BlogView All Blogs
Thursday, September 10, 2015
Keynote: Privacy, What Marketers Need to Know
Where: Atlanta Tech Village
When: Thursday, September 10, 2015 from 11:30am to 1:30pm
James Koons – Chief Privacy Officer, dotmailer
Joseph Sikes – Lead Customer Safety Engineer, Cox Communications
Sarika Davis – Director of Risk Assurance, PwC
Jodi Daniels – Independent Consultant
Lael Bellamy – Chief Privacy Officer, The Weather Channel
(right to left, below)
This incredibly knowledgable panel presented and discussed several aspects of data privacy, compliance and security from a domestic and global perspective. Privacy is a huge source of tension and anxiety in big data, and everything from collection to storage and usage could have major complications and devastating consequences. We opened with an informational video from VIANT on implementing transparency and accountability into your advertising efforts, and then some opening remarks from Jay Jhun, and a final Golf Classic invitation from Krisi Lane. Let’s get into the content.
What constitutes PII? An email address? An actual email? Personal contact information?
Chris posed the question to get us started. (PII being Personally Identifiable Information.) Lael jumped in immediately stating that by definition an email address itself is the simplest form of PII. An email address can then be used to search the net and compile more data-breadcrumbs to hack or steal your identity, for example. She recommended getting in touch with the IAPP (International Association of Privacy Professionals) if you have any questions, need any support, or are interested in learning more.
What do you do to keep your data secure?
James was the first to jump in, explaining dotmailer as a multi-national organization based in London. Data localization, not just on a physical level, is an important aspect of their work. It’s important to set up a “privacy by design” model, and it’s truly at the center of everything they do. As you’ll soon realize, privacy by design is a trend across the map that should be practiced and implemented by all. James also discussed the importance of accessibility. Who has access to your most secure docs? It’s crucial to document your paper trails and only give access to those in need of access.
Sarika took this opportunity to explain to us the difference in privacy versus security:
- Privacy – Consumer expectations, and how the information will be used. What are the legal requirements?
- Security – Simply how you protect collected data. Data governance.
Takeaway: as marketers, it’s important to understand what data you have, where it is, and whose it is.
Jodi stressed the importance of using secure File Transfer Protocols (FTP) in transferring between employees. DO NOT just use public sharing methods. Not everyone should use (or see) the data even if it’s a big data dump bucket.
Lael added that this is a great time and place to practice being proactive. Tell your customers/clients what you’ll be doing with their email addresses. Also – you should ONLY do what you’ve said you’ll do with their emails. If it’s a quarterly newsletter subscription, do not add to that under any circumstances. Talk to your communications folks, and run it by legal if you have any issues or questions.
“Yahoo has become an industry leader” here, by figuring out where the value is in the data, and how it can relate to you, the end user. Customize and personalize users into small buckets, so it’s mutually beneficial. i.e. we’re happy to give our data away if it means our lives will be easier. Think Waze = better traffic updates = more time with friends and family.
James hopped back in: “Be a good steward of the data you collect.” We now live in an Ashley Madison-era, where one person can open the floodgates to your entire operation. So, in part, it’s an HR play, too. You must oversee and manage your internal employees first and foremost.
“Your users and subscribers are trusting you!” said Joseph. Being as simple as an email address these days, various forms of PII can be used to find out tons of personal information about you. The laws are shaped by what consumers expect and want, and more breaches are sure to come. Give your users a reason to trust you, and stay true to that.
Sarika chuckled over the amount of laws in place, referencing the FTC Section 5, and advised us to let the lawyers handle this. Lael added that these started as advertising plays, to keep everyone safe on the ad-related side of data, but now it’s important to talk to your engineers and set up a privacy by design model. Also, let consumers exercise choice! There’s a certain creepiness factor involved in how we collect data, use it, and overall transparency. If consumers opt-in (which was discussed several times as a confusing term), even going as far as sharing their calendars, how far can and should we go? Lael discussed the Weather Channel’s rain update, triggering a notification to any day-to-day user who was on their way to a tennis match, instead offering them a free movie coupon because their tennis will be rained out. Is this harmful? What constitutes harm? It’s very subjective and, as Lael mentioned, Spotify is now under fire for recent updates.
Lael: It’s important to ask non-marketers what’s creepy. “Hey Mom! Is the phrase Your Weather Personalizedtoo much?” As marketers, we should take a step back every once in a while to reconsider our terminology and thought process. Very valuable lesson that should be applied to all aspects of marketing!
Jodi went back to Lael’s earlier comment on data-usage policies. If you update your policy to collect, let’s say, the Moon, you don’t have to do so. Be smart about what you take because now you’re responsible for it, and end users will be mad at you. Protect your brand perception. Users will remember where they first dropped their email, but then have no idea how they’ve been hooked into a handful of new email subscriptions and junk mail. Think about the business need! Update and inform your users on what you’re doing whether it be just emails, or adding cookie-integration, and so forth.
Would you give your full name and email address for a free coupon?
Panelists were very interested in seeing the audience response, which was mostly hesitant. The panelists talked about the fact that they would personally never give it up themselves, but others do for a simple sticker for example. James explained this concept, quid pro quo. How good does the offer have to be for you? I know I’ll be second guessing myself from here on out!
What are your data privacy and security tips for marketers? Give us your 2 minute pitch.
James: Notify users what you’re collecting, doing with it, and who else has it. (James built a Trust Center at dotmailer to build client success and trust. That’s what SASS platforms and companies should strive for, and offer to less-informed customers. What can third parties, like Google, do with your information? Be more invested in the relationship than transactions! This statement led to James’ second title being, Chief Revenue Killer. Take care of your people; especially those who will give their email address and personal lives away for a small vinyl sticker.
Joseph: Encryption, encryption, encryption. Opt-in, and, “are you sure you want to opt-in” messages. Be transparent, don’t give hundreds of pages of small-print in your policies and contracts. It’s overwhelming, and ultimately written by lawyers for lawyers.
Sarika: Four things. 1) Transparency – get it right. 2) Governance [of data]. 3) Data Quality – have I.T. involved if needed. 4) Culture – set an internal and external privacy by design culture.
Jodi: Privacy equals trust with end users. Be forward thinking, use data so it’s mutually beneficial. Have a positive relationship that will enhance your brand. Lastly, this is NOT just for B2C. Think in terms of both B2B and B2C, and treat them the same.
Lael: Data is the new bacon. Data is the new oil. Data is now a commodity and should be treated as such. Are you trustworthy? What are you using people’s data for? What’s the consumer benefit? Love this quote referenced by Lael: Pigs get fat, hogs get slaughtered. Lael also noted how AOL has a nice and digestible policy contract which is something to strives for. She added – the BBB is starting to come after people (began Sept. 1) on DAA Compliance. Watch those cross-device activities, people. Consider yourself warned. 🙂
We then ended with a few questions from the audience, including one from an individual at Cox Communications. He sought comments and advice related to the EU’s Right to be Forgotten concept, and FTC exemption of Section 5. This does get complicated in court, and James opened with proclaiming that sometimes it’s cheaper to pay the fine than become compliant. Sounds awful, right? Lael added that you shouldn’t collect what you don’t need. The SEC is stepping up, in a space where the FTC usually owns all jurisdiction. The courts and governments aren’t always consistent, and hard to predict. “Your data will get lost, if it’s not already being stolen.” Scary. Sarika noted that you must be able to show the FTC your documentation when they inevitably come knocking on your door. Lael agreed, having these records are invaluable in protecting yourselves. Joe wrapped up the discussion, adding that they vet potential clients to ensure they follow regulations and meet compliance. Smart!
Great to see everybody who attended, and remember to act responsibly with your data from here on out. Bonus! Sharika sent us a PDF on building trust in email campaigns. It’s attached here for your consumption; enjoy!
More pictures below, and as always – thanks to Christophe’s To Go for the delicious lunch!