Since the dawn of the Web, user profiling has been an integral part of Web serving. The original infrastructure of the Web included a mechanism that allowed Web servers to send Web browsers small parcels of information destined to be stored on the browser machine’s hard drive. These were meant to be innocuous bits of information called cookies that would help the browser connect with the server. Since the first primitive cookies were sent to users to make Internet connections more enjoyable, user profiling has evolved into customer profiling: a powerful tool for identifying, cataloging, and individuating potential buyers. User profiling was strictly meant to enhance the functionality of Web use, while customer profiling was designed to enable businesses to target specific products to potential customers whose preferences have been captured by profiling software.

These technologies are becoming more powerful and sophisticated—maybe too powerful. Electronic customer relationship management (e-CRM) is a hot topic in today’s e-business environment and can be a real help to online stores. E-CRM practices can also be a real pain for customers who don’t want to provide personal information just to buy a CD or book. Cookies can be deleted easily from your hard drive. However, once you’ve entered information into an e-business database, that information can’t easily be deleted and could end up in many different e-business databases. American consumers have always cherished their right to privacy. Unfortunately, nobody needs a warrant to search your Web activity.

While the U.S. government is slowly codifying Web privacy rules, the European Union has taken a much more proactive stance. As early as 1995, these organizations were creating online privacy rules, and the Data Protection Act of 1998 solidified Britain’s strict privacy policies concerning both Web and hard-copy privacy issues. The European Union has typically taken the approach that privacy is more important than the business advantages gained by its violation. In fact, the European Union has rules that forbid the transmission of data to countries that don’t meet the European Union’s privacy requirements, and there is controversy over whether the United States is one of those countries.

Customer profiling is a tricky business. On the one hand, knowledge of a customer’s preferences can serve the interest of the customer by tailoring product offerings to his/her needs and desires. E-CRM software can keep track of service problems and speed the delivery of vital product information to customers that might be affected by a product flaw or upgrade. On the other hand, nobody I know wants personal information to

be available to businesses. We’ve all heard horror stories about both brick-and-mortar businesses and e-businesses selling personal information to the highest bidder. That’s why customer profiling must walk a fine line between benefiting consumers and invading their privacy.

Whether customer information is obtained overtly through registrations, surveys, and forms or covertly through tracking software, there is no guarantee that it will be used for appropriate business purposes. The Federal Trade Commission (FTC) is responsible for e-business consumer rights. So far, the FTC has taken a laissez-faire approach to Web privacy. This policy has had mixed results. Many reputable companies have posted privacy policies to reassure consumers that any private information they obtain will not be sold or distributed to other companies. Unfortunately, privacy policies aren’t legally binding, so a company’s practices are more important than any policy statement. Of course, technology can be used to protect privacy as well as to invade it. Most e-businesses encrypt credit card transactions, and consumer information can be encrypted easily. Once again, however, it’s up to the individual business to make sure that customer information is secure. As Beth Givens, director of the Privacy Rights Clearinghouse in San Diego, California, succinctly states, “Companies should provide training on privacy and responsible information handling.... Good privacy practices are good business.” If consumers feel that information
about their Web purchases is being used for nefarious purposes, they may avoid e- businesses altogether, which is certainly not what businesses using e-CRM want.

For e-businesses, one answer to Web privacy protection is to seek third-party certification of their privacy practices from a security purveyor such as TRUSTe (www.truste.com) and demand similar certification from any business partners. Although not foolproof, privacy certification can go a long way in assuring Web customers that their privacy won’t be violated. But the real issue for an e-business is deciding how to use customer profiling, or even whether to use it at all. Just because the technology is available doesn’t mean it’s always a good idea to use it. For instance, every time you go to a “club”- type supermarket, you are supposedly getting a discount by using its special “club card.” When one major supermarket chain decided to defend itself against a personal injury lawsuit by revealing the claimant’s alcohol buying records, it was promptly faced with the kind of bad publicity that creates instant bankruptcies.

When used judiciously, customer profiling can help both the e-business and consumer to reach a well-balanced and efficient relationship. When abused, this technology can alienate even the most avid of consumers and might eventually lead to cumbersome FTC regulations on e-business. So, tread lightly when it comes to e-privacy, or your e- business may become e-extinct.