How to Navigate Privacy Regulations to Create Sustainable Data-Driven Marketing Practices

digital gavel against binary code

By Michael Schoen, EVP, Marketing Solutions at Neustar, a TransUnion Company, and I-COM Data Science Council member

Two competing trends are shaping the current marketing analytics landscape. First, there is a far greater volume of data being generated and stored. Secondly, privacy regulations and corporate policy are making it more difficult to collect and safely manage that data.

The conflict between an ever-greater amount of data and the increasing difficulty of collecting and managing it properly marks a major challenge for marketers, who need to understand their customers — with consent — to grow their businesses.

Marketers can lay the foundation for a privacy-safe strategy by assessing their current data practices, minimizing data collection, privatizing information, and clearly communicating with customers.

Assess Your Data Strategy

The first step to establishing a privacy-safe organization is conducting an internal assessment of your current data practices. Are you asking customers for permission for all the data you’re collecting and giving them the opportunity to opt-out wherever possible? Is the personal information you have on hand encrypted to the highest possible extent? Are you only collecting the data you need?

But this review is not just about data. It’s also about identifying the talent and technology you need to build a privacy-first organization. Companies are widely recruiting chief privacy officers and consent management vendors to get ahead of regulations. Whether you go in or out of house for privacy capabilities, ensure someone with executive buy-in in your organization owns data privacy so that it does not fall through the cracks.

Collect Only What You Need

A norm arose in the internet Google and Facebook molded wherein businesses simply collected the maximum possible amount of information from customers (remember flashlight apps collecting location data and selling it to third parties?). Suffice it to say that, in a privacy-conscious era when poor data stewardship can lead to reputational or even legal and financial damage, companies should follow the opposite playbook. Identify the minimum amount of data you need to run your business, get consent for it, and discard superfluous information.

Privatize Your Data

Marketers should explore approaches that allow them to ensure they process and publish data in ways that protect the anonymity of the individuals involved. Two examples are k-anonymization and model calibration.

With k-anonymization, marketers ensure discoverable information about subjects is not so granular that attackers can tie it back to actual individuals. The “k” stands for the number of individuals in a given data set whom an attribute identifies. For example, a “k” of 30 would mean at least 30 individuals in the dataset must share an attribute, such as zip code. As one would imagine, increasing “k” means each individual’s data is less likely to be tied back to them by attackers.

Model calibration is part of differential privacy, a system that also aims to prevent bad actors reviewing datasets from tying information to individuals. Calibration can achieve that goal by adding enough noise to machine learning models such that marketing measurement is minimally affected while privacy, or safety from hackers, increases.

As explored in the most recent I-COM publication, “The Frontiers of Marketing Data Science Journal,” k-anonymity and differentially private model calibration have both been shown to increase privacy with real but tolerable drawbacks for computational efficiency and measurement accuracy.

What that implies about privacy is that there will be no one solution, technology, or data anonymization method that proves a panacea for the emergent age of privacy-first marketing. Rather, marketers will need to combine approaches and weigh trade-offs — privacy protection versus efficiency and accuracy — to determine the right mix of privacy methods.

Clearly Communicate with Customers

The era of the illegible, fifty-page privacy policy is coming to an end. Businesses that lead on privacy will communicate clearly and concisely with customers about data collection while offering those who want to learn more the opportunity to get into the weeds.

Unsure where to start? Tell customers what data you need to collect and the products and services they get in exchange for giving you that data. Also ask them about how long you’re able to store it for and whether they permit you to share it with third parties. Check in regularly, too; consent for data collection once does not mean consent forever.

There’s No Silver Bullet on Privacy

Privacy-oriented data collection and management solutions are proliferating, and some marketers might mistakenly view the new market as a competition that one solution will ultimately win. But no one audience identity solution will replace the cookie or Apple’s mobile Identifier for Advertisers. Marketers widely recognize they will turn to multiple next-generation IDs to understand and serve customers going forward.

The upshot is that there is no silver bullet on privacy, neither one solution nor practice to ensure a privacy-safe, data-driven marketing strategy. By contrast, marketers will need to stay up to speed on emerging solutions, regulations, and trends, adopting a test-and-learn approach to find out what best suits their needs. By following the steps outlined here, marketers can get their organizations on the path to success.

Learn more on this research in the latest publication of I-COM’s Frontiers of Marketing Data Science Journal:

Got a Question? We’ve Got Answers.