Data Privacy: Ray Rosenbaum Of Tandem Theory On 5 Things You Need to Know to Optimize Your Company’s Approach to Data Privacy

Don’t allow Personable Identifying Information (PII) to be stored on your network unsecured, as bad actors can obtain email address or physical addresses to identify them through state records. If they know this, they can locate you. It’s very important to be careful in preventing data to exist outside of a controlled environment, like personal laptops.

As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy,” I had the pleasure of interviewing Ray Rosenbaum.

Ray Rosenbaum is the Chief Insights Officer (CIO) at Tandem Theory, a privately held, management-owned firm specializing in distilling invaluable marketing insights and custom solutions for brands such as Purina, Rent-A-Center, and Daikin. To drive exceptional results, Rosenbaum transforms data into powerful narratives and his expertise ensures the insights provided aren’t simply numbers, but rather stories that resonate — all designed to help clients understand their target market so they can catalyze growth. His primary focus includes the implementation of business planning and strategies that emphasize actionable solutions based on accurate findings in consumer behavior.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

“I was born and raised in the Midwest. I earned a bachelor’s degree in marketing and an MBA in marketing research from the University of Minnesota. I originally entered college as a chemical engineering major because I was always interested in the science of things. But once I got to the college-level physics courses, I’d had enough and switched to studying the science of marketing and consumer behavior, which was a much better fit overall. I began in simple database marketing, then learned as much as I could about strategy and analytics. Throughout the early part of my career, I was fortunate enough to work with several leading agencies and worked on clients that included General Mills, Keebler, and Clorox.”

Is there a particular story that inspired you to pursue your career? We’d love to hear it.

“As for my inspiration, I was always interested in science and the logic behind things. So, when I pursued a career in business, I gravitated to science and institution-related topics. I don’t think I was really cut out to work with routine numbers and finance, so I more or less stuck to the discovery process instead.”

Can you share the most interesting story that happened to you since you began this fascinating career?

“Early on in my career, I can recall working with a major manufacturer to launch an innovative new consumer packaging concept. We went through multiple rounds of designs and market testing, but in the process, we ended up getting beaten to the punch by a competitor. That was a tough lesson, but a great takeaway to learn at such a young age. It’s better to have some information and an idea of what you want, as opposed to seeking the perfect information. There’s not always an infinite amount of time and certain situations simply call for a leap of faith with imperfect information.”

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

“I’m not sure there’s not a particular person I’d single out, but I did benefit early on in my career by working with smaller to mid-sized companies that allowed me to gain all sorts of experience and wear many hats. I was given important responsibilities in the process, which helped me grow professionally. In one instance, when I was working with a regional long-distance carrier back in 1983 — before the big breakup — I had a supervisor who tasked me with coming up with a pricing approach for long-distance dialing. All he said to me was, “Figure it out.” I think I was fortunate to gain this type of experience and responsibility early on.”

Are you working on any exciting new projects now? How do you think that will help people?

“Oh gosh, yes — we’re definitely working on some innovative projects here at Tandem Theory, though I can’t really divulge certain specifics at this point. I’d say that what we’re doing is trying to solve technology related problems and issues that would allow smaller to mid-sized companies to compete with much larger organizations who have the power and resources to invest more sizable sums. It’s fair to say that the tools and resources we’re developing could — and should — level the playing field for the little guy, so to speak. Some of the platforms and solutions we’re building towards don’t yet exist, but we’re hoping to close the gap and allow smaller market players to become more competitive in executing successful marketing campaigns.”

What advice would you give to your colleagues to help them to thrive and not “burn out”?

“I think that avoiding burnout is an important factor these days, as it’s becoming more and more common. My advice to colleagues would be to keep pursuing the things at work that are of interest to you, or you may face burnout at some point. People need to be willing to experiment and try new things, because that’s what I believe keeps us energized in our professional lives.”

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR, and other related laws affected your business? How do you think they might affect business in general?

“This is a fairly dated question, as these privacy measures have been in place for some time now. Yes, we have to be cognizant of remaining in compliance, but technology is helping to make that happen. I believe most consumers nowadays want more and more control over their personal and private information — and the industry is responding in kind. I’ve seen where opt-out technologies have become much more robust from the ‘Do Not Call’ policies of the past. What’s good for consumers is that the data privacy options available today don’t just carry forward — they’re retroactive as well. People are increasingly focusing on keeping their privacy and anonymity. And there are tools and resources available now that can “wipe” your information from systems. The new Apple iOS is supposed to have a robust erase function that works in concert with the Safari browser.”

From your vantage point, is there anything that you would suggest making these measures more effective?

“To make these data privacy initiatives more effective, we’ve come to a point where we need a more generalized legislative policy at the federal level. Currently, the state-by-state approach makes it incredibly difficult and challenging to stay within the confined of regulations and compliance. There’s a lot of effort being spent here as a result. It’s a smart move for some of the biggest corporations to approach this by adhering to whatever the strictest standards are, but what we need are uniform standards. Our own guiding North Star, if you will.”

What are the most common data security mistakes you have seen companies make?

“I can think of quite a few examples, but what sticks out to me are companies who retain way, way more data and information than they need or could even use. And much of it is completely unnecessary. I think companies need to abide by the KISS rule — keep it simple, stupid. There’s no need to keep unused terabytes of data longer than needed.”

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in data privacy errors? Can you explain?

“Oh yes, and remote work is driving a lot of the errors we see out there. With dispersed workforces, the risk of a stolen or misplaced laptop could be an unmitigated disaster if security standards were not up to date or enforced well. A good rule of thumb? As a company, you don’t want any secure data living outside the four virtual walls of your organization. You’ve got individual employees downloading programs and apps to local desktops — that, along with the typical phishing-style scams that are always circulating — represent a clear and present danger. At Tandem Theory, we’re seeing it with our own clients, as they have begun to apply a zero-trust policy in the protection of sensitive data. Not only do we need to enforce single sign-on access, but also multi-factor authentication. Hopefully, this will continue to proliferate. It’s the only way to have some semblance of control.”

What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy” and why?

For companies to truly tighten up their own approach to data privacy, I’d recommend the following:

• Don’t allow Personable Identifying Information (PII) to be stored on your network unsecured, as bad actors can obtain email address or physical addresses to identify them through state records. If they know this, they can locate you. It’s very important to be careful in preventing data to exist outside of a controlled environment, like personal laptops.
• Migrate everything — networks and all — to single sign-on and multi factor authentication protocols. We can’t stop all the breaches, we can only mitigate them — by making it economically feasible for bad actors to go chase after another target. Make your network a zero-trust environment — especially when you’re dealing with PII data.
• Jettison data that you don’t need. On a recurring basis, conduct data inventories, looking for old files to remove the dead weight. A good spring cleaning — which is an industry term — and a good data retention policy is necessary — but you have to enforce it. This includes everything — records, tables, files in a drive — any data you’re holding for a customer. Institute internal policies for data inventories on a quarterly basis — and train individual employees how to remove unnecessary files. It’s also a good idea to institute random checkups.
• Organizations do not have to experiment with real live data, not when pseudo data is available. When you’re in the development and testing phase, build out pseudo data files to use, as there is no need to use live files and records. Remember, it only takes one missing file to classify as a breach. You should never store PII on development machines.
• When working with PII, it’s important to use all sorts of SSL and encryption when necessary. Regularly exchanged files on unsecure platforms should be encrypted first. Some companies already have policies about migrating files with PII, but organizations need to develop a secure transfer process that can be used by every employee — not just the IT people. Point-to-point encryption is the best option. And look into built-in timers capable of destroying files in a set number of days or length of usage on a server.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)

“Looking at this question strictly from a professional standpoint and not a personal one, I’d say we need a movement that advocates for a national guideline on data privacy, not the patchwork set of rules we currently live by. This would make life so much easier for people, companies, and firms that leverage/use data. Right now, every individual consumer is responsible for their own data privacy.

How can our readers further follow your work online?

“I maintain a presence on LinkedIn, but that’s about it. My address is: https://www.linkedin.com/in/ray-rosenbaum-1344286.”

This was very inspiring and informative. Thank you so much for the time you spent with this interview!