10 Potential Data Privacy Pitfalls for Marketers – CMSWire

The Gist

• Data privacy. Marketers are among the largest generators and users of customer data in organizations.
• Data responsibility. They must, therefore, take responsibility to protect the privacy of their customers’ data.
• Data risks. Despite their best efforts, even seemingly innocent acts of marketing can land them in trouble if they don’t internalize the responsibility to protect data in every way.

Marketers have got the message loud and clear: They have to be more accountable for customer data privacy, given their position as some of the most significant creators and consumers of consumer data within the organization. The good news is that privacy is increasingly core to business operations across verticals. Investment in privacy

Privacy laws do not deem consent obtained this way as true consent. That leaves marketers who choose this route (you know who you are!) vulnerable to violations and lawsuits, especially as state laws get stricter and penalties stiffer.

6. Data Anonymization Is Not a Privacy Silver Bullet

Anonymizing, randomizing, noising or masking data for analytics (in the cloud) — while necessary practices, do not guarantee compliance or security. Marketers must be cognizant that anonymized big data sets, even without PII, can still be cracked by expert data scientists (or hackers) by stitching together characteristics to identify specific data subjects. 

This is a particularly vexing problem for marketers in sensitive and regulated industries like healthcare and financial services. Marketers in a hurry to gather insights may move big data sets to the cloud using external tools and vendors, but without consulting central IT and security on the right technique and tool, they are creating privacy risks.

7. DSAR at Scale 

Rights similar to the GDPR’s data subject access request (DSAR) are appearing in various forms in emerging US state laws. They give customers the right to access, correct, transfer or delete their personal information from all applicable company systems, databases and geographies.

Handling a DSAR request manually is costly and error-prone. Marketers need the systems in place to automate response to DSAR requests across all applicable data sets and sources in a timely, cost-effective manner — or risk creating a compliance gap.

Unfortunately, data silos and fragmentation across systems mean not many marketers are prepared to handle DSAR requests seamlessly and within the timeline specified. 

8. Transferring Data to Partners and Vendors 

Marketers are responsible for any user data they collect, through its lifecycle, period. Not just on their own digital properties but even when the data has left their premises or goes out of their direct control. 

Decentralized marketing teams with complex martech and ad tech stacks can’t do without sharing data with third-party cloud-based software as a service (SaaS) vendors. But they need clarity on where vendors host data, their ability to illustrate compliance in multiple applicable geographies, and a clear line of sight into the path their data travels. Ask central IT and legal for a checklist of questions to ask partners about the privacy and security of data being transferred or processed.

In short, marketers can transfer the data, but not responsibility for data privacy. 

9. Not Separating Data Privacy From Data Security 

Though joined at the hip, privacy and security are not the same thing. Data security is about authorized and legal access to data, whereas data privacy refers to the data owner’s right to choose how their data is collected, stored, processed and even discarded. While chief information security officers (CISOs) or chief technology officiers (CTOs) are often accountable for data security, research shows the chain of command to enforce data privacy policies is often diffused and execution is often decentralized across teams in different geographies.

To avoid the associated risks, marketers should take responsibility for consumer data privacy and engage with CISOs, CTOs and legal counsel to build a clear chain of command and ensure marketing and sales workflows don’t create inadvertent privacy vulnerabilities.

10. An Inadequate Privacy Tech Stack

Marketers responsible for the brand’s privacy will need the right tools and platforms to walk the talk. 

• A consent management platform ensures geographically applicable opt-in at each internal and external touchpoint, including social media and private social communities such as Discord or Slack.
• A robust preference management platform to power true messaging relevance and contextuality at each stage of the consumer’s life.
• Access to the IAB Tech Lab’s Global Privacy Platform (GPP V1): A recent framework to enable digital advertising stakeholders — advertisers, publishers and technology vendors — to leverage customer preferences, reduce the cost of managing privacy compliance and mitigate privacy risks.
• Other must-haves, as per Frohlich, include a cookie management tool with global privacy functionality, a data discovery tool like Securiti.ai to help enterprises control complex security, privacy, and compliance risks; and a data lineage tool such as Informatica to connect, unify and democratize your data to advance business outcomes.

Trust, Not Data, Is the New Oil

“With data privacy laws varying by region, marketers could easily overlook minor items that cause major risks. For example, records in contact lists sent via email or Slack will not get discovered in ‘right to forget’ system scans. Not providing B2B clients with adequate data privacy options or not preparing for Global Privacy browser settings are common,” Frohlich warned. 

The lesson is that consumer data privacy is evolving too fast to act on each new change in each geography for each element of your marketing mix in a fragmented manner. A proactive, top-down, privacy-first, privacy-by-design, data minimization culture just makes more sense.

Adblock test (Why?)