As we enter 2015, digital marketers are faced with a growing conundrum.
Now more than ever, we have access to valuable data that can sharpen a campaign’s focus and provide greater insights into the products and services consumers want to buy.
Drawing from this rich data pool, however, can be a dangerous exercise if you experience a breach and you don’t have the right security measures in place. Depending on the type of data that has been compromised, you could be looking at extensive damage to your brand, lawsuits by customers and employees alike, and—as Target experienced earlier this year—a forced re-org of your executive suite.
Prior to 2014, digital marketers may have felt immune to data breaches because health, financial or other sensitive data are not typically used in targeted online advertising. But in the past year we realized that breaches of non-sensitive personal data can also lead to disaster.
Melissa Parrish of Ad Exchanger describes the hypothetical in a recent article:
“Imagine if it was your company that was hacked, every digital marketing campaign across your organization was turned to some nefarious use and you didn’t have an international incident to hide behind.”
This is the reality that all of us in the ecosystem must face and address together – not just company to company, but also organizationally within our own companies. And we need to do this in an environment that is increasingly subject to regulatory scrutiny.
Marketing practices at the core of digital media campaigns have already grabbed regulator attention in the EU and US. According to at least one expert, this trend will intensify in 2015. This makes sense as the US-FTC continues its focus on data collection and online marketing, and the EU contemplates the first changes to their data protection laws in 20 years.
Another challenge that digital marketers face is the increasing distrust by consumers of companies that collect and share data online. A November 2014 poll from the Pew Research Center shows that 91% of consumers believe that they “have lost control over how their info is collected/used by companies,” while over 80% remain concerned about third parties accessing their data on social media sites. Even in the post-Snowden era, consumers appear more concerned about data collection by business, not government.
Five Steps to Make Privacy & Security a Resolution in 2015
So, what are some simple steps that digital marketers can take to ensure that privacy and security remain a firm resolution in 2015 and win back consumer trust?
1. Make privacy & security your organizational priority.
Most likely the biggest lesson learned from Sony, Target and other high profile breaches is that data security and privacy needs to be an organizational, not solely departmental, priority. While it’s good to have one team focused on identifying privacy and security requirements, everyone in the company needs to do their part, and work together to ensure that these requirements are implemented.
Marketers need to work with the privacy and security pros in their companies to determine the provenance and restrictions around datasets in use. Conversely, security and privacy professionals need to create clear rules for securing and accessing data – for employees, as well as external partners and vendors.
For more details on what these rules might look like, and how you can be a better custodian of data, check out the Online Trust Alliance’s Data Protection & Breach Readiness Guide.
2. Identify and protect your knowledge assets.
Earlier this year, my friend Jon Niedetz wrote an excellent post on why privacy was just the tip of the iceberg when it comes to securing your organization’s “knowledge assets” – those intangible assets that can include valuable databases, trade secrets and other IP. For media and similar businesses, knowledge assets can represent 75% of a company’s total market value.
And as Niedetz tells us, it’s not just privacy, but also protecting your trade secrets, patentable material and organizational knowledge. Also, making sure you have the right insurance policies.
You first need to take stock of and identify your organization’s knowledge assets so you can protect them appropriately. A first step would be creating a data map that identifies what these valuable assets are and tells you where they are held.
A second step is creating and implementing safeguards – those that protect your assets from being compromised, and those that protect you if they are compromised.
Throughout the process, you’ll need to ask yourself and your advisors some important questions. Do you have set procedures within your organization identifying who can have access to your knowledge assets and for which reasons? Are you keeping your trade secrets truly confidential (thus preserving your protection under trade secret laws) by limiting access to important databases and other information? Are your employees trained on how to treat and protect valuable data (more on that in pt. four, below)?
Another set of important questions revolves around having the right insurance policies. Does your general liability insurance policy exclude cyber incidents (as many do), necessitating the need for a separate, cyber-risk policy? If you do have cyber insurance, does it adequately protect you against various types of data breaches?
These are just some of the questions you should be asking yourself early and often in 2015 when it comes to identifying and protecting your knowledge assets.
3. Evaluate your consumer facing notices, especially your privacy policy and opt-outs.
Having transparent privacy policies and notices, and an easy to find, user-friendly opt-out, is an important step in regaining and maintaining consumer trust. It’s also a requirement if you do business in the US – even without a comprehensive, national privacy law, the FTC makes full use of its power to prohibit “unfair and deceptive practices” and has wielded this power several times against companies who say one thing in their privacy policy, but do something else in practice.
In this era of widespread data breaches, the FTC is specifically interested in disclosures made about a company’s security practices. Just ask Credit Karma or Fandango – both companies settled with the FTC last year because, contrary to their privacy notices, they failed to implement appropriate safeguards and did not securely transmit end users’ sensitive personal data. Plus, if you are collecting data and using it for online advertising, make sure to note this in your privacy policy and provide a consumer facing opt-out, which will opt the consumer out from both data collection and use.
4. Train your employees on privacy and security awareness.
Employee action (or inaction) remains a leading cause of “data insecurity,” including data breaches stemming from unauthorized employee activity. According to Experian, US employers faced over $40 billion in losses from “unauthorized use of computers” in 2014. Training your employees on the basics of your internal privacy and security rules is not only a must, it also has a clear impact on your bottom line. Recent research from Prof. Dan Solove shows that companies who do not have data security awareness training programs reported significantly higher than average (over $500,000) financial losses from cybersecurity incidents.
5. Work with other companies who respect privacy & security.
The weakest link in your security chain could be your vendors. It’s important to ensure that all of your outside vendors have privacy and security standards that meet or exceed your own. It’s also important to vet these standards before commencing your engagement with the outside vendor. Companies doing business in Europe may already be familiar with a similar concept, known as “onward transfer,” as it is one of the requirements for participating in the US-EU and US-Swiss Safe Harbors for cross-border transfers of data (more details on onward transfer and other Safe Harbor principles from the Department of Commerce’s site).
Conclusion
2015 offers digital marketers a number of exciting and innovative ways to reach consumers, and a seductive pool of data to use in that effort. However, to dive deeply into this pool, marketers must win back consumer trust, which has been eroding significantly in the post-Snowden era.
To win back consumer trust, companies should make privacy and security a primary resolution in 2015 and act on that resolve. The five steps listed above ensure that your organization is protected and prepared for the data challenges you will likely encounter in 2015 and beyond.
Privacy & Policy Newsletter
Are you interested in learning more about cutting edge topics at the intersection of privacy and technology? Sign up to receive TUNE’s bi-monthly privacy and policy newsletter today!
Author
Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she led a variety of marketing and communications projects at San Francisco startups. Becky received her bachelor's degree in English from Wake Forest University. After living nearly a decade in San Francisco and Seattle, she has returned to her home of Charleston, SC, where you can find her enjoying the sun and salt water with her family.
[…] As we enter 2015, digital marketers are faced with a growing conundrum. Now more than ever, we have access to valuable data that can sharpen a campaign’s focus and provide greater insights into the products and services consumers want to buy. Drawing from this rich data pool, however, can be a dangerous exercise if you … Continued […]