Privacy Protection in the Digital Marketing Industry.
In marketing and advertising, information is gold. The goal is knowing and anticipating the consumer’s needs and making a product available to as many people as possible. In today’s world of convenient mobile applications, Internet of Things, and Artificial Intelligence, breaches of personal data are becoming commonplace, as we hear and see news articles about accidental data disclosures on nearly a daily basis.
Successful marketing in today’s always-connected digital world requires the act of continuously acquiring information about potential consumers, quickly analyzing that data and luring the prospective customer to products and services. Companies can be much more efficient and, using data analytics, can be apply more targeted advertising campaigns to specific groups and individuals. To do this, marketers have a ravenous need to capture as much data as they can. Customer data may include area locations, purchasing behaviors, recent or common searches for information, or even more personal data.
The processes used to capture the data, store it, transfer it and using it can have negative consequences, regardless of the intentions of those doing the gathering. The more personal the data the more dangerous it can be for that information to be in the hands of a malicious attacker. More personal data, such as addresses, phone numbers, SSNs, bank account information, personal health information and social media and other service login credentials are even more sought after by nefarious actors, who might seek to steal your identity or use your information to carry out other crimes.
Much of this behavioral and personal data may also be sold or shared to other marketing organizations, as this information is gold. As this data is transferred and changes hands, the vulnerabilities increase further, which can allow malicious attackers easy access to personal data if the proper protections are not in place or followed.
Those in the marketing industry are often not aware of or, for some, not concerned about how secure customer data is at the time it is captured or used. In fact, it is often not at all secure. At end of 2018, Marriott announced a massive data breach, potentially affecting 500 million people. In the first half of 2019, we have seen over 2 billion hacked personal account details leaked in the “Collection #1” and “Collection 2–5” data dumps, discovered by security researchers. Leaked credentials can allow attackers to steal a user’s identity for financial gain by selling credentials or purchasing items. Identity-theft has impacted nearly 60 million people in the U.S. and has been estimated to cost consumers in the U.S. over $16 billion each year. [2018 Harris Poll online survey].
Due to public concerns, there has been an increase in data privacy laws in the last couple of years and this is expected to continue. The European Union’s GDPR (General Data Protection Regulation) was created and put into law because marketers were taking advantage of the lack of regulatory restrictions that allowed them to use personal data however they pleased, while ignoring simple privacy protection practices. Many states in the U.S. have similar data protection laws, such as California’s Consumer Privacy Act, and more are expected to follow.
The continuous need for information and the abuse of customer personal data has caused an increase in concerns, investigations and prosecution by state and federal authorities. Customers understand that providing some personal information is a necessary part of doing business. However, as more breaches come to light, raising public concern, regulatory agencies will continue to closely monitor actions of digital marketers and companies that fail to protect customer’s private information or that do not clearly state how their personal data will be used.
The regular user and consumer can mitigate the risk of their personal data being breached by following good personal cybersecurity principles. Use strong passwords, change them often and never reuse passwords. Also, be aware of the real and present threat of the “phishing” scheme. Be suspicious of links and attachments in emails, texts, and social media messages from unexpected senders. If you don’t typically receive Facebook messages from someone, don’t click on a link that has suddenly been sent to you. If an email address appears off or the subject doesn’t make much sense, don’t open it and don’t click on a link if you are not sure about or don’t trust the sender.
Privacy data breaches are dangerous and costly to companies that need to protect their brand and reputation to stay in business. It should be in their best interest to protect their customer’s private information as best as they can. The companies that are proactive and have a documented data privacy program and communicate a clear culture for privacy and protection will be best prepared to avoid data breaches. These companies will also be best prepared for expected additional data protection regulations in the near future.