Eliminating Vendor Risk Is a Critical Step to Win Back Consumer Trust

You don’t have to work in ad tech to know there’s growing distrust around how personal information is being collected, used, or misused. With the GDPR in effect and the CCPA on its way, publishers should consider what third-party partners are doing with their data and take steps to eliminate vendor risk.

Editor’s Note: While originally written for the publishing audience, marketers face a similar situation, as they work with vendors and must be compliant with GDPR and eventually CCPA.

You don’t have to work in ad tech (or even advertising at all) to know that there’s a growing sense of distrust around how people’s personal information is being collected, used, or misused by the various content, commerce, and online service providers they interact with every day. But publishers have a front-row seat to the drama as it all unfolds – and an added layer of responsibility, given the direct relationship between users and their content.

With the General Data Protection Regulation (GDPR) in effect and with a look ahead to the California Consumer Privacy Act (CCPA), it’s important for publishers to consider a potential consumer trust issue of their own: what third-party partners and vendors are doing with their data.

You’re Only as Safe as Your Partners Are

To be clear, many publishers have already stepped up their privacy game. Whether it’s to stay compliant with new regulations or actively regain public trust, legacy and digital-first publishers have raised the bar on internal privacy standards, moved toward restricting access to their user data, and worked to secure their systems against breaches and attacks.

Unfortunately, implementing these changes alone is not enough. Not when publishers rely on a host of third-party partners to help keep everything – from video players, to content personalization tools, to programmatic ad deals – functioning effectively.

Each of these partners has its own approach to data collection and usage that needs to be added to the publisher’s overall privacy equation.

Since cutting ties with all third parties isn’t exactly a simple (or realistic) solution for most publishers, partnering with service providers on a privacy action plan – one with overarching standards, but with enough modularity to work across multiple vendors – is a straightforward way to help eliminate that risk.

1. Standardize the Vendor Selection Process

Keeping consumer data sacred starts with being highly selective about whom you work with. Rather than asking ad-hoc privacy and data usage questions, develop standardized questionnaires as part of your vendor selection process. Ask prospective partners pointed questions such as:

  • What data will you collect from us?
  • What is the purpose for collecting this data?
  • What controls and safeguards do you have in place to ensure data is handled properly?
  • Will you share our data with other third parties? If so, with whom and why?

Furthermore, only work with vendors that have received industry certifications from trusted third-party auditors. And of course, put a process in place to revisit each vendor’s data management approach on an annual basis and as regulations change.

2. Get Technical and Business Leaders on the Same Page

Obviously, technical subject matter experts such as the CTO and CPO, and regulatory experts like Legal should play a significant role in managing vendors’ data privacy compliance. But the responsibility shouldn’t stop there. Protecting user data and preventing leakage requires input from key stakeholders in disciplines like sales, marketing, and even platform support.

Business leaders often own the day-to-day relationship with the vendor, and thus have an on-the-ground perspective that the technical experts may not. As a result, they can be more aware of the intricacies of the relationship than the technical experts alone.

Similarly, platform support and sales leaders may have an understanding of site glitches that could be compromising user data, and examples of how, when, and why privacy shortcuts might have been taken in the past.

Privacy and trust are far too important to be relegated to technical leads only, so keep business leaders looped in from the beginning to ensure full coverage and alignment.

3. Plan and Communicate

Trust, of course, is built on communication.

Be transparent with customers about the partners you work with, the data they use, and how you’re working with partners to keep everyone’s data safe. Ideally, this info comes as part of a broader education campaign about how you’re putting customer privacy first in your data initiatives.

Meanwhile, the sheer volume of consumer data in play means that missteps are unfortunately inevitable. This makes having clear emergency protocols and plans for handling worst-case scenarios – including how to communicate details to customers – a critical step in the process.

Throughout these communications, be sure you’re conveying information in simple English, not technical jargon or legalese. To see how it’s done right, learn from some of the brands noted for doing it best.

Remember That You Don’t Need to Go at It Alone

Use trusted vendors as a resource for best practices and as trusted privacy guides. At a minimum, they’ll be able to help you better secure data through their own systems. They may also give you fresh perspectives on how to choose other vendors wisely, and can provide critical support in driving better data standards industry-wide.

With the right approach to partnerships, publishers can leverage vendors as allies (as opposed to bearing with them as potential risks) in the fight to win back customer trust.