Personalized ads are finding new ways to target consumers, even when they’re 30,000 feet in the air. A recently announced plan by United Airlines will soon offer flight passengers personalized ads on a seat-by-seat basis. And United isn’t alone in charting this course. Companies in other industries also appear to be exploring new territory in personalization. Ford just secured a patent for an “in-vehicle advertisement presentation system,” which could potentially use travel data and in-car conversations to deliver customized ad content.

Consumers, especially younger generations, welcome greater personalization, but they don’t want to give organizations free license to their personal data. Many are willing to share their data for the sake of convenience, but when an organization mishandles that data or takes to liberties in using it, consumers are rarely shy in cutting ties with the offending company. Not surprisingly, more than a few consumers are losing trust in brands, especially given frequent news of privacy breaches. According to the Identity Theft Resource Center, there were 1,571 data compromises in the United States during the first half of 2024 with over a billion victims.

While consumers certainly play an important role in ensuring the safety of their data, the buck stops with companies. Businesses are responsible for protecting the personally identifiable information of their customers. This includes customer names, addresses, phone numbers, email addresses, plus any financial details they may have provided. It also means preventing unauthorized parties from gaining access to this information and restricting its usage to the original purposes for which it was gathered. Businesses looking to pursue personalization initiatives should, therefore, carefully consider the complex processes involved in using customer data or sharing it with third-party advertisers.

Marketing Technology News: MarTech Interview with Gulab Patil, Founder & CEO @ Lemma

As AI shifts personalization into high gear, behind-the-scenes orchestration will require absolute precision with the cost of failure exacting a high price in the form of eroded trust, lost business, and regulatory fines. Here are four steps organizations should follow to avoid jeopardizing customer relationships and to reduce the likelihood of data breaches and legal issues.

Perform a data inventory

A data inventory is the first step in obtaining data privacy. This entails listing every piece of personal data that your business acquires, handles, and retains. What information is gathered, how it is obtained, who has access to it, and where it is stored should all be documented.

Evaluate risks

Once you have determined what personal data your business has on file, evaluate the risks involved with processing and storing that data. Consider the level of risk and repercussions your organization could experience as a result of data breaches, illegal access, ransomware, and other security concerns.

Enact security measures

After evaluating the risks, implement the necessary security measures to safeguard personal information. These include access controls, encryption, and recurring security audits. Be sure all staff members have received training on the best data security and privacy practices.

Create a data breach response plan

Data breaches can happen even when all required safeguards are in place, which is why a data breach response plan is absolutely essential. Specify the actions your business will take in the event of a data breach, such as contacting the affected parties, notifying regulators, and correcting any vulnerabilities that may have contributed to the breach.

In addition to these four steps, companies must further understand and maintain knowledge of privacy and data-related regulations. Applying those requirements can also get complicated very fast. In the example of inflight personalized, seatback advertising, it’s not hard to imagine, particularly when you think about how regulations governing personal data protection are constantly changing and quite different across countries and regions.

For instance, the European Union’s General Data Protection Regulation (GDPR) is among the most comprehensive of its kind. Despite the location of where the data is processed, GDPR imposes stringent standards on how EU residents’ data is collected, processed, and stored. Individual EU residents also have more control over their data due to the GDPR, including the right to access, correct, and delete any data pertaining to them. The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) mandate similar protocols for residents of that state. Twenty other U.S. states have now passed their own privacy laws.

On top of these, there are industry-specific compliance requirements that may factor into handling customer data as well. Adherence to the legislation should not be thought of as optional because the penalties for non-compliance come with a high cost, upwards of $330,000 on average. Cloud-based information governance software can help simplify the complexity of compliance management. This is something organizations will increasingly need as they rely on AI-powered applications to provide personalization at scale since the data used to train AI models is also subject to compliance.

Advertising and marketing personalization has come a long way in the last few years. If companies can combine their creativity with innovative technology and engineer these approaches with data privacy and compliance in mind, they may well strike the perfect balance. And, with that, the sky’s the limit.

Marketing Technology News: In the TikTokization era of Advertising, the ‘Perfect Ad’ doesn’t exist. Where do creators go from here?