According to Forrester Research, this year's purchase plans for CRM in the United States have taken a nosedive when compared with those in 2001. Constrained by tighter IT budgets, executives are avoiding the big-ticket, drawn-out installations associated with enterprise applications. What's more, those who have already installed them are looking for more payback.
Forrester is predicting that US purchases this year will be down by more than 50 per cent, and the general consensus is that the Australian market for CRM won't be much better. However, local vendors are hopeful that privacy will become a key driver for future CRM implementations. In fact, privacy has been a selling point for many overseas companies for years, particularly in the health and finance sectors.
Amendments to the Commonwealth Privacy Act took effect on December 21, 2001, imposing strict new rules on companies with annual turnovers of more than $3 million - and all companies operating in the health sector, or those that earn income from selling information. Companies with turnovers of less that $3 million have until the end of this year to comply.
The legislation places greater emphasis on data security, disclosure and customer access to personal information held by a company. The new rules govern how companies handle customer data, who has access to it, and if necessary, how it must be either de-identified or erased when no longer required.
Legal circles are debating how far companies will have to go to ensure data is erased - a simple deletion will not be enough to ensure files are actually erased from hard drives. And the legislation states that data must be erased when it is no longer in use, with the issue of "use" yet to be tested in court, according to Glenn Vassallo, Deacons corporate and commercial technology group solicitor.
Vassallo warns that companies do have to go through quite a complex audit process to ensure they are complying with the new laws. "They need to look at their business to see how the information flows, who accesses it and what they actually do with it. If they intend to install CRM, they need to know what sort of security arrangements will be in place if a number of people will be accessing it, and that suitable password and firewalls are available.
"They need to look at how the information is going to be stored, how it is going to be transmitted to other people and what those other people or organisations are going to do with it."
While the legislation does not place any extra onus on CRM software suppliers, it's likely that systems integrators may be required by customers to provide additional warranties relating to privacy of data they may have access to while setting up databases, particularly in the health sector. Some companies, particularly call centres, are also growing wary of outsourcing their CRM because of the data security issue and the increased onus for warranties from third parties who may have access to their customer data.
But according to E.piphany marketing director Megan O'Ryan, the Act gives an advantage to companies that have implemented CRM. "Under the legislation, people should be able to opt in or out of receiving information or be able to request information that a company is holding about them," she says. "And unless a company has consolidated their data and has a single view of their customers, they are not in a position to comply.
"The tools that we have been selling for years are exactly what the legislation requires. Theoretically the legislation should drive demand for CRM implementation."
O'Ryan agrees with the Forrester observation that companies are spending less on CRM. "Times are uncertain and because of that companies are spending less on IT overall. They are looking much closer at the return on investment."
Rather than throw out and replace technology that wasn't working (as was the case during the tech boom) companies are now looking for cheaper options and add-ons to make it work more efficiently.
"Some of them may have been poorly served in the past. But today companies are clearer in what they want the outcome of a technology implementation to be. They are much clearer about their reasons for implementation, and privacy will be one of those reasons," she says.
As far as consultant Andy Zaple is concerned, the privacy legislation has had negligible impact on the CRM industry, although he agrees privacy is a selling point. He is more concerned that CRM vendors and consultants clean up their image.
Zaple, who is business consultancy practice manager for WorldGroup Consulting, says CRM vendors have a credibility problem. "Most of the vendors are suffering from their own hype. They created an impression that CRM was a technology issue and could solve all problems; but surprise, surprise, it failed to deliver on those promises.
"Consultants have a problem too as a result of the fallout from the Big 5 and their audit practices. There are a lot of organisations saying, We invested money on the back of your words; you have made fat profits and we lost a bucket. What we want you to do now is pin your payment stream against the benefits we get'."
Zaple says vendors and systems
integrators have to show customers the benefits of CRM and be prepared to wait for their profit until the benefits have been achieved. "They have got to say, We believe that if you apply this technology to this business process, you will see these benefits. We will charge you this amount of money which will cover part or all of our costs, but when you achieve this milestone or level of business benefit you will pay us this amount'."
There is no doubt, according to Zaple, that the IT downturn has had an effect, but now businesses realise they don't need to spend $10, $20 or $30 million on a whole-of-enterprise CRM solution. Instead, they are focusing on improving and streamlining end-to-end business processes.
"We are starting to see a lot of smaller business process implementations that are as much a part of CRM as implementing a bigger package," he says.
The channel's role
At Avaya, general manager for e-communications, applications and consulting Sunny Rao says vendors and the channel have a role to play in making companies aware of their obligations under the new legislation and helping them ensure compliance.
He says companies that have been ahead of the curve and early adopters of CRM, whether they implemented it within their own companies or outsourced it, had to go back over every step of the process to ensure that they complied. Additional filters and safeguards, although not major in terms of technology, may have to be implemented, particularly in relation to who has access to the data. That can provide additional opportunities for the channel.
Rao says the legislation should provide few problems for vendors, particularly the larger ones such as Avaya.
Tricon Restaurants International national call centre manager Peter Scodellaro agrees. Late last year he oversaw the implementation of a CRM system at Pizza Hut's Sydney call centre and is repeating the process in the fast food chain's Brisbane centre.
Tricon is using Avaya's Enterprise Manager application to provide a centralised, secure database that can be accessed by up to 240 agents at a time in the Sydney call centre. Generic data is collected from each customer for market research use, and more specific data can be used for fast-tracking regular customers' orders and offering them specials.
Scodellaro says the main aim was to save money, with Tricon budgeting for a return on investment within two years. But ROI will be achieved earlier. "We know there is a lot more we could be doing but we were very careful to only take bite-sized chunks and operate within the skill sets we have."
He also says the new privacy legislation has caused few problems. The company does not sell its database and purges customer information every six months unless it is still being used or a customer requests it earlier. "We are too high a profile company not to guarantee privacy, and our database security is strictly audited both internally and externally," he says.
It is an attitude shared by many big companies that recognise privacy is good business.