By Dominic Jones
THE recent uproar over America Online releasing compromising information on its customers’ search activities should be a warning to investor relations website managers to take their investors’ privacy seriously.
The media storm around the AOL incident has served to put Web users on notice that their Internet activity can reveal vast amounts of private information about them.
And it comes at a time when companies’ investor relations departments are increasingly being pushed to use advanced website tracking technologies that secretly compile detailed reports on individual shareholders’ and analysts’ activities on their websites.
Lapse in judgment
AOL came in for heavy criticism in the media from privacy advocates after the company released data to researchers about 19 million search queries by 600,000 of its users during a three month period from March to May 2006.
Even though the search records were anonymous, the types of information people searched for gave away a wide range of personal information, including medical information, social security numbers, driver’s license numbers and names.
AOL’s chief technology officer and two other employees were sent packing in the wake of the scandal. Chief Executive Jon Miller was quoted as saying that the “incident took place because some employees did not exercise good judgment or review their proposal with our privacy team. “
|AOL’s privacy lapse set off a wave of anger and bad publicity.|
Incident highlights risks of IR website spying
The incident comes at a time when investor relations departments are increasingly deploying technologies to track and compile reports on identifiable investors’ activities on their companies’ websites.
Earlier this year, NASDAQ Stock Market Inc. subsidiary Shareholder.com introduced a new website hosting platform that allows investor relations departments to compile reports on analysts, portfolio managers and individual investors who register for services on its clients’ sites.
Stored information, which is collected via cookies without investors’ knowledge once they register to access information like conference call replays, includes:
- Details on the investor’s website activity by day, including what they looked at and the time they looked at it.
- Comments the investor has made on the website, including comments investors might make to recipients when they forward pages using “email this page” utilities on the sites.
- Details of the time and date that the investor has requested documents from the company.
- How many times an investor has accessed each company conference call.
- Which public and private mailing lists the investor is subscribed to or included in.
- All individual and broadcast emails the company has sent to the investor, including “whether they have read and clicked on any links.”
Shareholder.com clients are able to combine the website activity information with other information sources to compile detailed reports on investors by name. The additional information may include questions they have asked on other companies’ conference calls and profiles of their investment strategy garnered from shareholder targeting databases.
|Shareholder.com’s Pinpoint Intelligence system spies on identifiable investors’ website activity.|
Lack of disclosure, potential for abuse
There are several potential issues with such personally identifiable tracking which can cause significant fallout and embarrassment for companies and their IR departments.
Since many investors prize their confidentiality for trading reasons, they may become reluctant to use companies’ websites if they suspect their activity could compromise their confidentiality.
Furthermore, since investors are not forewarned of the types of information companies are compiling, they may well feel betrayed should they learn details of the surreptitious monitoring. This could create major problems for the investor relations profession since trust is all-important to IR success.
Finally, the information companies are compiling is open to abuse and misuse. For instance, it can conceivably be used to retaliate against or embarrass unfriendly analysts, or to identify investors who otherwise are not known to the company, such as objecting beneficial owners.
IR community must address Web spying
It is wholly inappropriate and risky from a compliance perspective for companies to spy on what people are doing on their investor relations websites. Personally identifiable website activity data is not needed for companies to better manage their websites.
In any event, companies which employ technologies to spy on their investors are unlikely in the long-term to glean much useful information. This is simply because it is easy for investors to thwart the tracking systems by using fake names, blocking cookies in their Web browsers and hiding their IP addresses behind proxy servers.
Companies which employ tracking devices are likely too see fewer investors using their sites, especially as investors become more aware of their surveillance practices. They are also likely to be less effective in their online communications as the tracking requires the use of registration forms that can discourage people from using companies’ information.
In developing tracking tools, companies like Shareholder.com have betrayed an astonishing lack of understanding for the importance of trust to the relationship between companies and their investors . They have put their clients’ credibility at risk by offering them a service of dubious value.
Serious damage has been inflicted upon the credibility of capital markets in recent years. There is a widely held view, reinforced by the current growing options backdating scandal, that ethical decay is rife throughout the corporate community.
The 100 or so companies that spy on investors’ website use without due regard for the consequences are putting the credibility of the entire IR profession at risk. It is high time that associations like NIRI and individual companies and IR professionals take a long, hard look at this issue.