Today marks the 10th annual Data Privacy and Protection Day, an international initiative that aims to raise awareness in both the business and consumer worlds about data privacy.
In the past, data protection conversations tended to circulate most commonly regarding legal compliance. As the Digital Age matured, the topic gradually expanded into other areas of the business, including, or rather, especially, marketing.
Here, Christopher McClean, VP, research director at Forrester, expounds on such topics as the trajectory of businesses’ concerns with privacy, what consumers expect of marketers who have access to their data, and how businesses can bolster their customers’ confidence in their handling of personal data.
What’s different in the data privacy space now in relation to the past?
For 10 years or so the people who did security for a living kept screaming, “How come nobody’s paying attention to us!” Now, privacy is a big enough topic where CEOs, CFOs, boards of directors are asking a lot of questions. There’s big regulation, and we’ve seen some big fines. This stuff is on customers’ minds now. Anyone who has knowledge about privacy is kind of front and center, and under a lot of pressure.
Was there a particular large scale event in the past year that drove data privacy to the fore in the way the 2013 NSA leaks did?
Nothing new or unique, but the continued breaches—such as Target, Home Depot, and OPM—have brought the realization that these aren’t massive accidents, but are a systemic move. People are going after data for financial purposes. People are trying to make money from selling credit card information. In the health sector, people are using healthcare information to make money. These are growing concerns.
What are the marketing ramifications of this?
For marketing people, there are so many good reasons to use customer data. Ideally, they’re not using data maliciously, but are using it to improve their products and services, and advance customization—making targeted marketing more personalized. Those are all potentially valuable things. There is a creepiness factor, though. Marketers who overuse data, or use it in ways customers aren’t expecting, make customers feel like they’re being intruded upon.
You mentioned that a lot of executives are having conversations about privacy. What are they saying in relation to marketing?
I think they’re asking a couple of questions. First and foremost, they’re asking the security people how they can make sure they don’t have a massive breach. How do they make sure the business doesn’t show up on the front page of The Wall Street Journal, or The New York Times, or something. They’re asking the legal people how they can make sure they aren’t violating international or state laws around data protection.
For the marketing people, they’re trying to ensure they have good customer insights capabilities. They want to be able to track customers, and offer them more personalized services. They want to expand the relationship and engagement with customers without crossing the border of being creepy in a way that might make a customer jump ship to the competition.
How do you think the Internet of Things, and all of the new data these devices can capture, will impact these discussions?
It’s the same problem; it’s just getting more potentially invasive. The sheer amount of the data that’s being collected from Internet of Things technology has all of the good benefits associated with providing better service and capabilities. Some of these apps know where you live, what kind of food you like, how active you are. A lot of that information can be used for good purposes. A lot of the information that’s collected through your phone, for example, could be very helpful from a health perspective. Some of the medical regulators are looking at that data and considering these devices as medical devices. So, there’s a tremendous amount of value. But if it’s used in the wrong way, or stolen, it could severely impact you as an individual. For marketers, it’s one of those things where, with great power comes great responsibility. If the companies you’re working with aren’t paying attention and being responsible with your customers’ data, there’s a tremendous amount of risk.
How can marketers minimize that risk?
Get legal, marketing, and information security to talk. There are other organizations that need to be involved—customer service, for instance—but those three specifically all have a huge part to play in this discussion. The three of them need to sit down and think about what would feel creepy to them as consumers. They need to ask themselves if the data they’re collecting violates any legal or regulatory requirements. Do they know enough about that data that they can enforce policy? Where does that data reside? Is it encrypted? What third parties are involved? Information security, legal, and marketing need to talk about these risks—and the prospect of customers walking away if they feel the business has overstepped. From this communication, marketers can update policies, and improve communication with customers.
Do you feel like this communication is happening enough today?
No, not nearly as much as it should. There are probably some companies that are paying attention to this, and are really trying to understand customer sentiment. But as far as those three groups working together, it’s extremely rare.
Do you have any advice as to how companies can facilitate that communication? Otherwise, consumers are just going to continue to seek out tools like ad blockers.
That’s a great point. If you aren’t paying enough attention to this area, customers are going to find a way to not pay attention to you. They’ll use ad blockers, or sever their connection with you entirely. You don’t want to overstep these bounds. This is really on the shoulders of the marketers. Compliance and security is the job of legal and information teams. The marketer’s job is on both sides of this equation. They get the benefits from more technology and better uses of data, but they’re also the ones exposing the company to risks. Marketers have to make sure they’re thinking about these risks, and balancing the risks with the benefits of getting all of this data.