With the demand for data privacy increasing, the time that brands have to respond to privacy issues and data requests is rapidly decreasing.

This means CMOs will need to turn to security leaders to help them fill requests faster and meet customer expectations.

Meanwhile, there’s been a steady — and increasing — stream of supply chain breaches, remote work technologies compromised and customer data held hostage and leaked, making data privacy concerns more central to consumers.

Brands are also now more aware than ever of the need for security throughout all aspects of the supply chain, from open source code and little known libraries to infrastructure and as a service products.

As a result, there’s a lot of sensitivity around customer data including who has access, where it’s stored and how it’s collected.

To retain consumer confidence, companies must show proof and build trust that their processes and technologies keep customer data safe for as long (or short) as they absolutely need to.

Changing Attitudes Require Changes in CMO Data Practices

“We’re in the middle of a transformation, and prior to that, security awareness was not typically recognized as part of a company’s DNA,” said Paul Laudanski, head of threat intelligence at Tessian. “Now, company technologies that were previously trusted, have been turned upside down forcing everyone to up the ante on security minded practices.”

He said it’s always been important for CMOs and security leaders to work closely together to manage customer data, as both parties bring specific skill sets and expertise to the table, and CMOs need to be seen as thought leaders in this space.

“By working closely together, both teams apply their knowledge and experience with understanding how customer data is important and ensuring it is kept safe through every part of the supply chain pipeline,” Laudanski said.

Patrick Kehoe, chief marketing and strategy officer at Coalfire, a provider of cybersecurity advisory services, said that with the increase in the digital economy, companies have access to rich data sets that help them provide better products and services, as well as deepen their relationships with their customers.

At the same time, customers have become more attuned to what data is collected, how it is used and how it is shared. Multiple surveys have shown that brands suffer when customer trust is violated.

Related Article: How AI Is Being Used to Protect Customer Privacy

CMOs Facing a World Without Cookies

“The evolving privacy landscape has huge implications for CMOs and their teams,” Kehoe said. “Most CMOs, in both B2B and B2C businesses, rely heavily on engagement data collected by cookies. This information enables hyper-targeted, measurable digital marketing campaigns.”

Given recent changes in policy from Apple and others, we are approaching a cookie-less world in the coming years.

“CMOs need to proactively prepare for this world by, among other things, pushing for consent driven data collection in their organization and understanding the impact of a cookie-less world on third party sources they use for buyer intent and response data,” Kehoe added.

Ed Britan, head of global privacy at Salesforce, said that at its core, privacy is simple: it’s about people and their data.

“For people to have control over their own data, they must know what data is being collected about them and by whom, and then be allowed to decide how that data is stored and used,” he said. “Consumers want to know that the companies they are purchasing from are storing their personal information in a transparent and secure way.”

Further, they want to more completely control how their service providers are processing their data. Both areas show the importance of marketing partnering closely with security and privacy teams throughout the data lifecycle.

Learning Opportunities

GDPR, Privacy Regulations Evolving

Britan pointed out that the privacy landscape is changing rapidly in two interconnected ways. The first is the pace of passage of global comprehensive privacy laws modeled to varying degrees on the global standard set by the General Data Protection Regulation (GDPR).

For example, China, Brazil, Kenya and Thailand have all passed privacy regulations incorporating key GDPR concepts in the past four years since GDPR went into effect.

While the United States has yet to pass a federal law, more than 100 privacy bills have been introduced at the state and federal levels, bringing some core GDPR concepts to the US.

“Companies will need to incorporate these new requirements into their digital strategy, depending on their size, how they use customer data and the sector they operate in,” Britan said.

Related Article: GDPR Compliance: What Marketers Can Expect in 2022

Transparency, Robust Cyber Practices Critical

Laudanski said that moving forward, every employee must transform into a security ambassador, especially with leaders encouraging and empowering their employees to do so.

One example of this involves being aware of email impersonation attacks and not clicking on links or attachments that you were not expecting or that look suspicious.

A second requires the promotion of good password hygiene by ensuring passwords are not duplicated or that passwords used in code are not checked into code repositories.

“In addition, all companies must analyze the methodologies and execution of working with and handling customer data at every stage of the supply chain, from data controllers to microservices to data lakes and customer portals, to ensure compliance and privacy,” Laudanski said.

Kehoe pointed out that even the most advanced privacy-focused organizations are only as strong as the practices of their partners.

“Businesses must examine their extended partnerships leveraging formal third-party risk programs,” he said. “Most are already addressing privacy in some way, but few have robust programs tied to their partners.”

He added that it’s important to be transparent and honest regarding personal data collection and usage, saying, “Consumers are more likely to choose companies they trust.”