Article: Transparency is Essential in Privacy First Marketing - Oct 2020

sue zobrist

Sue Zobrist, meltmedia

 

Privacy First Marketing

“Companies want to be good at privacy and security, but it is often difficult to know where or how to start. And today, breaches are happening further and further away from the original point of contact. This has made some organizations reluctant to get near their data. But you can’t do that. You have to find a way to get a handle on your data collection and put that data to use.” So says Josh Kennedy, Information Security Officer at meltmedia, a Tempe-based digital agency.

At a recent internal round table session, Kennedy and meltmedia colleagues Mike Moulton, Ashley Beckman and Chris Shaver talked about Privacy First Marketing, a topic that is getting a lot of attention from meltmedia’s clients. As the discussion unfolded, several key ideas emerged:

  • Customers are willing to share data, but there has to be transparency to how it is being used
  • Guidelines and management tools exist, but you need some expertise to navigate them
  • Partnerships can play a critical role
privacy first marketing

Customers demand transparency

Moulton, Chief Technology Officer/Partner, observed “Customers are now more keenly aware of their own digital footprint and are holding organizations responsible for being good stewards of their data. I believe many customers are willing to continue sharing information that will help brands deliver a better, more personalized experience, as long as there is transparency and influence around how their data is used.” Added Kennedy, “End users should be empowered to make decisions on how their data is used and let them make informed choices on what they choose to share. Showing that you take this responsibility seriously and helping the customer understand the benefit of allowing data to be collected is critical.”

The team pointed to the growing use of opt-in language and cookie permission as examples of giving customers that voice. Cookie management tools like OneTrust and TrustArc can give end-users more visibility into how data is used. However, cookies still present a challenge to healthcare marketers. The launch of Apple’s Intelligent Tracking Prevention in Safari has led to an environment where marketers can no longer rely on the accuracy of third-party cookies to understand their audiences’ needs. This puts an increased focus on brands to use first-party cookies.

“Technically this can be difficult as most brands often have multiple websites, from unbranded education sites to patient and HCP sites that all have unique domains and thus, their own separate first-party identifiers,” Moulton noted. “One potential solution requires brands to implement cookie-synching technologies, a mainstay of traditional AdTech platforms. However, such solutions have not typically been deployed at the brand website level, meaning there aren’t many off-the-shelf solutions that brands can employ — yet. In this gap, meltmedia has been working with clients to develop custom solutions that enable the use of first-party cookies for each website while still maintaining user identity across a brand’s portfolio of sites.”

Added Beckman, Operations Project Manager, “Cookie management really requires a multipronged approach and a team that understands the component parts and how those parts are interrelated. First and foremost, you need a deep understanding of privacy frameworks and their regulation of cookies. This ensures you can be an advocate for both client functionality AND consumer privacy.

“Next, it’s also important to understand cookie preferences for each of the different browsers, as well as their role in defining industry trends for privacy. For us, that means we are better able to anticipate and align with individual browser privacy functions and continue to evolve our understanding of how users typically interact with web browsers and default cookies settings. Though complex, this foundational understanding is what enables us to succeed in creating products for our clients that are both compliant and functional.” She concluded “Customers want you to treat their data as if it were your own. If you can project that kind of empathy with your audience, they will be more willing to trust you with their personal data.”

Guidelines and tools give you flexibility

For nearly 25 years, the healthcare industry in the US followed the privacy principles set forth in HIPAA, the Health Insurance Portability and Accountability Act of 1996. For a while, that was enough. However, as digital activities accelerated and personal data collection became a must-have for marketers trying to personalize their outreach efforts, HIPAA was too narrow. In the last five years, Europe took the lead in setting clear guidelines for the collection and use of personal data. This initiative, known as the General Data Protection Regulation (GDPR), essentially defines your ability to interact with European citizens.

“GDPR set out an amazing framework that was more about how to think about data rather than just a collection of restrictions,” Kennedy noted. “I think we are going to see more and more developed nations adopt some kind of privacy/security guideline. In the US right now, the California Consumer Privacy Act (CCPA) is leading the way and Brazil has started to develop a plan in Latin America.” Moulton was quick to add, “Yes, we have guidelines. But I believe customers are looking for organizations to be proactive here, not waiting for regulations to force them to be transparent. Be responsible about protecting privacy because it’s the right thing to do. What’s important here is not for companies to simply comply with GDPR or CCPA, but to comply with the intent of the law across all their data practices.”

The meltmedia team went through a GDPR attestation process in order to develop in-house expertise around these guidelines and continues to use the SaaS management company OneTrust to track compliance. Said Beckman, who led the attestation process for meltmedia, “One of the things we learned is that the framework of GDPR is customizable to your business. It’s not a certification that has a hard-set standard. Compliance is not a static thing; these guidelines are living, breathing entities so you have to remain vigilant.”

Another tool used by meltmedia is Keystone. Explained Shaver, Solutions Architect, “Keystone gives us a unique capability to be compliant, especially in collecting data from forms. We can decide exactly what data to share forward.” The adoption of Keystone required meltmedia to do a Business Associate Addendum (BAA) with Amazon. The BAA is a contract required under HIPAA rules to ensure that Amazon Web Services (AWS) appropriately safeguards protected health information (PHI).

Shaver said, “Our clients’ skill in privacy and data safety runs the full gamut from large, sophisticated in-house operations to small start-ups with few internal resources or knowledge. We have made it a priority for our team to get the training and certifications to truly assist our clients, no matter where they are.”

Partnerships matter

One way to take a proactive approach to privacy-first marketing is to engage with qualified partners who understand the world of data collection and analytics in today’s market. Moulton said, “There are lots of vendors and tools out there. Some are very protective of their data and analytics. They won’t directly share the data. We believe that data — both actively and passively collected — is owned by the brand. Brands need to know what data they are collecting, who has it, and how it is being used. Brands must have a strong relationship with their data and not let partners obscure it from them.”

How can you choose a good partner? Here are characteristics you can prioritize:
  • Attitude -- Do they seek to understand your business and your goals first? Do they demonstrate respect for personal data? Are they focused on customizing a plan to your specific needs?
  • Expertise -- Do they hold certifications and other training credentials? Have they succeeded in developing projects similar to yours (or have they failed and learned valuable lessons)?
  • Transparency -- Do they believe that you own the data and have a right to full knowledge of all data collected and analyzed? Can they demonstrate openness in dealing with other partners you employ?
  • Track Record -- Do they have professional references? Can they cite examples of successful projects and provide details (without violating any other client’s privileged information)?
Moulton concluded, “Our clients are becoming more aware of the data they are collecting and sharing. We recognize that it can be overwhelming if you don’t understand it. It took some time and effort to become adept at collecting patient data under HIPAA, and we need to be just as careful with marketing data collected. There’s a lot of responsibility in doing it right. But we celebrate that we are seeing improvement and success every day.”
Learn more about Sue Zobrist on Linkedin.
 

Subscribe to our Mailing List

Receive more DHC content like this directly in your inbox. We will respect your privacy and never sell your information. View our Privacy Policy.

* indicates required
This website uses cookies to improve your experience. If you continue to use this site, you agree with it.