Shifting regulations and consumer demands for privacy have forced marketers to examine their data practices, technology stack, and security.
Today’s constant stream of consumer data promises companies exciting abilities and groundbreaking insight into their audiences. Modern marketers collect and leverage all sorts of customer data, whether it is direct engagement data, anonymized data collected in partnership with a third-party monitoring service, or first-party data collected in a Customer Relationship Management (CRM) system, which most likely contains Personally Identifiable Information or PII. When used appropriately, this trove of data can provide value to customers as well, encouraging a willingness to share their data in exchange for relevant advertising or promotions.
However, while this data is a tremendous asset, it carries with it a hefty responsibility toward customers who increasingly want more control over how their personal data and privacy is handled. When using this data, marketers must take the necessary steps to satisfy regulatory compliance and consumer demands. At the same time, they rely on as much data as they can get to drive digital marketing returns, especially when it comes to 1:1 targeting, personalization, and identity management.
It’s a delicate balance, one that increasingly causes marketers to struggle with navigating an always-changing regulatory environment, while also developing plans to manage data ethically and make their activities both transparent and trustworthy.
Consumer Data Privacy Laws Challenge Global Strategy
Inconsistent and ever-changing consumer data laws present the biggest hurdle to marketers involved in multinational operations.
For instance, the U.S. Congress recently voted to repeal the proposed Federal Communications Commission’s Internet privacy rules that would have controlled the way browser data is collected and shared by Internet service providers (ISPs). The repeal would seem to relax ISPs’ obligations to consumers as it relates to the selling and transfer of certain types of data, as well as the obligations marketers have in buying and collecting browser-based data. Individual state legislatures either have or are working to put similar rules in their place. Montana, Maryland, and Minnesota have already proposed to limit the power ISPs and advertisers have when collecting data, with more states likely to follow.
On the other side of the Atlantic, member states of the European Union passed the General Data Protection Regulation (GDPR) framework last year. The comprehensive set of rules governs the way personal data is handled across the EU, including guidelines for when consumers must be given the option to consent or reject certain data collection and processing practices. The GDPR will become effective on May 25, 2018, and non-compliance can cost as much as 4% of worldwide gross revenues.
The stark difference between these two regulatory environments forces international companies to either take a strict, highly regionalized approach to data collection or adhere to a consistent, high standard regardless of where their consumers live.
Marketers Take Ownership of Data and Technology Management
No matter whether a company chooses to adjust to a localized approach or apply blanket data collection practices worldwide, many marketers have increased their involvement into practices they once took for granted.
As companies seek to own the contracts for an increasing amount of MarTech and AdTech solutions, they should take actions similar to those recommended in our recent data privacy advisory, such as reviewing disclosure statements, consent policies, and arrangements with third-party technologies and data vendors.
Putting Proper Customer Data Management in Practice
Consumers are not just concerned with how companies collect and use their personal data for marketing purposes, but more so what happens to their sensitive information when a company faces a data breach. Research has shown that after a series of high-profile data breaches, Internet users worried about their digital security take steps to protect themselves, such as not saving credit card information, only using trusted third-party payment services, and regularly changing their passwords.
However, it is still up to the companies to be the ones responsible for preventative action. Marketers should aim to protect customer data with the proper use of standards and processes to prepare their technology platforms from any type of data breach. Some best practices include the use of Single Sign-On (SSO) technology for access, encrypting data (both in flight and at rest) and segregating as required, with continual external vulnerability scans of their technology platforms. Ultimately, though, marketers’ data obligations increase their need to convince leadership and themselves that proper customer data management is their problem.