What Did You Do on Data Privacy Day 2020? Do Tell Us.

Each year, Jan. 28 is known as “Data Privacy Day” in the United States and globally — also Data Protection Day in other jurisdictions. As business organizations — and marketers — we see that it’s a day when consumers are reminded to exercise their “privacy rights.”

Each year, Jan. 28 is known as “Data Privacy Day” in the United States and globally — also Data Protection Day in other jurisdictions.

As business organizations — and marketers — we see that it’s a day when consumers are reminded to exercise their “privacy rights” and take advantage of tips and tricks for safeguarding their privacy and security. In our world of marketing, there are quite a few self-regulatory and co-regulatory tools (U.S. focus here) that enable choices and opt-outs:

  • To opt out of commercial email, direct mail, and telemarketing in certain states, consumers can avail themselves of DMAchoice. For telemarketing, they can also enroll on the Federal Trade Commission’s Do Not Call database.
  • For data collected online for interest-based ads, consumers can take advantage of Digital Advertising Alliance’s WebChoices and Network Advertising Initiative consumer control tools, which are accessible via the ubiquitous “AdChoices” icon. DAA also offers AppChoices, where data is collected across apps for interest-based ads. [Disclosure: DAA is a client.]
  • Now that California has a new consumer privacy law, consumers there can also take advantage of DAA’s new “Do-Not-Sell My Personal Information” Opt Out Tool for the Web. Its AppChoices mobile app also has a new CCPA opt-out component for “do not sell.” Publishers all over the Web are placing “Do Not Sell My Personal Information” notices in their footers, even if others outside California can see them, and offering links to their own in-house suppression lists, as well as DAA’s. Some publishers are using new the Privacy Rights icon to accompany these notices.

Certainly, businesses need to be using all of these tools — either as participants, or as subscribers — for the media channels where they collect, analyze, and use personal and anonymized data for targeted marketing. There’s no reason for not participating in these industry initiatives to honor consumer’s opt-out choices, unless we wish to invite more prescriptive laws and regulations.

We are constantly reminded that consumers demand high privacy and high security — and they do. We also are reminded that they prefer personalized experiences, relevant messaging, and wish to be recognized as customers as they go from device to device, and across the media landscape. Sometimes, these objectives may seem to be in conflict … but they really are not. Both objectives are good business sense.

As The Winterberry’s Group Bruce Biegel reported while presenting his Annual Outlook for media in 2020 (opens as a PDF), the U.S. data marketplace remains alive and well. For data providers, the onus is to show where consumer permissions are properly sourced, and transparency is fully authenticated and demonstrated to consumers in the data-gathering process. It’s a rush to quality. Plainly stated, adherence to industry data codes and principles (DAA, NAI, Interactive Advertising Bureau, Association of National Advertisers, among others) are table stakes. Going above and beyond laws and ethics codes are business decisions that may provide a competitive edge.

So what did I do on Data Privacy Day 2020? You’re reading it!  Share with me any efforts you may have taken on that day in the “public” comments below.

Marketers’ New Year’s Resolution: ‘I Will Give Customers More T-R-A’

The turning of the calendar may mean a new fiscal year for many marketing organizations, but there is one constant that remains paramount for customer-centric enterprises:  TLC (tender loving care) and how we demonstrate such sentiments to our prospects, customers, and donors — whomever applies.

The turning of the calendar may mean a new fiscal year for many marketing organizations, but there is one constant that remains paramount for customer-centric enterprises: TLC (tender loving care) and how we demonstrate such sentiments to our prospects, customers, and donors — whomever applies.

According to its most recent survey of more than 13,400 C-suite leaders, IBM is recommending data users to pursue another approach in their efforts to build consumer trust: T-R-A, as in transparency, reciprocity, and accountability. See the IBM report, “Build Your Trust Advantage: Leadership in the Age of Data and AI Everywhere” (Opens as a PDF)

The report states:

“To satisfy the modern requirement for trust, leading organizations are adopting three basic principles as their guide: transparency, reciprocity, and accountability. Each provides assurance to customers, but is more than good marketing. These principles are the scaffolding that supports the modern enterprise, remade to propagate trust.”

In a time when trust is increasingly harder to earn — and where consumers question the data-for-value exchange — one may think to shun the data quest. But that is not the correct course of action, nor a viable option, at all. Instead, the answer is to triple up efforts — to seek out and ensure higher quality data sources, to ensure chain-of-trust on permissions and consumer controls, and to hold ourselves and data partners accountable for results.

According to IBM, enterprise leaders — “torchbearers” — have fused their data and business strategies as one. “The torchbearers defy data fears, enhancing the trust of customers.”  Eighty-two percent say they use data to strengthen customer trust, compared with 43% of “aspirational” enterprise data users.

So what does T-R-A entail?

Transparency

“Customers demand transparency of data associated with the products and services, and, in the case of personal data, assurances that it’s used in a fair manner and kept safe,” the report states.

Three Keys to Consumer Love: Transparency, Reciprocity and Accountability. | Credit: Pexels.com

And it’s not just about data used in marketing — it’s also about data regarding how products are developed and manufactured, for example, and user reviews and recommendations. Any data that informs the customer journey, and enables the brand promise, really.

Reciprocity

“C-suite executives understand that to get access to data, they have to give something meaningful in return,” the report states. “The challenge? Organizations often don’t know what their customers would consider a fair exchange.”

That’s a fair assessment — as most consumers say they are skeptical about data-sharing benefits; particularly where privacy is concerned. So it is incumbent upon us to discover — probably using data — what truly motivates consumers’ sense of trust and value. I don’t think we do as good a job as we could as brands, and perhaps as an industry, in explaining data’s value to the consumer. Thus, we must do better.

Accountability

“Accountability is synonymous with brand integrity,” the report opined. “To succeed in retaining trust while growing business or expanding into new marketers, marketers need to establish governance and policies to combat cyber risk and protect consumer trust and brand.”

To me, accountability extends beyond data security — and the lawsuits and brand erosion that may follow data breaches. Data governance is closer to the accountability mark: making sure our data supply chains are “clean,” and that they adhere to industry ethics and best practices.

Here’s Wishing You T-R-A in 2020

So I’m hoping my New Year and yours has a lot more T-R-A in the offing. If the consumers equates sharing of data with a loss of privacy, then no one wins — especially the consumer.

 

 

 

Why Everyone Benefits When Marketing and Privacy Are Aligned

Privacy is one of the most pressing issues facing organizations today. And it’s not just affecting the companies that are making headlines over it, like Facebook, Google, Capital One, and Experian.

Privacy is one of the most pressing issues facing organizations today. And it’s not just affecting the companies that are making headlines over it, like Facebook, Google, Capital One, and Experian. The recent passage of privacy laws in the United States and abroad, and the resulting potential fines for mistakes, have been a wake-up call for many. Marketing teams always needed to consider privacy but; now, it’s imperative, and there are significantly higher stakes (ahem…billions of dollars).

Noga Rosenthal, Chief Privacy Officer and General Counsel at NCC Media, believes that far too often, marketing and privacy may be unknowingly working against each other or in silos. However, it is essential for these two departments to be closely aligned.

She points out:

“Every company is a data company, whether or not they realize it. You have CRM data and employee data. You’re collecting data off your website. Nearly everybody will be impacted by legislation like CCPA [California Consumer Privacy Act] and needs to be paying attention.”

What’s at Stake

The stakes are high, and the risks are greater when there’s a disconnect between the marketing and communications teams and the privacy and legal teams. There are two common vulnerabilities:

1. Corporate marketing and advertising aren’t taking into account privacy when promoting products and services.

  • Corporate advertising is creepy to customers.
  • Your company is using new and trendy technology vendors that haven’t been properly vetted by privacy teams.
  • You’re using terminology in your marketing, like “tracking” and “anonymous,” that will draw scrutiny from lawmakers.

2. Marketing and communications teams aren’t involved in security and privacy breach preparedness and response.

  • Marketing and communications haven’t contributed to the company’s incident response plan.
  • Marketing is looped in too late during a breach and is not given the resources needed to respond to stakeholders and meet disclosure requirements.

Companies that falter can be subject to hefty fines. They could alienate their customers. And they’ll likely find themselves in the middle of a PR nightmare.

The Benefits of Collaboration

“Marketing should have a seat at the table in all things data governance. It’s mission-critical,” says Peg Kuman, Chief Privacy Officer of V12.

Bringing privacy and marketing together benefits everyone. If you’ve ever tried to read a privacy policy, you know that privacy and legal speak needs to be more accessible and consumer-friendly. Disclosures and policies written by privacy teams would surely benefit from a marketing and communications lens.

If marketers are more in tune with privacy, your company can protect its brand reputation and avoid the painful privacy missteps in advertising that we’ve seen with Netflix, Spotify, Tinder, and countless others. For companies that face an incident, collaboration can ensure a proper response, such as how Twitter recently owned up to its privacy mistakes, used consumer-friendly language and succinctly apologized.

Also, with an overall heightened interest in privacy, companies can provide value to clients and their customers by proactively sharing relevant and easy-to-understand privacy updates. A client outreach strategy can only be effective by coupling the expertise and knowledge of the privacy team with the creativity, strategy, and reach of the marketing team.

According to Rosenthal:

“At times, it feels like marketing and privacy are at odds with each other. But as privacy becomes more important to consumers, and companies like Apple use it as a way to bring in customers and differentiate from competitors, there’s more of a need to lean on each other.”

Where to Begin

There are several ways to open the lines of communication and foster a stronger partnership between privacy and marketing teams.

Establish a Cross-Functional Team

Don’t wait for something bad to happen to get closely aligned. Proactively create a team consisting of privacy, legal, marketing, and communications focused on cross-functional initiatives. Meet regularly to discuss legislation, strategize, and surface ideas.

Use these meetings as a forum for education and awareness. Like Kuman and Rosenthal, most privacy leaders are involved in industry organizations and coalitions. Through their participation, they get vital information that can help their marketing teams.

Commit to Privacy Principles

Privacy principles should align with the company’s mission, vision, and purpose. A great place to start is thinking about what trust and transparency mean for your industry and organization.

Once you’ve determined what privacy means for your organization, make sure it’s clear in everything you and your employees say and do. Better yet, put some marketing power behind those principles, so they become synonymous with your brand.

Prioritize Policies, Protocol, and Incident Response

Your privacy and marketing teams will need to jointly decide where to focus efforts across your various stakeholders including employees, clients, consumers, prospects, partners/vendors, the media, lawmakers, and investors.

There should be a clear protocol for how marketing and privacy work together, and all parties should understand the role that they play in protecting corporate reputation and respecting consumers.

If your organization doesn’t have a breach response strategy, privacy and marketing should champion the development of one, in conjunction with other parts of the organization, such as technology, information security, and client services. Simulation exercises are valuable ways to identify vulnerabilities and prepare without the intense pressure of an actual crisis.

Raise Awareness Through Education

Privacy is likely not top-of-mind for the majority of your marketing staff, but awareness is critical. Education increases awareness. Curriculum specific to marketing helps the full marketing organization understand their role in supporting the company’s privacy principles. Training can also address when it’s necessary to engage your privacy resources.

Kuman prefers the term “socialization” over training.

She adds:

“Companies should socialize the notion that privacy is how we protect our customer, employee, and business assets.”

Privacy Is Everyone’s Job

Regardless of where privacy laws are headed next in the United States and abroad, we all play a role in privacy protection and we’ll be more successful if we’re working closely together.

Data Privacy Policymaking Words of Warning of Europe

Two weeks back, two hearings in Congress were held about a possible forthcoming new federal data privacy law for the United States. Some of the testimony included fascinating insight.

Two weeks back, two hearings in Congress were held about a possible forthcoming new federal data privacy law for the United States. Some of the testimony included fascinating insight.

It’s been nearly nine months since the European Union’s (EU) General Data Protection Regulation (GDPR) took effect with its tentacle effects worldwide – and it is helpful to look at what has transcribed, and to avoid making GDPR’s mistakes. That’s what one of the witnesses, Roslyn Layton, visiting scholar, American Enterprise Institute, had to say to the House Committee on Energy and Commerce, Subcommittee on Consumer Protection and Commerce, in her statement titled “How the US Can Leapfrog the EU.”

GDPR’s Early Impacts Are Foreboding

From Dr. Layton’s testimony, I found these excerpts (footnotes removed) to be particularly insightful – and somewhat frightful, though some of it predictable. She examined GDPR’s early deleterious effects which we, in the United States and elsewhere, would be wise to reject:

GDPR Is Not about Privacy  It’s About Data Flows

“A popular misconception about the GDPR is that it protects privacy; it does not. In fact, the word ‘privacy’ does not even appear in the final text of the GDPR, except in a footnote. Rather, the GDPR is about data protection or, more correctly, data governance. Data privacy is about the use of data by people who are allowed to have it. Data protection, on the other hand, refers to technical systems that keep data out of the hands of people who should not have it. By its very name, the GDPR regulates the processing of personal data, not privacy.”

GDPR Has Only Concentrated Big Digital Since Taking Effect

“To analyze a policy like the GDPR, we must set aside the political pronouncements and evaluate its real-world effects. Since the implementation of the GDPR, Google, Facebook and Amazon have increased their market share in the EU.”

GDPR Has Decimated Small- and Mid-Sized Ad Tech

“One study suggests that small- and medium-sized ad tech competitors have lost up to one-third of their market position since the GDPR took effect. The GDPR does not bode well for cutting-edge firms, as scientists describe it as fundamentally incompatible with artificial intelligence and big data. This is indeed a perverse outcome for a regulation that promised to level the playing field.”

GDPR Raises Costs, Prohibitively Acting as a Trade Barrier

“To do business in the EU today, the average firm of 500 employees must spend about $3 million to comply with the GDPR. Thousands of US firms have decided it is not worthwhile and have exited. No longer visible in the EU are the Chicago Tribune and the hundreds of outlets from Tribune Publishing. This is concerning because the EU is the destination of about two-thirds of America’s exports of digital media, goods and services. Indeed, the GDPR can be examined as a trade barrier to keep small American firms out so that small European firms can get a foothold.”

GDPR Denies Valuable Content to European Citizens

“Of course, $3 million, or even $300 million, is nothing for Google, Facebook and Amazon (The Fortune 500 firms have reportedly earmarked $8 billion for GDPR upgrades.), but it would bankrupt many online enterprises in the US. Indeed, less than half of eligible firms are fully compliant with the GDPR; one-fifth say that full compliance is impossible. The direct welfare loss is estimated be about €260 per European citizen.”

What if the US Enacted GDPR Here … Oh, the Costs

“If a similar regulation were enacted in the US, total GDPR compliance costs for US firms alone would reach $150 billion; twice what the US spend on broadband network investment and one-third of annual e-commerce revenue in the US.”

Dr. Layton, in her testimony, also questioned the California Consumer Privacy Act, which may create even more enterprise requirements then GDPR. She suggested more pragmatic paths need to be forged.

A Better Way Privacy by Design

“Ideally, we need a technologically neutral national framework with a consistent application across enterprises. It should support consumers’ expectations to have same protections on all online entities. The law should make distinctions between personally identifiable information which deserves protection, but not require same high standard for public data, de-identified, and anonymized data which do not carry the same risks. Unlike the GDPR, the US policy should not make it more expensive to do business, reduce consumer freedom or inhibit innovation.”

Data ‘Seat Belts and Air Bags’ for Privacy

In a second hearing, before the Senate Committee on Commerce, Science and Transportation, Interactive Advertising Bureau (IAB) CEO Randall Rothenberg provided a spirited statement of data’s role in the U.S. economy and the benefits that continue to accrue. He, too, drew from an another industry’s history which he believes offers a helpful analogy and cooperative blueprint:

IAB CEO Randall Rothenberg | Credit: Photo: Chet Dalzell

Internet’s Profound Communication Power

“The Internet is perhaps the most powerful and empowering mode of communication and commerce ever invented. It is built on the exchange of data between individuals’ browsers and devices, and myriad server computers operated by hundreds of millions of businesses, educational institutions, governments, NGOs, and other individuals around the world.”

Advertising’s Essential Role Online Much of It Data-Driven

Advertising has served an essential role in the growth and sustainability of the digital ecosystem, almost from the moment the first Internet browsers were released to the public in the 1990s. In the decades since, data-driven advertising has powered the growth of e-commerce, the digital news industry, digital entertainment, and a burgeoning consumer-brand revolution by funding innovative tools and services for consumers and businesses to connect, communicate and trade.

The Indispensable Ingredient: Trust

“Central to companies’ data-fueled growth is trust. As in any relationship, from love to commerce, trust underlies the willingness of parties to exchange information with each other; and thus, their ability to create greater value for each other. The equation is simple: The economy depends on the Internet; the Internet runs on data; data requires trust. IAB strongly believes that legislative and regulatory mechanisms can be deployed in ways that will reinforce and enhance trust in the Internet ecosystem.”

Universal Truth: Consumer Data Is Good

“We recommend Congress start with a premise that for most of American history was self-evident, but today seems almost revolutionary: consumer data is a good thing. It is the raw material of such essential activities as epidemiology, journalism, marketing, business development, and every social science you can name.

The Auto Industry Offers Us a Proactive Model

“We believe our goals align with the Congress’ decision to take a proactive position on data privacy, rather than the reactive approach that has been adopted by Europe and some states. We believe we can work together as partners in this effort with you to advance consumer privacy. Our model is the partnership between government and industry that created the modern concept of automotive safety in the 1960s. Yes, the partnership began as a shotgun wedding. Yes, the auto industry resisted at first. But an undeniable consumer right to be safe on the highways met well-researched solutions, which the Congress embedded in well-crafted laws that were supported by the states.

Auto Safety and Digital Wellness

“The result has been millions of lives and billions of dollars saved. We believe the analogy holds well here. Americans have a right to be secure on the information superhighway. Well-researched solutions and well-crafted laws can assure their ‘digital wellness.’ We should be thorough, practical and collaborative. Our goal should be to find the three or five or 10 practices and mechanisms the seat belts and air bags of the Internet era  that companies can implement and consumers can easily adopt that will reinforce privacy, security and trust.”

Notice and Choice Bombardment Or Predictable Rules of the Road

“Together, based on our members’ experience, we can achieve this new paradigm by developing a federal privacy law that, instead of bombarding consumers with notices and choices, comprehensively provides clear, even-handed, consistent and predictable rules of the road that consumers, businesses and law enforcers can rely upon.

One Federal Standard in Harmony

“Without a consistent, preemptive federal privacy standard, the patchwork of state privacy laws will create consumer confusion, present significant challenges for businesses trying to comply with these laws, and ultimately fall short of consumers’ expectations about their digital privacy. We ask the Congress to harmonize privacy protections across the country through preemptive legislation that provides meaningful protections for consumers while allowing digital innovation to continue apace.”

It is worth reading the testimonies of the privacy advocates present at these two hearings, as well. These GDPR fans have many sympathetic voices in the media and Congress, and truly need to be part of any conversation where consensus ought to be built. It is my hope the right federal legislation will result. The early evidence from Europe where advocates won over reason portends the punitive risks of getting it wrong.

Warning: Marketing Data Policy-Making Ahead in the U.S.

U.S. data policy-making efforts make certain assumptions about marketing. It’s as if there’s a sign coming, saying: “Data Is a Weapon.” But what if lawmakers instead assumed data was a force for good?

U.S. data policy-making efforts make certain assumptions about marketing. It’s as if there’s a sign coming, saying: “Data Is a Weapon.” But what if lawmakers instead assumed data was a force for good?

Certainly, when dealing with the European data protection community — who may seek 4 percent of your global profits — it is wise to be deferential, even praiseworthy.

Apple CEO Tim Cook, in his speech last week to European data commissioners that hearkens back to President Eisenhower’s warning in 1961 about the “military-industrial complex,” identified commercial data collection interests as a “data-industrial complex” that has “weaponized” the collection and monetization of data with great efficiency.

Reading of this, one might extrapolate that all data collection is worrisome, and that this so-called trade in data amounts to “surveillance” that is inherently harmful.

To some, this might be 1961 all over again — or 1984, for that matter.

https://youtu.be/axSnW-ygU5g

In reality, some may be singing from the choir book brought to us by European Parliamentarians. Every time I see a cookie notice on my U.S. website visits, I’m reminded, perhaps gently, that our sovereignty is being visited upon by foreign lawmakers. Europe’s leaders are trying to remake the Internet in its image — while China’s leaders do the same — and the world may be a lot less friendly toward each other as a result.

Considerations of a Healthful Policy Debate

As consumers, we may welcome privacy and security in our nation’s Internet public policy debate. All is not the same, however. We must handle our own policy-making with utmost care. Europe’s General Data Protection Regulation (GDPR) is one model — but is this European law really the right fit for the United States or, for that matter, other regions of the world?

In the private sector:

  • Consider the role that ad-financing (read, digital data) plays in ensuring quality journalism necessary for a healthy democracy.
  • Consider what consent restrictions (read, opt-in) would play in diminishing the ability of start-ups and mid-sized companies to compete with established companies — competition in the digital economy.
  • Consider an appreciation of the long-tail of the Internet — and the diversity of content and niche interests that meet consumer demands, made available through small publishers.
  • Focus on who is at the center of privacy restrictions — the citizen, digital user and the consumer. In every aspect, what are the trade-offs that individuals would experience when responsible data flows are effectively shut down?
  • Appreciate that all data are not the same. Are there data collection scenarios where there is a greater likelihood for harm? Are there categories of personal and user data that are more harmful than others — to the interests of that individual? In the United States, we already highly and wisely regulate such data as credit, health, children’s data, government identification numbers and more.
  • And importantly, understand how private sector use of data — and public sector use of data — differ. How should the two exchange, and not exchange, data between them?

Globally and certainly here in the United States, data enables commerce, consumer choice and diversity of content. Truly, the commercialization of data drives incredibly powerfully beneficial social aims. Such aims deserve recognition as policymakers weigh measured regulation.

Some global business leaders, for whatever motivations, heap praise on GDPR, but there’s danger in assigning “one size fits all”-type regulation. “Surveillance,” too, is a very loaded word — especially where responsible data collection and use represent an unparalleled force in the private sector for good: jobs, economy, competition, ad-financed content and services, and much more. Even governments package public records for beneficial use in the private sector. Remember the only reasons businesses exist is to create and serve a customer.

Where Surveillance Is a Material Concern

On the other hand, where surveillance truly is not a loaded word is where the public sector gathers and uses digital and mobile information to monitor citizens. Or where a government, foreign or domestic, demands the handover or censorship of such information from and of the private sector.

Here, I applaud close – very close – attention to what our government, or any other government, does with digital data, including that which exists in the private sector. Within the U.S., warrants, court orders and subpoenas should be demanded before private sector entities satisfy any government requests for information (and/or deletion of information). As government indeed has honest objectives — combatting fraud, terrorism and other crimes, or advancing public safety or health, for example – then it is wise to provide for independent judicial overview as a necessary check and balance to validate such laudable goals.

Data is a weapon only when it’s perversely used to disserve a consumer, a voter or a democracy. Let the private sector freely use information responsibly for all else, for it unleashes forces for good that serve consumers, the economy and robust discussion.

GDPR Leads Brands to Better CX

A year ago, most companies had no clue where all of their customer data resided, let alone whether or not it was secure. With the implementation of GDPR, and California’s digital privacy law scheduled to take effect in January 2020, companies have started taking their customer and prospect data, and its security, much more seriously.

A year ago, most companies had no clue where all of their customer data resided, let alone whether or not it was secure. With the implementation of GDPR, and California’s digital privacy law scheduled to take effect in January 2020, companies have started taking their customer and prospect data, and its security, much more seriously.

Most organizations keep their customer data in a customer relationship management (CRM) database. However, prior to GDPR, the information was incomplete, the accuracy of the data was not taken seriously, and the data was not secure due to a lack of business process management and master data management policies.

Based on the interviews I have conducted with IT executives involved in databases, big data, AI/ML and security, there has been a significant change in the past year; whereby, companies are now implementing and enforcing data management best practices and creating data Centers of Excellence. Employees are learning the importance of data and its security.

Given that a well-maintained CRM is necessary to deliver a great customer experience (CX), we can expect to see companies begin taking CX seriously, because they are getting their data in order and their competitors will begin using that data to deliver improved CX. We’re now in a race to see who can use data first and best to improve the CX.

Updated privacy policies and security protocols will increase the opportunity to deliver personalized and relevant information of value. In addition to getting consumers’ explicit permission to communicate with their customers and prospects, organizations will want to enact progressive profiling; whereby, they learn more about each customer or prospect every time they interact with your website or organization. The more you know about a customer, the more relevant you should be able to be to them by providing information of value while anticipating needs and wants.

Organizations need to learn what customers and prospects need and want to make their lives easier. This is key to building a disruptive business and earning a customer for life. Lyft has done this for me. Every time I need to travel to or from an airport, I no longer need taxis, rental cars or parking at the airport. Lyft has made my life traveling much simpler and easier. Lyft has earned a customer for life — or at least until its business model is disrupted.

A good CRM with proper data management processes is beneficial to organizations on several fronts:

1. The CRM serves as the repository for all customer data and enables customer-facing employees to have a 360-degree view of the customer so they understand the customer’s relationship with the company — interactions, products/services bought, considered, feedback. All customer-facing employees are able to see the actions that have taken place and know what actions need to take place in the future based on sales and CX processes.
2. Organizations are able to provide more relevant help and information; thereby, making customers’ lives simpler and easier. Some organizations, e.g. financial institutions, are already using predictive analytics to recommend the “next best action” for the customer to the employee.
3. The CRM can be integrated with calendars and marketing automation software for appropriate follow-up before and after a sale, for nurturing marketing qualified leads (MQLs) to sales qualified leads (SQLs) or to market to “lookalike” prospects.
4. The CRM provides real-time metrics enabling team members to see where prospects and customers are in the sales, post-sales, follow-up or problem/resolution cycle.
5. A sound CRM enables the organization to scale in a thoughtful way with proper data management, security and updates. Leveraging even more data to improve the CX.

How has GDPR affected your organization and its data management practices?

Security Is Part of the Customer Experience in Marketing

As companies work to define an exceptional customer experience, my guess is few of them think about the security of the customer and their personally identifiable information (PII). While consumers are willing to trade privacy for convenience, is it incumbent upon application providers to provide secure apps.

As companies work to define an exceptional customer experience, my guess is few of them think about the security of the customer and their personally identifiable information (PII). While consumers are willing to trade privacy for convenience, is it incumbent upon application providers to provide secure apps.

When we buy a product or service from a manufacturer, we do so with the assumption that the product will solve a problem. But what if it creates one with unforeseen circumstances?

Seventy-seven percent of applications have known vulnerabilities. Based on my interviews with hundreds of IT executives, they are not surprised. Organizations put much more emphasis on getting apps to market and monetizing them than ensuring they are secure.

Developers are rewarded for releasing applications as quickly as possible, without regard for the security of the application. Until consumers start worrying about the security of the apps they use and foregoing those apps that do not value the privacy of their information, we can expect more egregious breaches of B2B and B2C data.

While it’s not pleasant to think about, caveat emptor. The emoji keyboard that pops up on your phone has a vulnerability. The key fob to your car is easily replicated to steal your car. Hundreds of mobile websites and apps leak PII.

What’s a consumer to do? Ask questions about how the items they are buying are being secured. By asking questions, we begin to let manufacturers and solutions providers know that security matters and will be part of our purchase decision.

We know 55 percent of consumers are willing to pay more for a better customer experience. How many more are willing to pay for a better customer experience that’s also secure?

We’re in an ongoing battle with hackers to develop and deploy secure apps that protect our PII. It is incumbent upon us as consumers to hold suppliers accountable for the products and services we buy.

This goes for the security of our infrastructure, medical devices, as well as our cell phones. It’s a matter of making security part of the product requirements upfront and then employing security testing throughout the development process.

Faking It: Did I Cover My Tracks Well Enough?

I just happened to be at a conference this week dedicated to privacy, security and assessing risk in data flows, and casually heard stories from privacy-minded folks on some of the lengths they go to to “cover” their tracks online, in mobile, on cameras and in other activities in the virtual and physical worlds.

Data-Driven Marketing: What Corporations Want, What Consumers Demand!I just happened to be at a conference this week dedicated to privacy, security and assessing risk in data flows, and casually heard stories from privacy-minded folks on some of the lengths they go to to “cover” their tracks online, in mobile, on cameras and in other activities in the virtual and physical worlds.

It reminded me of Ram Avrahami – who lost a celebrated court case exactly 20 years ago. In that instance, Mr. Avrahami, a U.S. News and World Report subscriber, intentionally changed the spelling of his name on his subscription to see how his name and address were pandered by the publisher, and then called out the magazine for not honoring his name suppression request (based on his actual spelling). Moral of the story: you can’t thwart industry privacy self-regulation practices and then call out the industry for not being responsive to your privacy concerns.

Then, there’s my own subscription to Elle Décor. Through no fault of mine, I’ve been known to Hearst Publishing as “Hester Dalzell” (a data entry error on their part that I never bothered to fix). Probably like Ram Avrahami before me, I take heightened interest in who happens to send direct mail to me as “Hester.” Simply an indication of who is renting or exchanging the Elle Décor subscription list.

Unlike my privacy friends, however, I hardly ever opt out of anything. I may be the one of the last Americans not on the Federal Trade Commission’s Do Not Call list.

It also makes me think of today’s digital and mobile “cover ups” equivalents — ad blockers, use of private browsers, laptop camera covers, photo masking and encryption, among a host of others. Some of these may be more illusory when it comes to clearing our tracks than they actually are. And who really knows how much or how little privacy we have when it comes to government spying, hacking and surveillance?

I earn a paycheck: I’m a true believer in our industry’s own privacy self-regulatory practices. Advertisers and marketers long ago recognized that by giving consumers transparency and control — preference centers, suppression lists, industry opt-out tools, frequency controls, etc. — we’re truly serving both consumer and business best interest. These efforts may not be perfect, but they are effective in managing and meeting most consumer expectations.

But let’s face it: In the end, you rarely can fake your own death. Data most always will “getcha” every time.

P.S. Speaking of privacy best practices, congratulations to this year’s Direct Marketing Club of New York’s Silver Apples Honorees — some of whom are indeed being recognized as champions for self-regulation. It will great to honor all of them on November 10 in New York.

Security, Cowardly New World | Privacy, Brave New World

What kind of world have we become? To see Sony, theater owners and distributors initially cower over release of “The Interview,” in the face of a cyberterrorist threat was—and is—unnerving. Clearly, businesses feared that Sony’s victimhood would be exported to others. Yes, the movie eventually was released online and in limited theaters, but the initial fear expressed was disconcerting, to say the least.

What kind of world have we become? To see Sony, theater owners and distributors initially cower over release of “The Interview,” in the face of a cyberterrorist threat was—and is—unnerving. Clearly, businesses feared that Sony’s victimhood would be exported to others. Yes, the movie eventually was released online and in limited theaters, but the initial fear expressed was disconcerting, to say the least.

This incident shows how incapable company leaders must feel they are to thwart cyberattacks. Is data anywhere ever really secure in the face of determined malfeasance? I doubt most of the cinema owners were genuinely worried that theatergoers would be physically at risk of terrorism. Rather, it’s the data—proprietary, internal, sensitive, privileged, confidential and otherwise private—being unscrupulously stolen and, once out of the bottle, splayed across gossip pages by “news” media as if they scooped the story. Intellectual property, too, was compromised. Hollywood, actors and all, seemed frightened.

As cybersecurity—or lack of such security—plays out on the international stage, privacy—and Americans’ attitudes about it—is taking a more mature, nuanced posture.

A new Pew Research Center survey on privacy in found that many opinion leaders now realize that our online selves are public, social sharing is currency for being known (online), even if views are mixed over whether or not a privacy rights infrastructure will emerge during the next decade. Consumers will offer personal details in exchange for convenience quite readily.

As The Los Angeles Times reported, “‘Lack of concern about privacy stems from complacency because most people’s life experiences teach them that revealing their private information allows commercial (and public) organizations to make their lives easier (by targeting their needs), whereas the detrimental cases tend to be very serious but relatively rare,’ Bob Briscoe, chief researcher in networking and infrastructure for British Telecom, wrote in his response.”

To me, this is a signal that privacy is a fluid, dynamic state of mind. Our marketing lives are an ever-constant bartering of data—I give you this information about me, you will give me that product, service or convenience—and the only answer to “real” privacy is to never engage in a convenience or transaction. Not many people choose to be Rip Van Winkle. They might yearn for solitude, but it’s not pragmatic or practical.

Furthermore, I believe this “conversation” shows that there is danger in the rigidity of would-be privacy laws and regulations. Yes, privacy (and security) baselines are necessary—but we must not squelch responsible data collection and use, innovation and convenience, especially as consumers become more comfortable and more demanding. In the world of marketing data, self-regulation has served us well for the better part of 50 years. Outlaw fraud. Outlaw data theft. But let information flow where it may to serve consumers better. The White House said as much earlier this year in its Big Data report.

Now if only creative expression was allowed the same latitude. Some people may fret over today’s perceived loss of privacy, but it is security—is the Sony theft the costliest breach in history?—that has made business leaders run for the hills.

A happy, prosperous and free New Year to all.

Take Command of Marketing Data Governance—Because We Have To

The emergence of “big data” as an enterprise concern for many businesses and organizations is, as with most trends, both an opportunity and a concern. I recently was involved in reviewing new and recent Aberdeen Research on “Big Data”—how it is defined, how it is changing information volume (astounding in quantity), variety (both structured and unstructured, with tremendous pressure to integrate and make sense of it), and velocity (pushing the insight, analytics and business rules that flow from such data to lines of business that can best profit from it).

The emergence of “big data” as an enterprise concern for many businesses and organizations is, as with most trends, both an opportunity and a concern.

I recently was involved in reviewing new and recent Aberdeen Research on “Big Data”—how it is defined, how it is changing information volume (astounding in quantity), variety (both structured and unstructured, with tremendous pressure to integrate and make sense of it), and velocity (pushing the insight, analytics and business rules that flow from such data to lines of business that can best profit from it). An infographic that captures some of this research is now posted at Mason Zimbler, a Harte-Hanks Company, which created the visual presentation.

Alongside this current fascination and business trend, perhaps it’s not surprising that members of Congress, both Democrats and Republicans, also are posing questions at the marketing business as to how we collect, buy/sell, rent and exchange data about consumers online and offline, and if there is adequate notice and choice in the process. In the rush to capitalize on Big Data, we need to ensure that we’re collecting and using marketing data for marketing purposes only, and doing so in a manner that is respectful of fair information practices principles and ultimately serves the end-customer, be it consumer or business individual or enterprise. [See Rep. Ed Markey, D-MA: http://markey.house.gov/content/letters-major-data-brokers.]

All too often, privacy adherence is considered a legal matter, or an information technology matter—but I maintain that while these two business areas are important in respecting consumer privacy, it is marketers who have the most to gain (and lose) by smart (or insensitive) information practices. Data is our currency, and we must treat data (our customers as data subjects) as our primary asset to protect. Our method of marketing is in the balance. One or two major privacy mishaps can spoil it for everyone.

Of course, marketing data governance is far more than privacy compliance. Data quality, data integrity, data security, data integration, data validation and data flows within an enterprise all, too, are part of marketing data’s customer intelligence equation. It is in this spirit that the Direct Marketing Association recently introduced its newest certification program for professionals: “The Institute for Marketing Data Governance and Certification,” taught by marketing veteran Peg Kuman, who is vice chair at Relevate Group. The three-day course, which has launched on a two-year, multiple-city tour, is indispensable in understanding how multiple channels, multiple data sources and platforms, customer expectations and business objectives combine to command better understanding, tools and processes for data handling for smart integrated marketing. Forthcoming course dates and registrations are available here: http://www.dmaeducation.org/dm-essentials/marketing_data_governance.php

For three days last month in New York, approximately two dozen professionals from large and small enterprises, both commercial and nonprofit, attended the first seminar. I, too, attended. There were representatives from marketing, public relations, analytics, legal, IT and fundraising, representing brands, agencies and service providers. This group was engaged—providing examples, asking questions and reporting experiences as the curriculum moved along. (For those who don’t know Peg—a former client of mine—she is quite the facilitator.)

Alongside a workbook, I took home some great handouts, too:

  • A sample security policy; a sample information security vulnerability assessment;
  • A security due diligence questionnaire;
  • A sample vendor risk management program vendor questionnaire;
  • The latest copy of the DMA Guidelines for Ethical Business Practice (recently updated with new email append guidelines, by the way) and a bevy of news articles that captures the media’s and public policymakers’ current attention on consumer data in America.

The meat of the course tackled, among other topics:

  • Categorizing data and assigning priority and sensitivity (personally identifiable information, sensitive data and other categories);
  • Mapping data flows and interactions with customers; enhancing data with appended information, and ensuring its use for marketing only;
  • Having a data quality strategy as part of a data strategy;
  • Calculating return on data investment;
  • The emergence of digital, mobile and social data platforms, and how these present both structured and unstructured data collection and insight analysis challenges;
  • Assigning data “ownership”;
  • Calculating and assigning risk regarding security;
  • Monitoring security, investigating potential incidents of a breach, and handling a response to a breach were it to occur (using recent breach response examples of LinkedIn and Epsilon); as well as
  • Laws, ethics and best practices for all of these areas.

One of my concerns is the importation of European-style privacy protection in America, and current fascination with such protections by U.S. regulators and elected officials. That is worth another blog post in itself, but I can assure you that we need to educate politicians about the superiority of self and peer regulation where no consumer harm exists.

Thank you, DMA. Marketing data does not harm. It only creates consumer choice, commerce, jobs and (tax) revenue—and pays for the Internet and other media, too—and it is ridiculous to even entertain government-knows-better regulation of such information through a potential omnibus law in America, or other notions such as a government-mandated “privacy by design” requirement in marketing innovations. (On the other hand, I’m more than happy to see laws pass that protect Americans from potential government abuse of private sector marketing data—Big Brother should not be getting access to marketing data for non-marketing purposes, unless there is a demonstrable greater public good, where subpoenas are served and heard.) Privacy by design is smart business, but only when left to the innovators, not the policymakers.

Which brings me to close—and if you’re still reading this, I congratulate myself for not chasing you away. Big Data (which can incorporate far more than marketing data) goes hand-in-hand with marketing data governance. Whether a Big Data user or not, we all use marketing data everyday as our currency. Protect it. Respect it. Serve it. Govern it. So we can use it.