Don’t ignore data compliance when adding 3rd party marketing tools
As brands make quick pivots to survive the current economy, MOPs teams must keep data security top of mind.
Businesses across industries are relying on their marketing operations teams to drive digital transformation initiatives at breakneck speed right now. And many times that involves bolting third-party components on their brand’s website to add features like payment processing or chat.
“The average website utilizes somewhere between 40 and 60 third-party libraries to deliver capabilities for simple user interface enhancements, like animation, but also full-on customer interactions,” said Jon Wallace, head of product strategy and marketing for the website security platform Ensighten. Many of these third-party tools are backed by trusted organizations, but there are some that could be putting your data security at risk.
The risk of 3rd party tools
“I’m not saying that any of these [third-party] libraries specifically are bad, or are malicious, but there are thousands upon thousands of libraries out there by millions and millions of developers — and, largely, these libraries and their developers are not really vetted, and are not known by your organization,” said Wallace during his Discover MarTech presentation on the data compliance risks associated with third-party tools.
He says, if you go into those libraries, you’ll find there’s over 100,000 different versions of different code across the code bases for these libraries. As a marketing professional, some of the code comes from well-know and trusted technology providers, but some of the code sources are not as transparent — or trustworthy.
“The reality is that these are third-party technologies that are present on websites today — and while some of these technologies are backed by massive trusted organizations, some of them are the product of university thesis projects, maintained by a couple of teenagers in their free-time.”
The problem is, while not all third-party technologies are tools used by bad actors to hack your site, they still may have access to your site’s data, delivering an unsafe digital environment and brand experience.
Compliance means taking full ownership of your data
Data management has been an ongoing issue for marketing and customer experience teams for some time. Last November, Forrester reported less than 40% of the customer data executives it surveyed knew where their company’s data was even stored. The primary issue? Inadequate data management processes — only 5.6% of Forrester’s survey respondents scored a “4” or higher on a scale of 1 to 5 when measuring the company’s data management maturity level.
Forrester’s survey didn’t even touch on the threat of third-party tools mentioned by Wallace, instead focusing on internal customer data processes. Yet, all of it — the data risk of third party tools combined with poorly maintained customer data silos — creates a perfect storm of data compliance risk issues.
Wallace emphasized the need for marketers to take more control over their data management practices during his presentation.
“Do you know where your customer data is going? If you were to map all of the interactions on your website, do you actually know which third-parties are interacting with the user data on your website when it’s rendered in the browser?” asked Wallace. “As an organization, you are actually responsible and liable for non-compliance, even if it’s one of the third-party components that you’re utilizing, in terms of CCPA and GDPR.”
Data compliance goes beyond simply enforcing CCPA regulation measures — things like allowing website visitors the ability to opt-out of their data being sold to third-parties or the right to request a business delete their personal information. True compliance includes having a handle on your data management practices, from how you store and implement data internally to knowing what data you are sharing with third-party tools.
Asking the hard questions
The Forrester survey was conducted more than a year after the EU launched its GDPR laws (a move to ensure consumer privacy and keep consumer data safe) and only months before the launch of CCPA, the California Consumer Privacy Act. The findings highlight how ill-prepared businesses continue to be in terms of data management processes and compliance issues.
“When it comes to things like compliance, you may have implemented a very good approval or consent solution on your website, but have your users actually given consent for all the third party providers that you’re using to sell their data as well?” asked Wallace, “Here’s the thing, any data that is on your website is technically accessible to those third parties as well — those scripts can read what the user is typing in. They, in theory, can look at a whole page and capture that information. If your users don’t allow you to sell that data, can you be sure that the third-party components are also honoring that choice as well?”
These are the hard questions you have to ask when implementing third party tools. Often, in these circumstances, it takes time and effort to find the right answers. Getting a solid grasp of how these tools capture data can be confusing at best and problematic at worst. It all becomes even more difficult when stakeholders outside of the marketing technology group need a solution — and are asking for it to be implemented in record time.
The good news is MOPs teams can act as the first line of defense by pushing back on problematic third-party tools that put a brand, and its customer data, at risk. They can also be the sounding board when enforcing data management and compliance tactics — a proactive move that puts marketing technology groups in the driver’s seat on data compliance efforts, an issue many businesses need to be paying more attention to.