Know the rules
We all talk about opt-outs and opt-ins under the general heading of permission but there are some very specific rules defining when you need to apply positive consent (opt-in) versus a negative option (opt-out). Understanding these rules and deciding what your permission strategy will be is the first thing you need to do.

As well as the legal constraints, think about your brand values and the demographics of your audience. In general, younger people are more comfortable with online approaches and may be willing to surrender personal information in return for incentives or services. Older prospects tend to be more likely to opt out – even from postal communication – so capturing their interest (and permission) can involve more cajoling.

Revisit permissions
Legacy data exists almost everywhere but how much of it is properly permissioned? It’s important to audit existing data and categorise it by reference to the consents you hold. In some cases, you may simply not know what options the individual received at the point of data capture. It may be necessary to‘re-permission’ this data by contacting the individuals afresh and asking them to confirm consents, usually an exercise that requires careful copywriting and some level of incentivising.

Always be friendly
Increasingly consumers judge brands on their handling of personal data; many will carefully select the companies they will allow to use their data. It is vital to adopt a customer friendly permission strategy which should be demonstrated at every point of data capture. Because of fears about identity theft, reassurance that data will be held securely and only used for specified purposes is likely to improve opt-in levels. Think, think, and think again.

Data protection statements (or Fair Processing Notices) need careful copywriting. Some common pitfalls when writing statements are: Specifying a single contact method when you want to use multiple channels. Limiting the frequency of contact for which you gain permission. For example, if you promise the individual ‘monthly updates’ they will not expect to receive fortnightly communications.- Collecting in the name of a single brand, which prevents use by other brands/companies in the group. – Not collecting third-party permission at the point of first collection. If you decide later that you want to release the data you will have to reapply for permission and generate a positive response. – Missing out some significant opportunities. For example, market research that will be personalised to an individual.

Research by Opt-4 (Source: The Opt-out Fallout, 2005) has suggested that statements which assume permission are generally disliked. Overly legalistic statements are also disliked. In general, using the brand ‘tone of voice’ in the statement will improve results. The law requires that the individual must be given an opportunity to object and a means to do so but – contrary to popular marketing belief – there is no specific mechanism by which this must be achieved.

Opt-out boxes have become the norm to facilitate the right to object because they are simple and well understood by the general public. Nearly 50% of consumers are aware of opt-out boxes according to research from the Direct Mail Information Service.

Provide incentives
Consumers need to see the value of giving you permission to use their data, so reminding them that they may miss out on special offers or money-off promotions can improve sign-up. Online this can be done by seeking registration for newsletters with tailored content; with careful wording, postal permission for general marketing can often be gained at the same time as sign up for a customer magazine.

Offering the individual channel options may also increase your permissions. Many more people object to telemarketing than to postal or email communications, so giving the consumer choice (rather than seeking global permissions) allows you to understand which channel ‘doors’ are likely to be open and which closed. You can improve response rates by playing to these channel preferences. Make sure your promises reflect your practices; the privacy policy you display online should encapsulate your permission values.

Make sure that the promises made in the privacy policy reflect your actual practices. There’s nothing worse than offering the consumer a choice, then ignoring their wishes. Preference management – especially if you are collecting permission by channel – requires complex database structures to be developed so you can keep your data accurate. Remember, legacy systems often have a single ‘do not mail’ field for suppression which will severely limit your ability to capture permissions.

Evaluate the impact
Gaining consent is just the start of the permission journey. The law says that the individual should be able to withdraw consent at any time. Nothing prompts disaffection more than over-mailing or sending irrelevant offers. Contacts with customers should be carefully controlled and the impact on the level of permissions evaluated after each campaign. Permission to market is a privilege not a right.

Article by Rosemary Smith, director of Opt-4 data protection consultancy, gives practical advice on how to obtain customer permissions.