Making Privacy Table Stakes
Dennis Dayman, Eloqua
According to an IBM study, 90 percent of the data in the world today was created in the past two years, and this data comes from everywhere: posts to social media sites, digital pictures and videos, purchase transaction records, and cell phone GPS signals. Because of the growing technology we use in everyday life, this data explosion has left its mark on marketing, informing a more targeted strategy to send relevant ads and communications to consumers.
However, many companies and marketing professionals aren't considering an important piece of that strategy: privacy. Privacy policies and procedures can be complex, and differ by country, but they shouldn't be feared. Privacy processes should be embraced not only because in many situations it's required by law, but also because it's the right thing to do and creates a quality-over-quantity mentality that's important for companies in today's world of relevant and modern marketing.
The importance of collecting customer data isn't going away anytime soon, so how can we address privacy issues? With Privacy by Design.
Privacy by Design is a shift in the approach to privacy, moving it from an afterthought to a consideration in early stages of product/process development. Privacy by Design is an approach to protecting privacy by embedding it into the design specifications of technologies, business practices, and physical infrastructures.
In a nutshell, it means that companies must build in privacy up front, right into the architecture of new systems and processes. Unfortunately, marketers and technologists aren't as far along as they should be in this regard. Instead of the 7,000-word privacy policies hidden behind links at the bottom of a page that we're used to seeing, a registration page should offer a few simple bullet points that explain the policy with transparency up front. For example:
- I am giving my email address because I want to receive marketing emails from you
- I understand you might share my address with “X Company” because they offer relevant information
- We will collect “X” data when you interact with us online, and these people will have access to that information
Privacy by Design advances the view that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization's default mode of operation.
Something worth considering is the level of intricacy needed for privacy policies and procedures when dealing with a global customer base, as there are many differences to be aware of. For instance, the European Union (EU) doesn't allow the transmission or storage of data collected on citizens within those countries to be moved to countries with inadequate security and privacy standards (the United States is one such country). In other words, you can't just collect and transfer data without proper legal processes. When these compliant processes are in place, though, they allow the EU and U.S. to work together to further the economic benefits of the digital market, and to take into consideration technologies that regulations haven't kept up with, such as social media platforms.
These require extensive legal processes such as EU model contracts and binding corporate rules that many marketers aren't even aware of. Those processes take into consideration the legal requirements when capturing data on individuals in other countries, or integrate certain certifications and technologies to ensure a baseline level of protection, such as U.S. Safe Harbour. Another recent example within the EU is tracking regulations in which permission prior to placing or accessing common tracking technologies on users' devices in those countries must be obtained. Many U.S.-based companies today don't offer those sorts of privacy control choices on their websites, but continue to allow individuals to visit and submit information onto these systems.
Companies can simplify compliance with such regulations through technology and automated privacy controls within web-based apps. By making web apps smarter, complying with expansive regulations that might differ by only a point or two become easy, rather than cumbersome, to manage. For example, a visitor from Germany needs to provide affirmative consent before dropping a tracking cookie onto their machine, but a visitor from the U.K. may have an implied consent requirement for the same tracking cookie. Many companies might create, open, and maintain separate websites for each country (remember, the EU has 27 members), but that can quickly become a nightmare, especially if the company gets just one policy wrong.
Modern marketing technologies have risen to the top and allow us to tie everything together as one. Global companies must be reminded that they should not only be interested in investing in marketing to customers and increasing revenues, but also respecting customers choices and adhering with faithful effort to the myriad global regulations.
Over the next few years marketers can expect to see more privacy requirements imposed on marketing processes. Much of this is due to the sheer volume of customer data being tracked and utilized. Again, it isn't something that shouldn't be feared, but rather welcomed by using today's modern marketing technologies and embracing Privacy by Design.
Dennis Dayman is chief privacy and security officer at Eloqua.