Customer data and privacy protection remain a hot topic in a fairly tense climate.
Let’s look at some data privacy stats. In the US alone, customer data breach cases hit a record number of 1,579 in 2017, with over 178 million records exposed. In the following year, there were fewer data breaches but the number of exposed records rose to over 446 million, an unprecedented high.
The issue of data privacy, largely set off by the Cambridge Analytica scandal, has left a profound effect on consumer-to-brand relationships. We’ve all felt our online privacy is being violated in one way or another; consumers have become more cautious and aware on a global level.
But here’s the thing: research shows that 61% of American consumers and 48% of those in the UK are “willing to share their data with a company in order to get customized communications”.
Essentially, the topic of data protection and privacy has taken a central role in a narrative that focuses on consumers regaining control – and marketers regaining trust. It’s paramount that marketers understand that protecting customer data is their responsibility.
our success largely depends on how well you’re able to adjust to the new climate and re-establish consumer trust. To help you in this endeavor, we’ve rounded up the key points and expert advice for protecting personal data, managing data privacy, data governance, data privacy law, and general data protection regulation.
Be transparent with your customer data
Although the majority of people are willing to hand their data in return for better service, they’re naturally not inclined to share it with just anyone. The key for marketers lies in establishing trust and allowing customers control over the information they provide – both of which require maximum transparency.
For one, people generally trust companies that they won’t sell their data to third parties. They expect that the information provided will only be used for the given scenario, whether it’s completing a purchase or signing up for an email list. It goes without saying that meeting these expectations is a vital part of an ethical approach to data-driven marketing.
But in order to establish trust and maintain your authority as a trustworthy enterprise, it’s crucial to set clear expectations and communicate transparently what you will do with the customer data and data data privacy before they share it with you. Abiding by the GDPR compliance rules, the European Union regulations, no matter whether you’re legally bound by them or not, will help you do all this successfully and relieve customer-marketer tensions.
One of the key rules here is to use simple language and simple agreement statements on forms, free of corporate jargon, to information security and ensure transparency.
Avoid collecting information that won’t be proactively used
Responsible data-driven marketing calls for another simple rule: take only what you need and no more. Collect customer data intentionally and don’t ask for the information that won’t be proactively applied.
In a 2016 study on the effects of data privacy on customer and firm performance, researchers examined how customers responded to companies accessing their data. The results were as follows:
Now, these numbers might not be staggering, but they point to consumers’ distrust – and that was back in 2016, before the Facebook scandals.
Considering all the past tension around data privacy, turning a blind eye to this simple piece of advice will have you losing trust, and ultimately losing customers, faster than you’ll care to admit you’ve been pushing it too far. Lastly, take note that the mentioned study also concludes that “high transparency and high control” constitute the best practice for data privacy management.
“Personification over personalization”
Andrew Frank, distinguished VP analyst at Gartner for Marketing Leaders advocates that companies can offer certain kinds of personalization without having to rely on personal data. The idea is to reduce the use of personal data and find new ways to deliver relevance to anonymous customers, thus seeking personification over personalization.
In his research on this topic, Frank defines personification as “delivery and optimization of relevant digital experiences based on an individual’s inferred membership in a customer segment and their immediate circumstances rather than their personal identity.”
In short, Frank’s research suggests that marketers should focus on the type of data that’s significantly less risky from a privacy standpoint. This would be the type of information that the GDPR isn’t concerned with – the data that determines what people are looking at and the ways in which they’re interacting with a brand, in no relation to their personal identity. He suggests that this type of information has significant marketing value because it’s insightful and more telling of user intent at a given time, while entirely evading the tension around personal data.
This is a great starting point, but you’ll naturally still have some spaces to patch up and you can’t always depend on an across-the-board compliance. Data privacy laws are evolving and getting tougher, with California’s Consumer Privacy Act (CPA), following in the footsteps of GDPR, going into effect on January 2020. It only affects California residents, but it’s a viable regulation to adhere to in a blanket policy. However, it’s not identical to the GDPR, which is why a thorough understanding of the different regulations is crucial to your data privacy management.
Take inventory of your data
This is a solid piece of advice to help you prepare for more rigorous data privacy laws.
Both the CPA and GDPR demand organizations obtain consent to acquire individual data, as well as to disclose how the data will be used (remember the issue of transparency we’ve talked about near the top of this article).
Before you even set out to meet the requirements of new privacy regulations, you have to understand what sort of information you’re currently dealing with. Identify the data you’re currently dealing with and how it’s being applied. Take inventory and determine not only the type of data you’re using, but how you’re applying it as well.
Data protection starts with your employees
What many businesses fail to recognize is that the majority of cyberattacks are the result of human error. Hackers will always look for the simplest way into a system, starting with the places where employees are not vigilant enough.
One of the most obvious examples is cracking passwords, knowing that a surprisingly large number of companies use oversimplified passwords and even repeat them across multiple accounts.
Then there are also phishing attacks, which remain a tenacious cybersecurity threat, and rely entirely on deceiving unsuspecting victims into handing off information. Clearly, advertising and marketing departments are an especially obvious target for perpetrators looking to compromise data.
In short, all the impressive IT security systems in the world can’t keep your data safe if you don’t foster a company-wide culture of cyber-literacy and awareness. This brings us to the next part.
Establish a cybersecurity awareness program
Start with basic IT security training, where experts will teach employees about common threats and provide guidelines for security measurements. These involve:
Once you’ve laid the foundations, engage employees with ongoing training to address common issues, persistent threats, and the most recent types of cyberattacks.
Clear email lists routinely to ensure data privacy
It feels great to see your email list continuously expanding, but the number you end up with “on paper”, although impressive, certainly won’t be representative of how many contacts you’re actually dealing with. Among the accumulated contacts, you’ll have a lot of people who are unresponsive or who have explicitly chosen to opt out, in between those who open your newsletters with varying regularity.
Take the time to regularly clear your email lists by eliminating the contacts that have manually opted out as well as those who’ve ignored your attempts to reengage them. You’ll set up this routine depending on how frequently you send out marketing emails.
This is a precautionary data management measure. Removing these contact groups will protect both you and them in the case of an eventual cyberattack. If your database were to be compromised and former contact information leaked, you’d have a lot of trouble on your hands as it would turn out that you don’t respect opt-out requests accordingly.
Plus, this simple practice, although often overlooked, has obvious benefits to your email marketing strategy. Firstly, you’ll reduce the risk of being labeled as spam because of too many contacts that don’t open your emails. You’ll also have a more representative idea of how many leads you’re dealing with and how your efforts have fared.
Get SSL encryption for your website
Encryption is an obvious and crucial part of data protection. But it’s up to companies and their data privacy and protection policy to determine which level of encryption they’ll employ for maximum security. For example, you can take it a step further by employing encrypted data and keys on different servers.
Another key piece of advice for securing data is that you get an SSL certificate for your website. SSL, short for Single Socket Layer, encrypts data sent between a website visitor and the web host. While information entered by a website visitor travels from point A to point B, there are numerous security vulnerabilities, where neither the sender nor the receiver has control over the sent data.
SSL encryption helps ensure that only the intended recipient is able to access the data by creating keys and locking the data before it hits the receiving end. That’s the gist of it.
Now, this is an absolute must for companies collecting credit card information and such, but it’s highly recommended that every business uses SSL on their website for safety. That’s why Google now prioritizes HTTPS pages, which are the ones using an SSL certificate.
Be vigilant when integrating business systems
Mergers and acquisitions present a special risk to cybersecurity and data management. Information breach and other issues are common when companies merge; we’ve seen one such instance highly publicized when Verizon executed an acquisition agreement to acquire Yahoo, and shortly after discovered a data breach that happened at Yahoo back in 2014.
In fact, a report by Forbes shows nearly 40% of organizations who’ve been acquired or went through a merger found cybersecurity issues during the due diligence period. Whichever kind of systems integration you might be undertaking, beware of the countless issues that may arise. Don’t rush the process and find the best professionals to inspect every nook and cranny so that they may carefully cover all the vulnerabilities.
Conclusion for Data Privacy
Ultimately, it’s best to go by the motto “Treat your customers’ data like your business depends on it” – because really, it does.
That’s why a crucial step to successful data privacy and data management is that all departments, especially marketing teams, take on their roles in the efforts and collaborate with the IT team rather than entirely relying on them.
The IT team will do the heavy lifting, but putting in place proper policies and adhering to appropriate practices is up to you.
As stricter data privacy laws are put into place, we’re entering a phase where marketers are going to be creative, engaging, and more transparent with their strategies – which is certainly a good thing overall.
Natasha Lane is a web designer, a lady of a keyboard and one hell of a tech geek. Natasha is always happy to collaborate with awesome blogs and share her knowledge about IT, digital marketing and technology trends.