Josh Manion, CEO at Ensighten highlights the importance of enterprise tag management to secure data and manage privacy choices.
The debate over privacy has produced a gathering storm in the digital world with burgeoning forces aimed at protecting personal information of individuals. Tighter regulations and stiffer penalties for mismanagement of data generated in Europe now challenge data-driven marketers in the United States. Here’s why.
It was just last fall that the 15-year-old Safe Harbor Act allowing transfer of data from European Union (EU) countries across the Atlantic to U.S. servers was struck down. The issue: protecting use of personal data of EU citizens and residents by thousands of companies, including Google, Apple and Microsoft.
Now this month, U.S. and European officials have come to a hard-negotiated agreement to replace the Safe Harbor Act. But that agreement must yet traverse approval processes among the 28 EU member stages, as well as potential legal challenges. In separate action, a new EU data protection regulation (General Data Protection Regulation) is also pending with a vote by the European Parliament expected early this year.
U.S. marketers will need to sit up and take notice that privacy is about to become a serious debate in 2016, as individuals, companies and governments clash over what data can or cannot be accessed. The stakes are high. On the one hand, penalties for mismanagement of EU consumer data under the new regulation may be extreme. Fines between 2-5 percent of global revenue may be assessed companies that refuse to play by the new rules. On the other, a report from Harvard Business School and Columbia University professors reveals that a data-driven marketing economy provides $156 billion in revenue to the United States.
Creating a Level Playing Field
Concern about protecting the personal information of individuals has been growing in tandem with companies taking steps to personalize the customer experience to assure relevance of content delivered. As consumer expectations for tailored content and offers grow, the ability to personalize cross-channel marketing content will only become more important for businesses. Already, search technologies have made product information ubiquitous. Social media encourages consumers to share, compare, and rate experiences, and mobile devices add a “wherever” dimension to the digital environment. Executives encounter the empowerment of the customer daily. Cable customers, for example, push for video programming on any device at any time. Travelers expect a few taps on a smartphone app to deliver a full complement of airline services.
On the flip side, what happens when a consumer books a flight, buys a book or a pair of shoes, opens a bank account or otherwise interacts with brands online? These digital footprints leave behind a trail of personal information. What happens to that data? How is it used? And what are the individual’s rights in controlling its use? These are all legitimate questions that have driven increasingly stringent rules in Europe, giving consumers control over how personal data about them is used. And lest you think American companies are not at risk, consider the fact that any global company doing business and collecting data on EU citizens and residents comes under the mantle of these rules.
Can data-driven marketing, with its reliance on customer data generated across a complex digital ecosystem, survive privacy regulation? My answer is “yes,” but marketing organizations doing business globally must start immediately to manage data and ensure compliance with privacy standards across every geography.
The Road Ahead For Marketers
Privacy regulations mean that the enterprise marketer will need to develop finely tuned controls and the ability to manage “consent” processes 1:1 with individual users. That’s why companies are more likely to focus on first-party data (collected at the user level), in contrast to third-party data collection, to power adtech and martech analytics and personalization efforts.
Given the vast volume and velocity of data generated in a company’s digital ecosystem, enterprise-class tag management can stand as a first line of defense in controlling and managing data, including instituting powerful safeguards for data privacy. Tags are a primary vehicle for collecting and analyzing digital data, as well as creating rules regarding its use. By extending the functionality of what marketers know as traditional tag management, true enterprise-class tag management can enforce a company’s privacy policies, block unwanted website trackers from firing, and ensure full compliance with user preferences and privacy laws enacted by jurisdictions around the world. Here are some of the foundational capabilities marketers should look to in enterprise tag management to secure data and manage privacy choices:
- Gateway Enforcement - Enterprise marketers will need to create easy, consumer-friendly opt-out experiences phrased in everyday language to engage with customers around their privacy choices. An enterprise-class tag management solution should enable marketers to disclose to visitors information about data tracking, give them the choice to opt out, and enforce processes to ensure visitor consent.
- Data Control - It’s common to have dozens of third parties tags deployed on websites. The marketing team needs full visibility into these tags and the ability to monitor them for unusual behavior or non-compliance of policies. Brands can additionally protect themselves by restricting sale of their data to third parties.
- Data Security - Marketers must ensure the security of data within tags based on enterprise privacy and data security policies. That means identifying and preventing leakage of sensitive data from the browser. Regular privacy audits and tag analysis will enable marketers to identify vulnerabilities and areas of potential data leakage, including consent interfaces when visitors opt in and out of data collection.
- Workflow Governance - Marketing teams can secure data by managing and restricting access to specific teams and individuals. A company, for example, can leverage the tag management system’s workflow governance to streamline workflows across teams, geographies and agencies, while ensuring data is governed according to policy. Rules can be established for access to and use of data among internal teams, agencies, trusted partners and other sources.
- Whitelist Control - The enterprise must maintain control over its web properties to monitor enforcement over the entire set of tags present. Marketers should consider minimizing fourth- and fifth-party tags and engage in real-time enforcement at the tag level, rather than cookie-based opt-out enforcement only.
More and more stringent privacy rules, combined with threats to data security, clearly lend urgency to data security and privacy initiatives as transparency becomes the ultimate standard for using consumer data. There’s no better time to start than now. So, if you’re reading this and are based in the United States, then time is of the essence – become more familiar with your own data privacy policies and get ready to enhance them as new policies come to light.