“That’s creepy.”

Those are dreaded words in any relationship — including the one between you and your customers. It signals a breakdown in trust.

In the realm of privacy, such sentiment is not as rare as you might think. According to the KPCB Internet Trends 2016, when asked “How concerned are you about data privacy and how companies use customer data?” 50 percent of the respondents noted that they were “very concerned.” An additional 46 percent noted that they were “somewhat concerned."

In addition to losing consumer trust, inappropriate privacy practices can also lead to legal and business competitiveness troubles.

Bridging online and offline consumer data creates additional privacy challenges — particularly around notice, choice and data governance. Let's look at a few strategies you can employ to mitigate the risks.

The Complex Customer Journey

The consumer journey is becoming more complex, traversing through both online and offline environments.

Offline data (collected when consumers shop, fill out surveys, apply for credit cards, etc.) and online data (collected when consumers surf the net, interact with friends on social media, watch videos, etc.) can be combined to provide a more holistic picture of buyers.

That additional level of insight is becoming increasingly valuable and can pay off for all parties involved.

Consumers can get more relevant products, services and advertisements, whether they are online or offline. Retailers and marketers can benefit from more seamless experiences between the digital and physical worlds.

Bridging the Online-Offline Worlds

One of the top privacy challenges with bridging online and offline data is consumer expectation.

Since some data collection channels are separated and not strongly related, consumers are not always aware of that their online and offline data is being combined. For example, a consumer might find it “creepy” that the content she sees online is personalized for her based on her shopping habit at the local grocery store.

Managing data from multiple sources can also lead to additional data governance challenges.

Managing the Risks

There is no single definitive way to manage the risk. Your approach will depend on your organization’s risk appetite, resources available, business needs, and existing system architecture/data flow.

However, there are a few questions you can contemplate to determine the best approach for your organization.

How are you getting the online and offline data sets?

If your organization collects both data sets:

  • Have your consumers been adequately notified that you are tracking them online and offline?
    • Depending on the type of data being collected and the use cases, there are different strategies around providing notice and getting consent. If the data is deemed more sensitive (e.g. precise location data), more explicit notice and consent might be expected.
  • Are the controls that you provide to consumers consistent online and offline?
    • If controls (e.g. data deletion, data portability, opt-out of behavioral advertising) were managed separately before for online vs. offline, consider consolidating them for better user experience and to improve internal efficiencies.

If some of your data is coming from a third party, such as a data broker, the same questions from above should be asked. But a few additional points to consider are:

  • Has the third party received the right consent from consumers to share this information with you for your use cases?
  • What is their expectation in terms of privacy and data governance? How do you address potential gaps with your own policies and strategies?

Can you work with de-personalized data?

Personal data in its raw form carries higher risk. De-personalize the data before bridging can lower that risk. An example of where depersonalization might work is when you are interested in of segments of consumers (“athletes”, “retirees”, “millennials” …) rather than specific consumers.

Do you have to do the bridging exercise yourself?

You can avoid some of the risks associated with managing raw data from a third party by using companies that can perform this service for you. They will ingest your data and the data from the third party, perform the matching to compute additional insight, return your data with additional intelligence.

Is your data governance framework ready to manage the combination of online and offline data?

Data classification

Data classification is a foundational piece that data governance policies and processes are built upon. It is important have the same or similar classification for online and offline data when you are bridging the two data sets. Consistency here can reduce complexity and improve efficiencies when managing the data.

Data access, storage, usage, and retention

Analyze your existing policies and processes around data access, storage, usage, and retention for both online vs. offline data. Leverage the updated data classification in this exercise. Identify and bridge gaps as appropriate.

Keep in mind that if a third party is providing some of the data you are using, there might be additional requirements from them around how their data should be managed.

Finding That Sweet Spot

The exercise above will help you start shaping your privacy and data governance strategy for bridging online and offline data. It can help kick start deeper conversations with other stakeholders across your company.

Once ready, you can also look at additional best practices such as Privacy by Design and treatment of data from sensitive group (e.g. children and teens).

When done right, personalization using online and offline data can lead to exciting innovations. By keeping consumers aware and in control, as well as ensuring the right data governance strategy is in place, businesses can unlock the benefits while minimizing the risks.

Title image "Navigator" (CC BY 2.0) by Tabsinthe