privacy notices.
- I also believe that the FTC will continue to do research on how information is used in the market and whether there are harms that existing law and marketplace mechanisms can't handle.
- I don't believe that a majority of this Commission will be as ready as the last Commission to recommend to Congress that we need new laws to regulate either online or offline privacy.
- I believe that a majority of this Commission will be more concerned about the cost of regulation and the cost/benefit aspects of consumer protection.
We are all engaged in a dialogue, trying to find the best balance on the privacy issue. A dialogue means diverse views and, I hope, lots of them to consider. As long as the dialogue continues, we have a good chance to arrive at an appropriate accommodation between the legitimate exchange and use of consumer information and the protection of personal privacy. In my judgment, it would be a mistake to substitute poorly conceived new legislation or regulations for the careful dialogue and analysis that we need to conduct. Please stay engaged.
Your experiences are a part of the real challenge that we face. The problems are complex. The solutions are and will continue to be elusive. One thing is certain: we must get this right. The consequences of bad policy, bad law, and bad rules will be quite significant.