Person sitting at end of a dock overlooking a river between mountains.
PHOTO: Unsplash

The reported breach earlier this year of millions of records involving Oracle’s BlueKai web-tracking cookie and email-tracking technology raises the questions of the perils of working with data brokers for marketers.

Marketers can use the tracking tech offered by platforms like BlueKai to collect personal information on customers and prospects based on web and email habits. But, according to a TechCrunch report, the web tracking data was exposed “because a server was left unsecured and without a password.”  

Despite the security glitch, the prospects of data-brokerage outcomes are appealing for many marketers. Data brokers collect consumer information on things like loyalty cards, public records, social media posts, according to a report this year by Harvard Business Review. They infuse that data into machine-learning algorithms and build segmented profiles of similar groups of people.

And it can be successful. “Data brokers … have risen as a new industry alongside big data,” according to Business News Daily. “For businesses that capture large amounts of data, collecting information and then selling it represent opportunities for new revenue streams.”

More Than Security Challenges

But it’s not without its risks. The security of the $200 billion data-brokerage industry is actually only a part of the challenges for which marketers should take note. Marketers must be critical of the accuracy of these data-piping machines. HBR researchers found that consumer information sold by data brokers “varies greatly in quality” and may be “even worse than what you’d get if you used random chance to create a target list.”

HBR numbers from their data-broker tests included:

  • The average accuracy of gender segments classifying males is 42.5%: .
  • 77% is the number of cases where the age tier was incorrect.
  • 80% is the number of times information about people’s interest was correct, although, researchers found, the “greater precision seemed to be linked to the fact that the popular attributes that characterize ‘audiences’ occur very often in the general population.”

“The problem of poor-quality data is made worse by the fact that marketers pay a lot for these digital profiles,” HBR researchers reported. “The exact costs depend on the individual case and media used, but our research showed that using digital targeting often more than doubles the advertising costs for a campaign. That is a big chunk of the media spend — with very little to show for it, in many cases.”

Before buying audience profiles for targeted marketing, marketers should wait until they have reliable visibility, HBR reported. If using data broker audience segments, "avoid using profiles for broad segments of the population (all women, for example, or all consumers who are interested in sports),” HBR researchers suggested. “If the desired audience segment is relatively narrow, the campaign is more likely to be cost-effective.”

Related Article: Oracle Bites on BlueKai

Brokers Operate in Data Obscurity

But security still is important, naturally. Brent Johnson, CISO of Bluefin, which provides payment security solutions, said the BlueKai security lapse highlights the need for standards and regulation regarding the storage, distribution and retention of personally identifiable information (PII). “Details of the breach specify a database was accessible from the internet without a password, which likely means proper database and server hardening processes weren’t followed,” Johnson told CMSWire.

A major issue with privacy when it comes to data brokers is they tend to operate in relative obscurity, according to Johnson. Thousands of companies and most people have never heard of buying, aggregating and selling consumer information. “And while brokers represent a multi-billion dollar a year industry, there is minimal oversight to the kinds of information they collect and how they must protect it,” Johnson added. “A breach to a major data broker could expose information on hundreds of millions of people, and while data brokers tend to hide behind the veil their data is anonymized and de-identified, recent studies have proven just how quickly re-identification can occur with only a few data points."

Breaking Through Transparency Wall

Daniel Cooper, managing director of Lolly, which provides digital transformation services, said that marketers, before partnering with a data broker, need to assess the transparency level of the data broker. “Do they have a public web portal?” he asked. “Do they provide a contact on the portal and is the contact legitimate? If they are from a state like California that says data brokers must register with the state's AG, have they done so? If they are from the EU, do they comply with the GDPR?”

The more transparent a data broker is, Cooper added, the higher the chances their methods of collecting data are above board. “In contrast, if they are doing everything not to be noticed, run in the other direction,” he said. “Laws around data privacy keep changing and tightening. A data broker that is not above board will eventually be caught, and when that happens, your company's name will be tarnished as well.”

A BDEX report earlier this year found that because data sold and used in the U.S. market is often fraudulent, in 2019 the Association of National Advertisers estimated losses on return on ad spend (ROAS) to be $5.4 billion globally. 

Related Article: Digital Privacy vs. Security Is a False Dichotomy

Should Personalization Efforts Focus on First-Party Data?

So what’s the alternative here? Marketers moving more toward more inbound efforts? Relying more on first-party data and capturing “meaningful data at sign-up” and making the most of “explicit data at login,” as Gartner stressed in its report on personalization strategies last month?

Maybe so. But according to one industry pundit’s predictions for 2020, those kinds of efforts likely won’t start until there is a government crackdown on third-party data collection habits.

Segment CEO and Co-Founder Peter Reinhardt told us last December that companies won’t stop using third-party data until enforcements start: “CCPA will require companies to stop using third-party data, obtained from data brokers for example,” said Reinhardt, whose company has since been acquired by Twilio. “Only when CCPA enforcements start happening will these companies stop relying on third-party data, at which point they’ll have to switch to more inbound approaches that attract people based on adjacent content.”