Why Marketers Need to Pay More Attention to Customer Data Privacy

A lot is happening in the world of marketing and data protection, from advertising firms lobbying against the DELETE Act and the recent allegations against Zoom’s AI data collection to Mozilla’s report on car companies with the worst privacy practices. And with 88% of consumers admitting they want more control over their data, it’s sparking new conversations across the industry.

While data is an indispensable tool for marketers, they also have a responsibility to obtain, use and safeguard it in a way that is legal and respectful. By doing so, marketers not only preserve customer loyalty but also ensure their own safety. Because let’s face it, we all share information with businesses, healthcare and government organizations and our social circles online. And falling victim to data breaches can have severe consequences, potentially ending careers and entire companies.

Where we are: the marketing industry

The state of privacy laws globally differs greatly. Europe has GDPR and other legislation trying to contain the morality of data. UAE and Saudi Arabia have data privacy laws that help the countries keep up with emerging technologies, including AI. India has recently announced its first-ever GPPR-style privacy law. As for the United States, there are CCPA and CPRA in California, and a small number of states have comprehensive consumer privacy laws, but the overall landscape is extremely fragmented and confusing.

My years in advertising exposed me to many CMOs and how large organizations and agencies use data. And there is a lot of unethical data out there. And why wouldn’t there be? With no policy holding people and organizations accountable, the industry has found itself in these uncharted, murky waters and no tools to guide them forward.

In the current economy, marketing departments – the people who make decisions about which data sources to use – are under a lot of pressure. There is a constant race to perform better than in the previous quarter, outperform competitors and deliver results beyond set KPIs. So, some marketers are tempted to use grey data sources. Enabling these shady data salesmen leads to increased volumes of data breaches, fraud and identity theft on both individual and enterprise levels.

And since there is no governing body or law to enforce moral behavior, oftentimes, the privacy industry has to be the one to step in and be the moving force when it comes to data protection.

Where we are: the privacy industry

Most front-page corporations that experienced data breaches last year have excellent cybersecurity. They invest massive amounts of money into it. So why is it that they keep getting broken in? The most common way is through spear phishing attacks. And spear phishing, in turn, is fueled by Personally Identifiable Information (PII) that is readily available online or through brokers.

Look at the latest breaches; most of them are extensively covered by the media. In most of these cases, there was some human error, like an executive tricked through a text message or an email. These messages are getting increasingly personalized and hard to distinguish from real ones. Bad actors do their research: they know about their victim’s families, where they live, what cars they drive. And when you get a highly personalized, non-generic message about your child being in danger, all the cybersecurity training goes out the window.

That’s why External Data Privacy is so important. That’s why “cleaning up” – erasing all the bits and pieces of information about people’s personal lives that can be found on the internet – is essential. “Cleaning” leaves bad actors with no data to use for their attacks, which makes it harder to craft a convincing message and trick a person.

Humans are, unfortunately, the weakest link when it comes to modern data breaches. So, organizations need to pay close attention to how they protect their employees, from interns to executives. It’s not just CEOs who can expose their businesses. A data breach can come from any level. More often than not, it comes with new employees. So, the entire organization has to be protected.

Marketing Technology News: 5 Things About The Creator Economy For Modern Marketers

How to get there

Since there is no comprehensive legislation and no enforceable industry-wide policy, it’s up to individuals and their employers to take charge of their data hygiene. From a consumer’s side, it’s important to be careful when choosing the services and products you engage with; you need to be mindful and know what’s out there on you. You need to take control of your External Data Privacy, meaning you need to ensure you get rid of all the sensitive data available on the internet.

As for large corporations, there has to be a comprehensive data privacy strategy that involves auditing employees, executives and vendors. Organizations need to scan the data that’s available on their employees online. Once they know where this information is, they can work with these sources, go through the process, and remove the data. Everything needs to be cleaned up.

Another part of the strategy – and that’s something not a lot of companies think about yet – is vendor security. Think about how many vendors a large corporation engages with monthly. The number could be in the thousands. So, there are thousands of opportunities for a breach unless the organization audits and protects its vendors.

By choosing vendors carefully and by securing them, a company ultimately protects itself. It’s also time to make data privacy an industry standard and use it as a criterion when selecting who to work with. Having a standard like that will raise vendor accountability.

Spread the word

One last step is education. People are just starting to comprehend and discuss External Data Privacy. “Cybersecurity” is still the main buzzword. And while cybersecurity is an essential part of the equation, it is not enough.

Hackers continuously adapt and are always discovering new targets and ways to break in. They don’t choose targets that are secured because they know how many resources go into cybersecurity. But they will go after what’s unprotected, after data readily available on the internet for anyone looking.

So, how can people educate themselves? First, they need to do research and become aware of the personal information that data brokers and people search sites have on them. Then, they need to understand how to “clean up” or find a service that will remove this information from these sources and continue monitoring even after the initial “cleaning” is done.

But currently, there is a massive gap in privacy education, and we need to fill it across industries, the marketing industry included. Sourcing, using and enabling further sales of consumers’ private information perpetuates this cycle and will ultimately become a threat to the same people who use this data to sell or advertise their products more efficiently. So, spread the word.

Marketing Technology News: MarTech Interview with Eric Sandberg, Managing Director at Dynata