Article: Transparency is Essential in Privacy First Marketing - Oct 2020
Sue Zobrist, meltmedia
Privacy First Marketing
“Companies want to be good at privacy and security, but it is often difficult to know where or how to start. And today, breaches are happening further and further away from the original point of contact. This has made some organizations reluctant to get near their data. But you can’t do that. You have to find a way to get a handle on your data collection and put that data to use.” So says Josh Kennedy, Information Security Officer at meltmedia, a Tempe-based digital agency.
At a recent internal round table session, Kennedy and meltmedia colleagues Mike Moulton, Ashley Beckman and Chris Shaver talked about Privacy First Marketing, a topic that is getting a lot of attention from meltmedia’s clients. As the discussion unfolded, several key ideas emerged:
- Customers are willing to share data, but there has to be transparency to how it is being used
- Guidelines and management tools exist, but you need some expertise to navigate them
- Partnerships can play a critical role
Customers demand transparency
Moulton, Chief Technology Officer/Partner, observed “Customers are now more keenly aware of their own digital footprint and are holding organizations responsible for being good stewards of their data. I believe many customers are willing to continue sharing information that will help brands deliver a better, more personalized experience, as long as there is transparency and influence around how their data is used.” Added Kennedy, “End users should be empowered to make decisions on how their data is used and let them make informed choices on what they choose to share. Showing that you take this responsibility seriously and helping the customer understand the benefit of allowing data to be collected is critical.”
The team pointed to the growing use of opt-in language and cookie permission as examples of giving customers that voice. Cookie management tools like OneTrust and TrustArc can give end-users more visibility into how data is used. However, cookies still present a challenge to healthcare marketers. The launch of Apple’s Intelligent Tracking Prevention in Safari has led to an environment where marketers can no longer rely on the accuracy of third-party cookies to understand their audiences’ needs. This puts an increased focus on brands to use first-party cookies.
“Technically this can be difficult as most brands often have multiple websites, from unbranded education sites to patient and HCP sites that all have unique domains and thus, their own separate first-party identifiers,” Moulton noted. “One potential solution requires brands to implement cookie-synching technologies, a mainstay of traditional AdTech platforms. However, such solutions have not typically been deployed at the brand website level, meaning there aren’t many off-the-shelf solutions that brands can employ — yet. In this gap, meltmedia has been working with clients to develop custom solutions that enable the use of first-party cookies for each website while still maintaining user identity across a brand’s portfolio of sites.”
Added Beckman, Operations Project Manager, “Cookie management really requires a multipronged approach and a team that understands the component parts and how those parts are interrelated. First and foremost, you need a deep understanding of privacy frameworks and their regulation of cookies. This ensures you can be an advocate for both client functionality AND consumer privacy.
“Next, it’s also important to understand cookie preferences for each of the different browsers, as well as their role in defining industry trends for privacy. For us, that means we are better able to anticipate and align with individual browser privacy functions and continue to evolve our understanding of how users typically interact with web browsers and default cookies settings. Though complex, this foundational understanding is what enables us to succeed in creating products for our clients that are both compliant and functional.” She concluded “Customers want you to treat their data as if it were your own. If you can project that kind of empathy with your audience, they will be more willing to trust you with their personal data.”
Guidelines and tools give you flexibility
“GDPR set out an amazing framework that was more about how to think about data rather than just a collection of restrictions,” Kennedy noted. “I think we are going to see more and more developed nations adopt some kind of privacy/security guideline. In the US right now, the California Consumer Privacy Act (CCPA) is leading the way and Brazil has started to develop a plan in Latin America.” Moulton was quick to add, “Yes, we have guidelines. But I believe customers are looking for organizations to be proactive here, not waiting for regulations to force them to be transparent. Be responsible about protecting privacy because it’s the right thing to do. What’s important here is not for companies to simply comply with GDPR or CCPA, but to comply with the intent of the law across all their data practices.”
The meltmedia team went through a GDPR attestation process in order to develop in-house expertise around these guidelines and continues to use the SaaS management company OneTrust to track compliance. Said Beckman, who led the attestation process for meltmedia, “One of the things we learned is that the framework of GDPR is customizable to your business. It’s not a certification that has a hard-set standard. Compliance is not a static thing; these guidelines are living, breathing entities so you have to remain vigilant.”
Another tool used by meltmedia is Keystone. Explained Shaver, Solutions Architect, “Keystone gives us a unique capability to be compliant, especially in collecting data from forms. We can decide exactly what data to share forward.” The adoption of Keystone required meltmedia to do a Business Associate Addendum (BAA) with Amazon. The BAA is a contract required under HIPAA rules to ensure that Amazon Web Services (AWS) appropriately safeguards protected health information (PHI).
Shaver said, “Our clients’ skill in privacy and data safety runs the full gamut from large, sophisticated in-house operations to small start-ups with few internal resources or knowledge. We have made it a priority for our team to get the training and certifications to truly assist our clients, no matter where they are.”
Partnerships matter
How can you choose a good partner? Here are characteristics you can prioritize:
- Attitude -- Do they seek to understand your business and your goals first? Do they demonstrate respect for personal data? Are they focused on customizing a plan to your specific needs?
- Expertise -- Do they hold certifications and other training credentials? Have they succeeded in developing projects similar to yours (or have they failed and learned valuable lessons)?
- Transparency -- Do they believe that you own the data and have a right to full knowledge of all data collected and analyzed? Can they demonstrate openness in dealing with other partners you employ?
- Track Record -- Do they have professional references? Can they cite examples of successful projects and provide details (without violating any other client’s privileged information)?