• by Ray Schultz , Columnist, November 22, 2019

Third-party list vendor are swindling B2B brands by supplying them with worthless leads, according to a new study from the Chief Marketing Officer Council. Titled, Are Garbage Leads Trashing Your Brand?

The CMO Council warns of “low-cost, unverified leads from questionable, offshore commodity list providers,” charging that they are “not the result of a structured opt-in, permission-based process.”

This plethora of trash-can leads can erode a brand’s reputation not only with customers and ESPs, but with regulators responsible for enforcing laws such as the GDPR and CCPA.

Case in point: a junk telemarketer calls without permission and persuades a person to cough up their email address.

Then it asks them if they would like to get a white paper and sends them the paper whether they want it or not.

The result is that the recipient is now a hot lead, open to a barrage of emails and telephone calls from a brand they may have even trusted once.

The villains range from “overseas lead farms that keep unclean email databases to call centers cutting corners in the opt-in process to outright illicit name scrapers,” the report says.

There are several danger signs, one being unclear unsubscribe procedures.

“Lead compliance doesn’t stop at unsubscribe,” says Pat Oldenburg, VP of Demand Marketing and Operations at ServiceMax, according to the paper. “The vendor also needs to show how it eliminates records that requested removal or hard bounced so that the database only contains relevant people.”

And if the vendor seems oblivious to that, or to GDPR requirements?

“It’s a show-stopper,” Oldenburg says, the report continues. “If we don’t get some kind of certificate or in-writing opt-in for email communication for data storage, then there’s no point doing business with the vendor.”

Oldenburg adds: “We have narrowed down the list of syndication vendors to just two.”

So how should you size up a lead-gen Vendor? There are ten questions to ask prospective suppliers (we quote):

1. Are you Privacy Shield Certified? (Privacy Shield concerns transatlantic exchanges of personal data between the U.S. and European Union.)
2. What have you done internally to comply with GDPR?
3. How do you collect and transfer data (e.g., HTTPS forms, STP protocols)?
4. What are the procedures for destroying data after the retention period?
5. Do you have a Security Incident Response Policy?
6. Can you show where you’ve clearly communicated to the user what they will be receiving by opting in?
7. Will you rely on subcontractors to provide all or part of your services?
8. Do you host all lead capture forms?
9. Can you show lead authentication?
10. What is your process for identifying and blocking click bots?