What Did You Do on Data Privacy Day 2020? Do Tell Us.

Each year, Jan. 28 is known as “Data Privacy Day” in the United States and globally — also Data Protection Day in other jurisdictions. As business organizations — and marketers — we see that it’s a day when consumers are reminded to exercise their “privacy rights.”

Each year, Jan. 28 is known as “Data Privacy Day” in the United States and globally — also Data Protection Day in other jurisdictions.

As business organizations — and marketers — we see that it’s a day when consumers are reminded to exercise their “privacy rights” and take advantage of tips and tricks for safeguarding their privacy and security. In our world of marketing, there are quite a few self-regulatory and co-regulatory tools (U.S. focus here) that enable choices and opt-outs:

  • To opt out of commercial email, direct mail, and telemarketing in certain states, consumers can avail themselves of DMAchoice. For telemarketing, they can also enroll on the Federal Trade Commission’s Do Not Call database.
  • For data collected online for interest-based ads, consumers can take advantage of Digital Advertising Alliance’s WebChoices and Network Advertising Initiative consumer control tools, which are accessible via the ubiquitous “AdChoices” icon. DAA also offers AppChoices, where data is collected across apps for interest-based ads. [Disclosure: DAA is a client.]
  • Now that California has a new consumer privacy law, consumers there can also take advantage of DAA’s new “Do-Not-Sell My Personal Information” Opt Out Tool for the Web. Its AppChoices mobile app also has a new CCPA opt-out component for “do not sell.” Publishers all over the Web are placing “Do Not Sell My Personal Information” notices in their footers, even if others outside California can see them, and offering links to their own in-house suppression lists, as well as DAA’s. Some publishers are using new the Privacy Rights icon to accompany these notices.

Certainly, businesses need to be using all of these tools — either as participants, or as subscribers — for the media channels where they collect, analyze, and use personal and anonymized data for targeted marketing. There’s no reason for not participating in these industry initiatives to honor consumer’s opt-out choices, unless we wish to invite more prescriptive laws and regulations.

We are constantly reminded that consumers demand high privacy and high security — and they do. We also are reminded that they prefer personalized experiences, relevant messaging, and wish to be recognized as customers as they go from device to device, and across the media landscape. Sometimes, these objectives may seem to be in conflict … but they really are not. Both objectives are good business sense.

As The Winterberry’s Group Bruce Biegel reported while presenting his Annual Outlook for media in 2020 (opens as a PDF), the U.S. data marketplace remains alive and well. For data providers, the onus is to show where consumer permissions are properly sourced, and transparency is fully authenticated and demonstrated to consumers in the data-gathering process. It’s a rush to quality. Plainly stated, adherence to industry data codes and principles (DAA, NAI, Interactive Advertising Bureau, Association of National Advertisers, among others) are table stakes. Going above and beyond laws and ethics codes are business decisions that may provide a competitive edge.

So what did I do on Data Privacy Day 2020? You’re reading it!  Share with me any efforts you may have taken on that day in the “public” comments below.

How New Data Protection Laws Affect Your Non-Transactional Website

Good news! Regulatory agencies are taking privacy policies and data protection more seriously than ever. Bad news! Regulatory agencies are taking privacy policies and data protection more seriously than ever.

Good news! Regulatory agencies are taking privacy policies and data protection more seriously than ever.

Bad news! Regulatory agencies are taking privacy policies and data protection more seriously than ever.

The increased regulatory activity is certainly good news for all of us as consumers. As marketers, that silver lining can be overshadowed by the cloud of fear, uncertainty, and doubt — to say nothing of the potentially enormous fines — attached to these new regulations. Let’s take a look at what your responsibilities are (or are likely to become) as privacy regulations become more widely adopted.

Before we begin: I’m not a lawyer. You should absolutely consult one, as there are so many ways the various regulations may or may not apply to your firm. Many of the regulations are regional in nature — GDPR applies to the EU, CCPA to California residents, the SHIELD Act to New York State — but the “placelessness” of the Internet means those regulations may still apply to you, if you do business with residents of those jurisdictions (even though you’re located elsewhere).

Beyond Credit Cards and Social Security Numbers

With the latest round of rules, regulators are taking a broader view of what constitutes personally identifiable information or “PII.” This is why regulations are now applicable for a non-transactional website.

We are clearly beyond the era when the only data that needed to be safeguarded was banking information and social security numbers. Now, even a site visitor’s IP address may be considered PII. In short, you are now responsible for data and privacy protection on your website, regardless of that website’s purpose.

Though a burden for site owners, it’s not hard to understand why this change is a good thing. With so much data living online now, the danger isn’t necessarily in exposing any particular data point, but in being able to piece so many of them together.

Fortunately, the underlying principles are nearly as simple as the regulations themselves are confusing.

SSL Certificates

Perhaps the most basic element of data protection is an SSL certificate. Though it isn’t directly related to the new regulatory environment it’s a basic foundational component of solid data handling. You probably already have an SSL certificate in place; if not, that should be your first order of business. They’re inexpensive — there are even free versions available — and they have the added benefit of improving search engine performance.

Get Consent

Second on your list of good data-handling practices is getting visitor consent before gathering information. Yes, opt-in policies are a pain. Yes, double opt-in policies are even more of a pain — and can drive down engagement rates. Both are necessary to adhere to some of the new regulations.

This includes not only information you gather actively — like email addresses for gated content — but also more passive information, like the use of cookies on your website.

Give Options

Perhaps the biggest shift we’re seeing is toward giving site visitors more options over how their PII is being used. For example, the ability to turn cookies off when visiting a site.

You should also provide a way for consumers to see what information you have gathered and associated with their name, account, or email address.

Including the Option to Be Forgotten

Even after giving consent, consumers should have the right to change their minds. As marketers, that means giving them the ability to delete the information we’ve gathered.

Planning Ad Responsibilities For Data Breaches

Accidents happen, new vulnerabilities emerge, and you can’t control every aspect of your data handling as completely as you’d like. Being prepared for the possibility of a data breach is as important as doing everything you can to prevent them in the first place.

What happens when user information is exposed will depend on the data involved, your location, and what your privacy and data retention policies have promised, as well as which regulations you are subject to.

Be prepared with a plan of action for addressing all foreseeable data breaches. In most cases, you’ll need to alert those who have been or may have been affected. There may also be timeframes in which you must send alerts and possibly remediation in the form of credit or other monitoring.

A Small Investment Pays Off

As a final note, I’ll circle back to the “I’m not a lawyer” meme. A lawyer with expertise in this area is going to be an important part of your team. So, too, will a technology lead who is open to changing how he or she has thought about data privacy in the past. For those who haven’t dealt with transactional requirements in the past, this can be brand new territory which may require new tools and even new vendors.

All of this comes at a price, of course, but given the stakes — not just the fines, but the reputational losses, hits to employee morale, and lost productivity — it’s a small investment for doing right by your prospects and customers.

Here’s a Website Performance Checklist to Kick 2020 Off Right

Reviewing your website’s security practices, privacy policies, accessibility, and analytics can help improve performance over the course of the year. You can still pledge to get the most from your website. This website performance checklist can help.

No need to abandon all hope if your New Year’s resolutions have already fallen by the wayside. You can still pledge to get the most from your website in 2020. This website performance checklist can help.

None of these topics are particularly sexy. Nor are they likely to have the kind of top-line impact (read: massive increases in revenue) that lead to promotions and bonuses. But they can save you a ton of pain and regret throughout the year. And without a doubt, they will make those revenue-spiking initiatives that much more successful.

Security Review

Having your domain blacklisted is nobody’s idea of fun. Because there’s no “Undo” button, once you’re in trouble, it’s time-consuming to get out. So, it is well worth reviewing your site’s security to ensure that no evil lurks in the heart of your coding.

Check your traffic logs and firewall settings to make sure you’re still keeping as much malicious activity off your site as possible.

If your site is custom coded, confirm with your developers that the code base is being updated regularly to guard against malware and other attacks. (Even fully customized sites generally rely on code libraries or frameworks that can be the target of attacks.)

If you use a commercial CMS, do a similar check with the vendor. It can be helpful to also do a web search for “[my CMS name] vulnerabilities” and other phrases to find reports of attacks.

An open-source CMS requires a similar review:

  • Do you have the most recent version installed?
  • Are all of the plugins, modules, widgets, and other helper programs up to date?

In all of these cases, you should be on a regularly scheduled maintenance plan with your development team. Now is the time to make sure you have the most appropriate level of protection.

Don’t forget the basics. A quick review is all that should be required to make sure that your registrar and hosting accounts are secure and your domain name and SSL certificate are in order and not at risk of cancellation. If you host internally, review server access to eliminate the chance of former employees making mischief.

Privacy Review

If GDPR and CCPA sound like alphabet soup to you, it’s definitely time to review your site’s privacy policy and things like data retention. This is now true even for non-transactional sites. GDPR may apply only to those of us who work with E.U. residents, but CCPA applies to most firms who interact with California residents. The Shield law applies to every firm in New York State.

That’s a lot to keep track of and understanding your responsibilities can be overwhelming. Given the potential fines involved, this is not an area where you want to take all of your advice from a marketer, coder, or (ahem) digital strategist. Be sure to have a knowledgeable lawyer review your privacy policies and practices.

Accessibility Review

Making websites accessible to people with disabilities is an area that has grown in importance over the past 18 months or so because of an increase in legal actions, even though the relevant regulations aren’t new.

The good news is that building new websites to be accessible isn’t particularly difficult, nor is maintaining that accessibility as new content is added. Both require an understanding of the requirements and a shift in approach.

The story is not quite as rosy for bringing existing sites into compliance, which tends to be more labor-intensive. Adjustments may include changes to branding and in-depth review of content (image alt tags, for example), as well as less visible coding changes.

There are a number of excellent assessment tools that can help you get an understanding of the effort required to make the site compliant. But a deeper, manual scan will also be required to uncover everything.

Analytics Review

Finally, don’t forget to review your analytics. This is one area that just may uncover insights that can lead to revenue growth that and a move closer to the corner office, though more likely those improvements will be incremental.

  • Compare statistics year-over-year to see where you’ve improved and where performance has fallen off.
  • Determine whether your mobile audience is growing or holding steady. (It’s probably not shrinking.)
  • Review traffic sources to see how visitors are finding you. That can guide adjustments to your marketing efforts.

You may be doing quite a bit of this on a monthly or quarterly basis as part of your marketing efforts. Still, it’s worth it to expand beyond that scope to look at broader performance and strive for continual improvement throughout 2020 and beyond.

Marketers’ New Year’s Resolution: ‘I Will Give Customers More T-R-A’

The turning of the calendar may mean a new fiscal year for many marketing organizations, but there is one constant that remains paramount for customer-centric enterprises:  TLC (tender loving care) and how we demonstrate such sentiments to our prospects, customers, and donors — whomever applies.

The turning of the calendar may mean a new fiscal year for many marketing organizations, but there is one constant that remains paramount for customer-centric enterprises: TLC (tender loving care) and how we demonstrate such sentiments to our prospects, customers, and donors — whomever applies.

According to its most recent survey of more than 13,400 C-suite leaders, IBM is recommending data users to pursue another approach in their efforts to build consumer trust: T-R-A, as in transparency, reciprocity, and accountability. See the IBM report, “Build Your Trust Advantage: Leadership in the Age of Data and AI Everywhere” (Opens as a PDF)

The report states:

“To satisfy the modern requirement for trust, leading organizations are adopting three basic principles as their guide: transparency, reciprocity, and accountability. Each provides assurance to customers, but is more than good marketing. These principles are the scaffolding that supports the modern enterprise, remade to propagate trust.”

In a time when trust is increasingly harder to earn — and where consumers question the data-for-value exchange — one may think to shun the data quest. But that is not the correct course of action, nor a viable option, at all. Instead, the answer is to triple up efforts — to seek out and ensure higher quality data sources, to ensure chain-of-trust on permissions and consumer controls, and to hold ourselves and data partners accountable for results.

According to IBM, enterprise leaders — “torchbearers” — have fused their data and business strategies as one. “The torchbearers defy data fears, enhancing the trust of customers.”  Eighty-two percent say they use data to strengthen customer trust, compared with 43% of “aspirational” enterprise data users.

So what does T-R-A entail?

Transparency

“Customers demand transparency of data associated with the products and services, and, in the case of personal data, assurances that it’s used in a fair manner and kept safe,” the report states.

Three Keys to Consumer Love: Transparency, Reciprocity and Accountability. | Credit: Pexels.com

And it’s not just about data used in marketing — it’s also about data regarding how products are developed and manufactured, for example, and user reviews and recommendations. Any data that informs the customer journey, and enables the brand promise, really.

Reciprocity

“C-suite executives understand that to get access to data, they have to give something meaningful in return,” the report states. “The challenge? Organizations often don’t know what their customers would consider a fair exchange.”

That’s a fair assessment — as most consumers say they are skeptical about data-sharing benefits; particularly where privacy is concerned. So it is incumbent upon us to discover — probably using data — what truly motivates consumers’ sense of trust and value. I don’t think we do as good a job as we could as brands, and perhaps as an industry, in explaining data’s value to the consumer. Thus, we must do better.

Accountability

“Accountability is synonymous with brand integrity,” the report opined. “To succeed in retaining trust while growing business or expanding into new marketers, marketers need to establish governance and policies to combat cyber risk and protect consumer trust and brand.”

To me, accountability extends beyond data security — and the lawsuits and brand erosion that may follow data breaches. Data governance is closer to the accountability mark: making sure our data supply chains are “clean,” and that they adhere to industry ethics and best practices.

Here’s Wishing You T-R-A in 2020

So I’m hoping my New Year and yours has a lot more T-R-A in the offing. If the consumers equates sharing of data with a loss of privacy, then no one wins — especially the consumer.

 

 

 

What’s the Price on ‘My Data’? Let the Marketplace Set the Rate

A bipartisan bill in Congress would assign the U.S. Securities and Exchange Commission with the task of determining what consumer data is worth; at least when it comes to Big Digital giants. So what’s my data worth?

A bipartisan bill in Congress would assign the U.S. Securities and Exchange Commission with the task of determining what consumer data is worth; at least when it comes to Big Digital giants. So what’s my data worth?

On the face of it, having the government mirror the private sector, and recognize that consumer data is a valuable asset, is actually quite wise. Data is worth something — and accounting rules, risk management, capitalism, and a reverence for asset protection — all point to a need to understand data’s worth and secure it accordingly. But should the government come up with the arithmetic? Really? And why limit this to Big Digital … data drives all economy sectors!

If this is about commerce and productivity, and facilitating next-generation accounting and capitalism, then I’d be all gung-ho. If it’s about setting the stage for just being punitive, then perhaps we can and must do better.

Take privacy. I’m already getting click fatigue — with permission notices on every site I want to visit, as well as the apps I use, it’s no wonder people are questioning if laws like GDPR and CCPA really afford any meaningful privacy protection at all, as well-intended as they may be. Privacy is personally defined — though universal principles need apply. Again, I think we can and must do better.

Recognizing data’s value — as the fuel for today’s economy — means recognizing data’s limitless beneficial uses (and encouraging such uses and further innovation), while putting a no-go ring around unreasonable uses (like throwing elections).

Business Efforts to Calculate Data’s Worth

“My data” is a misnomer. On the data valuation front, we from the direct marketing world — purveyors of personally identifiable information (PII) — have been putting a price on data for years … and understand data’s value, intrinsically. Big reveal: It’s not about me. (Sorry, Taylor Swift.)

Worldata, for example, has been tracking list prices for decades, and dutifully reporting on this. In the world of direct response, there’s “sweat equity” in both response and compiled lists. For response lists, some enterprise built a list of customers (or donors). The value of that list is derived from the shared attribute those customers have – and not, as some privacy advocates would have it, with the sum of one individual after another appearing on that list. With compiled lists, observable data is harnessed and staged also for marketing use – providing a more complete view of prospects and customers. Again, the value is derived from the attributes that data subjects share.

Even in digital data driving today’s media placement for advertising (more accurately, audience placement) — the algorithms deployed in search, social, and display — the values of these formulae are derived from affinities in these proprietary calculations, much of it anonymized from a traditional PII perspective. Yes, there are lots of data — nearly $21.2 billion in U.S. trade alone — but it’s not hoarding; it’s being put to productive use — in effect, 1:1 at mass scale.

With any innovations, there are bound to be mistakes by good companies, and some bad players, too. But it’s amazing to see how the marketplace weeds these out, over time. The marketplace, in time, weeds out the wheat from the chaff. The industry comes up with brand safety, privacy, security, chain-of-trust, and other initiatives to help facilitate more transparency and control. And testing shows which data sources are timely and reliable — and which ones where data quality is in question.

Predict This: Data Unleashed for Responsible Use Unleashes Consumer Benefits

Recently, I heard a current federal official say that data may be fuel — but it’s not like oil. Oil is finite. Data, on the other hand, is a limitless resource — like fusion. And it can be replicated. In fact, he went on to say, the more it is shared for responsible data use, the more consumers, citizens, commerce, and the economy benefit. This is correct. The commercialization of the Internet, indeed, gave us today’s global Digital Economy — giving billions access to information where they are able to derive limitless benefits.

That’s why potential breaches of data do need to be risk-assessed, prevented, understood for a likelihood of harm — with data governance and employee training thoroughly implemented. That’s also why government should investigate significant breaches to detect lax practices, and to instruct enterprises how to better protect themselves from bad actors. Here, I can see a viable SEC role, where all publicly held companies, and privately held too, are called into question – not just one type of company.

Where privacy is concerned … don’t just divide Big Digital revenue by the number of users with social accounts — and start menacing on what data about me online may be worth. That immediately starts off with a false assumption, fails to recognize information’s exponential value in the economy, and denies the incredible social benefits afforded by the digitization of information.

The Digital Advertising Alliance (a client) conducted a study in 2016, and found that consumers assign a value of nearly $1,200 a year to the “free” ad-financed content they access and rely upon via digital and mobile. However, if they were forced to pay that amount – most would not be willing (or able) to pay such a premium.

This research shows why we need to protect and facilitate ad-financed content. But it’s part of a larger discussion. It’s about why the commercialization of the Internet has been a 25-year success (happy birthday, October 24) and we must keep that moving forward. As consumers, we all have prospered! Let’s start our discussion on data valuation here.

 

Why Your Website Needs an SSL Certificate Now

With Google’s continued push to convince all website owners that they need to secure their sites via SSL certificate, it’s time to make the switch even if you’re not gathering personally identifiable information from site visitors.

SSL Certificates secure websitesWith Google’s continued push to convince all website owners that they need to secure their sites via SSL certificate, it’s easy to view the change as another burden, especially if your site is simple enough that it does not gather personal information on your site visitors.

But there are reasons other than transaction processing and PII — personally identifiable information – to use SSL to secure your site.

You Look Bad – to Your Prospects

The top of the list is perception. If Google is going to display a not-secure message on sites without https, you’ll be sending a negative message to site visitors, even if they don’t really understand the underlying issues. Depending on the sophistication of your audience, and the nature of your business, this could be a minor distraction or it could have a large impact on site traffic and engagement. I would expect most people would avoid filling out a subscription form or other call to action on a site they had any doubts about.

You Look Good – to Hackers

You never want to be the only house on the block with an alarm company sign on your lawn – and you never want to be the only house without one.

Only a few years ago a site that used an SSL certificate without an obvious need for one might attract unwanted attention from hackers. (Though most hacking is not done anymore in a way that has actual human hackers looking at websites one by one.) You would have been that house with the alarm company sign when no one else had one.

We’re now getting to a point where operating without SSL puts you in the distinct minority. We’ve recently seen data that suggests that more than 70% of sites in the U.S. are now SSL protected. So you’re not quite the only house on the block without the sign, but it’s getting close.

You Want to Be Found

Another reason to install an SSL certificate and migrate your site to answer at https rather than http is to help your SEO efforts. Google is now including SSL protection as ranking factor. So all things being equal, a protected site will rank higher.

There are different kinds of SSL certificates and selecting the best one for your site is a conversation to be had by your webmaster and your hosting provider or IT manager in charge of your web server. As a digital marketer, you’ll want a seat at the table because, as you’ve seen above, SSL certificates are an area where technology can impact marketing.

For Our Security, Does the FBI Need a Predictive Model?

If you’ve ever worked with a predictive model, you know it is not static, but an iterative effort that requires constant testing, tweaking and feeding of additional data points. It’s a living, breathing tool that is extremely useful in helping to determine where you should best spend your marketing investment for the highest return. This same premise could be used to predict the likelihood of terrorist activity — and therefore be a useful tool in our global war on terror.

Data ScientistIf you’ve ever tried to improve your direct marketing response rates, you’ve probably considered the use of a predictive model.

Predictive modeling is a process that uses data mining and probability to forecast outcomes. The model is made up of a number of variables about your customers: demographic variables (gender, age, household income, etc.), lifestyle variables (smoker, frequent flyer, etc.) and behavioral variables (last date of purchase, purchase amount, SKU, etc.). Each variable is weighted as to its likelihood to predict a specific outcome (like a future purchase) and a statistical model is then formulated. The model is then overlaid on your customer file and every customer is ranked based on their likelihood to respond to an offer, take your desired action, and even predict the average purchase amount.

If you’ve ever worked with a predictive model, you know it is not static, but an iterative effort that requires constant testing, tweaking and feeding of additional data points. It’s a living, breathing tool that is extremely useful in helping to determine where you should best spend your marketing investment for the highest return.

This same premise could be used to predict the likelihood of terrorist activity — and therefore be a useful tool in our global war on terror.

Think about it for just a minute.

The recent bombing in Manchester, U.K. might have been prevented if only the suspect had been higher on the terrorism watch list.

While authorities noted that the suspect (and his family) were on the list, it was added that there are “thousands” on the watch list and there isn’t enough manpower to track them all. Fair enough. But let’s consider those variables that may have predicted that something was about to happen and that, perhaps, he should have moved higher up on that list.

  • The suspects father was linked to a well-known militant Islamist group in Libya
  • His two brothers have been separately arrested on suspicion of terrorism offences
  • He was reported to authorities two years ago “because he [was] thought to be involved in extremism and terrorism”
  • Two friends separately called the police counter-terrorism hotline five years ago and again last year
  • Neighbors had called authorities within the last year, noting that the family had flown a flag for a short time that was black and had writing on it similar to jihadists

The final variable is that the suspect had traveled to both Syria and Libya — the latter only a few weeks before returning to the U.K. and launching his attack. Libya is well known as a terrorist hotbed, so add all the previous variables and the “traveled in May 2017 to Libya” variable would probably catapult this guy to the top of the model.

But why doesn’t such a database exist?

Well, privacy concerns, for one. While consumers — and in particular, Americans — argue about their privacy rights, they are already part of every large consumer database whether they realize it or not. If you’ve ever purchased a home, opened a credit card, paid a tax bill, enrolled in a public school, joined a Frequent Flyer program, registered a purchase for warranty coverage, made a political contribution or subscribed to a magazine, you’re in the Experian or Equifax master file.

In many countries around the world, these same kinds of consumer databases exist, so imagine if these files were combined, and then appended with data variables from law enforcement databases and ticket sales from airline databases. Add in databases about weapon and ammunition purchases, and surely there are enough predictive variables that would allow an analyst to build a model that would determine a way to help prioritize security watch lists, and aid in keeping our world just a little bit safer?

Privacy advocates get itchy just thinking about it.

And, of course, there are those concerned about how this wealth of information could be abused, or how hackers could infiltrate and release confidential information.

But as I head through another security check at my airline gate, and I hear more news about losing the ability to work on my laptop or read my Kindle while in the air, I have to think there’s got to be a better way than the seemingly randomization of these security measures. And it seems that a predictive model might be the answer — but since it depends on consumer data at its core, the future is uncertain without it.

Secure Search: A Clearer Argument for Migration 

The boost in SEO rankings has proven to be small, as suggested, but there are now more compelling reasons to transition to a secure search. Now is a good time to revisit and reconsider implementing security into your technical improvement plan.

Search and Success: How to Make Your Website, Content and SEO Pay OffIn 2014, when Google announced that its search algorithm would soon give boosted ranks to secure sites, I recommended a cautious approach and suggested that site owners carefully weigh the pros and cons before migrating to a secure site environment.

At that time, corresponding boost sizes were undefined and for many companies, it was unclear whether the potential site disruption would be worth the expense.

The boost in SEO rankings has proven to be small, as then suggested, but there are now more compelling reasons to transition to a secure search. Now is a good time to reconsider implementing security into your technical improvement plan.

That Was Then

In 2014, I recommended the prudent approach of focusing on site speed improvement, with the long-term goal of moving to a secure environment. A small, unquantified boost in rankings was not worth the effort of making the immediate move to a secure environment. Unless site owners sped up their unsecured sites and placed protocols to continuously monitor and test that speed, going secure seemed expensive and ill-advised.

This Is Now

The basis of this recommendation has not changed, but the best time for implementation has. Instead of keeping the transition to a secure environment on the “maybe someday” list, it should be integrated into your 2017 plan.

The Pioneers Have Taken the Arrows

A great advantage of having taken a cautionary approach to secure sites is the ability to learn from the pioneers.

As with product planning, the pioneers take the arrows while settlers follow behind and take the land.

With regards to site migration, there are now enough collective experiences and a well-trodden path to provide guidelines for tech teams to follow. Shifting and redirecting thousands of URLs for a large site is still a significant mapping task, so migration will not occur instantaneously. But an ever-growing number of sites have already successfully made the shift, and you should consider doing the same.

Google Favors HTTPS

Google continues to advocate for a more secure Web.

Data gleaned from Google Chrome users has shown that users spend a greater amount of time on HTTPS pages than on HTTP pages — a rate that is increasing across both mobile and desktop access.

Google notes that more than half of pages loaded and two-thirds of total time spent by Chrome desktop users occur via HTTPS. The longitudinal data shows the prospects of continued growth, as both users and sites are adopting and adapting to a more secure environment.

A further incentive is on the horizon: In 2017, users of Google Chrome can expect to see clear designations on the browser bar whenever they visit insecure pages that accept usernames, passwords or credit card information.

Google intends to further tighten the ratchet by warning users of potentially harmful sites in 2017. This shaming of insecure sites should provide a stark incentive to make the move.

Take Action Now

As I see it, now is the time to complete the plans for your switch to a secure site. Set a specific date and then execute your plan.

But take caution in your move, and keep best practices in mind: Learn from the experiences of the pioneers, ensure proper crawling of your new secure site and protect your valuable search rankings.

Moving to a secure environment is no longer just something that should be done for the tiny boost in rankings — it is now a move to protect the reputation of your business.