Utility and informed consent - the “keys” to implementing data privacy policy
Publicis Sapient’s Director of Digital Identity outlines challenges inherent in creating a data privacy policy and what companies must consider for policy implementation.
Publicis Sapient’s Director of Digital Identity outlines challenges inherent in creating a data privacy policy and what companies must consider for policy implementation.
Over the past few years, regulatory regimes and the rise in the need to provide clarity on user data has forced organisations to comply with specific and often onerous data privacy requirements.
While data requirements and standards can often seem burdensome, the implementation of data privacy policies can be smooth, says Max Kirby, Publicis Sapient’s Director of Digital Identity & Cloud Solutions.
“Technology is properly understood as the enabler,” he says. “If you think about data through the lens of information, it becomes easier to figure out what technology you need to meet data privacy requirements.”
For Kirby, the right technology can allow an organisation to connect their data privacy policy to the value they provide the customer and bring transparency to the fore – a key element in engaging with any digital native, he says.
But transitioning from treating a customer as an object to a subject is an onerous task for companies. That exercise itself requires identifying customers as individuals by collecting a large amount of data. This is the only way that the customer journey can be personalized, yet this places an emphasis on the need to keep data secure and maintain customer privacy.
“The amount of data that you have is proportional to your potential privacy liability,” explains Kirby. “Companies that have a lot of customer data currently in use have more pain points versus those that don’t.”
To address consumers’ concerns over privacy, big platforms tend to use words like “trust” and “safety” which can backfire. Once you mention the term “privacy,” people start worrying about the security of their data. Privacy implies “big tech” is watching and that data is vulnerable.
The answer to this dilemma is transparency which fosters trust. If consumers understand exactly what an organization is doing with their data, there’s strong indication that they’ll trust that organization more – and more likely share their data.
Companies build that trust by creating comprehensive data privacy policies that incorporate a mix of technology and transparency, and brings multiple teams together. Finding the right mix people who have expertise in privacy law, marketing and technology is key—but it’s also a big challenge.
Kirby defines this as a problem of “digital hybridity.”
“Most companies don’t have people with the skillset to address everything that must be factored into data privacy policies as single individuals. The people in marketing don’t have technical backgrounds. The people in technology don’t have policy background. The policy people don’t have marketing backgrounds,” says Kirby.
There is no simple answer to solving the data privacy problem for companies, but here are some best practices that Kirby uses when he works with clients at Publicis Sapient:
To address the issue of hybridity (or lack thereof), companies need to create a privacy team that includes the CMO, CTO, and CIO along with a Chief Privacy Officer (or someone with a law degree) who understands privacy laws.
Privacy teams should be comprised of leaders with hybrid skills as well as team members who represent each specific focus of expertise, whether that’s marketing or data collection or privacy law.
Here is a checklist of things that companies should consider when implementing an effective data privacy policy:
An understanding of privacy law (eg, the GDPR and elsewhere) is key to developing a data privacy policy that works.
“The law is a moving target,” says Kirby. “Regardless of the specific manifestation of privacy law or how you handle opt in or opt out, what you’re talking about is the principle of informed consent. The “informed” is key. If you can orient your business towards that, you’ll be more future proof.”
Kirby stressed the importance of de-siloing data when it comes to data privacy and compliance. Companies need to combine their data into one place. This ensures, for example, that if you get an opt-out, you can populate that throughout your organization.
“The law doesn’t care whether or not you have two different databases or systems,” says Kirby.
Utilizing flexible technology ensures that you can easily adapt your systems and infrastructure, changing as the laws change. Again, keep in mind that because the law may change frequently as it forms, it’s important to base your privacy approach on the foundation that the law rests on itself.
If data sits in a database without being used, it will quickly become out of date.
“You have to use data in order to clean it,” explains Kirby. “A data hygiene effort is not complete without a use case that outlines what you’re going to use the data for. That’s how you understand if the data is accurate and precise. Privacy to ensure that is done right can follow the utility involved.”
Most people know don’t know much about what companies do with their data and very few of us read terms and conditions.
“The answer to this,” says Kirby, “is video.” Create a video explanation of what you use data for as an immediate way to help consumers understand your organization’s data privacy policy and exactly how their data is being used.
There’s one thing that binds the above strategies together—transparency. Says Kirby, “The goal is that users have had a chance to know at the moment of collection, at the moment of use, and at the moment of sharing, what data you’re collecting, why, and how you’re going to use or share it.” As people understand how companies collect and use data (for personalization, advertising, etc.) privacy will become inextricable with ethics and trust. That’s why transparency is critical.
Publicis Sapient works with clients to embrace business transformation using technology as the main driver for change. They work with clients at the industry level to help them understand how they can use technology and methodology to work with data and facilitate privacy policy implementation.
“APIs, consent management tools, and customer data platforms can help organizations with privacy policy implementation by effectively managing data,” explains Kirby.
For example, consent management platforms give organizations the ability to manage opt-outs across multiple channels. Customer data platforms unify data against a single primary identity. APIs facilitate the sharing and accessing of data internally and externally.
Finally, interoperability standards including the Open Data Initiative which provides a single, comprehensive view of a company’s data and the Cloud Information Model, an application-agnostic data model, are attempts at making sharing data easier by structuring it the same way across multiple companies and platforms.
“Last place when it comes to privacy is going to be shaky ground once digitally native consumer’s finish taking over,” Kirby added. “Our research shows more people are paying attention every year.”
