Data Security And Privacy: Marketing’s Top Conundrum In 2016
With stronger regulations looming, US marketers need to put data privacy front and center. Columnist Josh Manion explains how enterprise tag management can help you manage customer data.
Forecasting the top tech trends has become a New Year’s rite of passage, but there’s no mystery about what will be one of the most compelling changes to hit marketers in 2016.
This will be the year that enterprises undertake significant initiatives to secure data and ensure user privacy, particularly as the European Union looks to impose draconian penalties for companies failing to do so for EU citizens and residents.
Digital marketers in the US have tended to put data privacy in the back seat, unlike in Europe, where users’ right to anonymity enables them to explicitly opt out of leaving information identifying them on website visits. But that’s changing, and US marketers know this. In the final months of 2016, the stakes for US marketers doing cross-border business grew astronomically.
The first big news to hit came from the European Court of Justice, which struck down the 15-year-old Safe Harbor Act. That act had allowed more than 4,000 global businesses, including companies like Google and Facebook, to transfer data from the EU to US servers by self-certifying they met data-protection standards under European law.
Now, multi-national companies transferring data from the EU must put other approved legal provisions in place to authorize data transfers.
Then in December, the final touches were put on strict new EU rules under the General Data Protection Regulation (use and privacy of EU citizen data) and the Data Protection Directive (use and privacy of EU citizens’ data by law enforcement).
The European Parliament is expected to vote on final approval of the regulation governing EU citizen data in early 2016. It would go into effect in all 28 EU member countries within three days of approval, with a two-year transition to develop enforcement approaches.
The regulation has been described as an effort to create a “modern and harmonised data protection framework.” Companies failing to comply with data protection rules could pay penalties of as much as four percent of annual revenue. Infractions among large internet companies could cost billions.
The Big Takeaways
Rules imposing penalties of such magnitude put data privacy front and center for enterprise marketers. All global companies will need to examine how they collect, store, manage and deploy customer data across their marketing and advertising technology stacks.
While the focus is on data crossing international borders, it makes good business sense to manage and control consumer data in responsible ways, regardless of point of origin and use. Not only are legal consequences more severe, so are customer concerns and expectations.
In developing its top-10 list of critical success factors for the year, Forrester argued that 2016 will be the most “consequential year for companies adapting to digitally savvy, empowered customers.”
Elevated in its list of critical success factors is privacy, not simply as a risk or legal issue, but as a point of difference that is important to winning customers.
5 Keys For Enforcing Data Privacy
With approval of the EU regulation looming, and other parts of the world undoubtedly ready to enact stringent privacy protection rules, companies will have a few months and up to two years to implement enforcement approaches. What’s the best way forward?
Given the volume and velocity of data generated in a company’s digital ecosystem, enterprise tag management can stand as a first line of defense in controlling and managing data, including instituting powerful safeguards for data privacy. (Disclosure: I’m the CEO of an enterprise tag management company.)
Tags are a primary way used to collect and distribute digital customer data, as well as create rules regarding when and where that data is collected, and by which vendor. By extending the functionality of traditional tag management, an enterprise-class solution can enforce a company’s privacy policies, block unwanted website trackers from firing, and ensure full compliance with user preferences and privacy laws enacted by jurisdictions around the world.
Here are some of the foundational capabilities you should look to in enterprise tag management to secure data and manage privacy choices:
• Real-time Enforcement. Rules governing privacy requirements mean the enterprise marketer will need to manage consumer-friendly “consent” processes with users in real time. An enterprise tag management solution should enable marketers to customize the consent experience; disclose information about data tracking and its intended use; give them the choice to opt out of data tracking; and enforce visitor consent.
Note that such requirements are likely to make companies focus more on first-party data (collected at the user level), instead of third-party collection, to power such marketing activities as analytics and personalization.
• Data Control — The marketing team needs full visibility into any and all third-party — and even fourth- and fifth-party — tags placed on websites.
In addition, marketers must monitor tags for unusual behavior or policy non-compliance. Brands can additionally protect themselves by restricting the sale of their data to third, fourth and fifth parties.
• Data Security. The marketing team needs to ensure the security of data within tags based on internal privacy and data security policies. That means identifying and preventing leakage of sensitive data from the browser.
Regular privacy audits and tag analysis will enable marketers to identify vulnerabilities and areas of potential data leakage, including consent interfaces when visitors opt in and out of data collection.
• Workflow Management. Marketing teams can secure data by tightly managing and restricting access to use by designated teams and individuals only. A company, for example, can leverage the tag management system’s workflow governance to streamline workflows across teams, geographies and agencies, while ensuring data is governed according to policy.
Rules can be established for access to and use of data among internal teams, agencies and trusted partners and other sources.
• Whitelist Control. The marketing team needs full control in the browser to enforce visitor consent over all tags, not just ones added by the company itself. It’s important to minimize fourth- and fifth-party tags.
Real-time enforcement at the tag level is key, rather than cookie-based opt-out enforcement only. This capability can also give the website owner control over which technologies are allowed by putting them on a “whitelist.”
Strict new privacy rules and growing concern over data security clearly lend urgency to these issues. My view is that transparency will be the ultimate standard for using consumer data in the future.
With that as a backdrop, begin now to ensure you can effectively govern and secure data collected in the marketing technology stack — and protect consumer data.