The problem was with the Cloud based CRM
The Bank of Queensland has seen three years' effort on a CRM system and $10M fly south after it was unable to satisfy regulatory bodies, including APRA that Material Business Activities could be conducted according to their standards. In essence, the bank seems to have relied on promises by SalesForce that they would have a data centre in Australia by now. They don't, apparently - and all the Bank's effort is being rolled back to their previous CRM platform.
It's not like there was no warning!
When it comes to Privacy, Australian regulatory authorities are pretty clear. APRA, ASIC and their watchers such as the Privacy Commissioner have all gone to great pains to let organisations subject to their authority know that the cloud presents some very real issues. APRA has been saying for years that off-shoring of data presented a real risk to privacy. It appears that BoQ have known this was an issue from almost the time they started the project.
Just how grey is that line between Marketing & Sales?
So here's an interesting parallel. For years, that black & white line (ok, maybe a bit grey) between the nebulous nature of "marketing data" and the highly specific "sales data" has become more grey. CRM and other smart marketing systems are partly responsible. We would research a market segment and get a feel for how many likely sales would be made based on a whole string of variables. One we had defined what looked to be a target rich environment, we'd let the order makers & takers loose to go and find some customers. The line was pretty clear - marketing dealt with statistics and sales dealt with the identification and invoicing. But with automated marketing platforms such as Marketo, IBM's Marketing Cloud, Hubspot, Pardot, Eloqua and yes, SalesForce (amongst their partners), the rules are changing....rapidly. For a kick off, all of them can mine multiple sources for information about a website visitor.
the rules are changing.... rapidly
For instance, at the first whiff of a visit, a well set up smart CRM platform will assign an identifier for the visitor and attempt to drop a cookie in their browser. If the visitor is using the same browser across their desktop/tablet/phone, it is likely that the cookie will be replicated across all their devices. For the next n days, each time that visitor uses their browser or other associated app, they will be reminded of their original visit and will be targeted with available paid ads from the platform. When they eventually commit to more information or even a purchase, their personal data is immediately tied to their marketing identifier. At that point, the anonymity of marketing data has been personalised and privacy rules start to apply. There is even a case that says that it should apply at first contact.
The management of these service providers need to take another look at ensuring they can offer Australian based data fencing - this is a hot topic for APRA and the BoQ may be the first in a list of failed implementations of automated marketing. There are some real pitfalls and Mark 2 Creative can assist you along the way. Get in touch.
About the Author
Mark Buckingham is a partner with Mark 2 Creative; a dynamic Sydney based integrated marketing agency. They are experts in branding and digital delivery, and are able to seamlessly merge the two disciplines together to deliver cutting edge solutions that set them apart from the competition. their imaginative and innovative approach provides clients with a real presence in their marketplace that gives them exactly what they need from their marketing – more business.