Data privacy has come into fashion over the past few years. The catalyst was the year 2016. The US Presidential election triggered a series of events that led to the Cambridge Analytica/FB scandal in 2018, social media algorithms taking center stage and GDPR coming into European law.
Today, all companies are forced to think about data privacy regulations while still trying to deliver on ever-increasing human-like interactions. Balancing these two requirements isn’t easy. I have worked with many teams where the first battle to better marketing is against the legal team.
Nonetheless, there are still opportunities and best practices to succeed in these seemingly opposite fields. Here are three of them:
Be Deliberate in Consumer Data You Collect
Data collection is sometimes like a large closet. It swallows everything it can, and you’re never quite sure what’s in it. Historically, companies have defaulted to tracking more rather than facing the fear of lacking data. It’s the data equivalent of FOMO.
In our privacy-conscious world, companies need to be deliberate in their tracking and storing of data. Gone are the days when you turn on an analytics tool without thinking of how it will impact your privacy guidelines.
Let me give you an example. It was incredibly easy to get approval for deploying new tools within the companies that I helped seven years ago. Few questions were being asked on how the data would be used or even what data was being collected. The teams I worked with had to determine if they needed to track PII data points or not. PII — such as gender or age — was often collected but not used in many cases.
Fast forward to today. Approvals can derail entire projects, and most companies are more strict on what kind of PII is being stored, especially in third-party tools. If you don’t need gender or age, why collect it?
It’s easier to comply with privacy regulations if you avoid unnecessary data points. I now ask all my clients how they will use sensitive data. If the answer isn’t clear or so far in the future to make it irrelevant, then we skip it. We can always add it later today, but the default policy isn’t to capture everything.
Related Article: Can You Have Your Privacy-Personalization Cake and Eat It, Too?
Three Levels of Consumer Data Security
You’re bound to track sensitive or PII data points. Email is fundamental to personalization and marketing automation, for example. In these cases, you need a better approach to thinking about your data.
I recommend that companies think about three levels of security:
- Level 1: Raw Data. Raw data is what most teams are used to. They get access to everything and anything without any tweaks or limitations. If you’re dealing with anonymous data points or things that can’t be easily tied to a user, raw data is the way to go. Emails tend to fall into this category since marketing automation tools require it raw.
- Level 2: Hashed Data. Hashed data is great for important data points that don’t have to be in their raw format. For example, user IDs are helpful for structuring data at the user level, but you don’t need to pass the actual value to most tools. As long as it is unique, you’re fine.
- Level 3: Limited Data. Limited data is when you selectively remove specific data points. For example, I worked with a company that collects SSNs and other highly personal data points. When making this data available to marketing teams, they remove those from being synced. They aren’t needed in a raw or even hashed format.
Thinking about these three levels also helps you avoid the “spreadsheet problem” at many companies. This is where you have tons of sensitive data floating around in hundreds of spreadsheets and CSV exports. You can limit what data is even available for export by choosing the correct security level.
Many of my clients list data destinations and what kind of PII they are receiving. They can quickly see if a destination receives raw, hashed or limited data.
Related Article: Growing Data Privacy Concerns in the Age of Digital Transformation
Consent Means High Engagement
I’m not sure about you, but I now see cookie consent banners everywhere, even though I don’t live in Europe. Some are opt-in while others are opt-out. Some are so poorly designed that it makes me think it was deliberate.
Consent can be seen as the death of personalization and marketing automation. If you give users a choice, they will not give you their data, or so goes the thinking. Some data supports this argument. For example, around 30% of iOS users provided their Identifier for Advertisers (IDFA) after Apple changed the requirements in iOS 14.5.
You need to change your perspective. Consent means higher engagement through lower numbers. The people who do consent will be some of your most loyal customers. They want to hear from you. So instead of pushing your marketing to everything and everyone, you can push it to those who want it.
People don’t hate email or push notifications. They hate irrelevant ones. Look at the renaissance in email newsletters and the world of Substack. People love getting value in all kinds of formats.
By seeking consent from your users, you can be creative in how you think about your value. Of course, simply asking users for marketing permission in a small checkbox under a form isn’t enough. What’s in it for them?
Conclusion: Privacy Is Making Personalization Better
The reality is that privacy is making personalization better. It is forcing companies to be deliberate in what data they track, leading to more of it being used. There’s no point in collecting hundreds of data points if you only use a few. You have plenty of options for dealing with security and being compliant.
Consent isn’t the death of personalization. Instead, it will make the best companies seek to deliver value to get customer data. That’s the kind of dynamic that creates better marketing campaigns.Privacy isn’t going out of fashion any time soon. It’s time to update your closet and get with the times.