INtelligent Data: Privacy, PII and Marketing … Oh My!
In the United States, there is still a lot of gray area when it comes to Personally Identifiable Information (PII). PII privacy laws like the EU’s GDPR have clarity and put citizens in control by requiring their consent to use/process their personal information.
In the U.S., we have older federal legislation (HIPAA – health data, Data Protection Act – Social Security data) and information security standards by councils (PCI – Credit Card data) but little to no PII or online privacy laws protecting some of your identifiable information from being used without your expressed consent by marketers.
Do you use Gmail for email, Google as your search engine or Chrome as your browser? Well, then you have given Google permission to identify you, use your information and build a pretty robust profile on you, including behaviors that marketers can take advantage of to market to you. I’m not saying that is a bad thing at all. I’m a marketer. I love data. I love using data. I don’t love when data is misused.
In the U.S., marketers have access to and can use data that wasn’t provided directly to their organization. Shoot, our own credit bureaus aggregate your data (Equifax, TransUnion and Experian) and sell it to marketers. You can append a postal address to your email file, append an email to your direct mail file. These marketing tactics to build a more robust database have been common play for a long time.
What is Privacy?
What is PII?
Personally Identifiable Information (PII) are fields of data (e.g., First Name, Last Name, Email, Postal Code, IP Address) that build out a data profile on a person. Certain fields are not personally identifiable on their own, like “First Name,” but when used in combination with other fields can identify an individual and be considered personally identifiable.
Q: What data, that wasn’t provided directly to their organization, can marketers use to market their products/services without getting in trouble?
A: A lot.
Marketing Automation (MA) platforms like Marketo, Hubspot, Act-On, Pardot and SharpSpring all require an organization to add tracking codes to their websites and you can see how anonymous website visitors are interacting with your website. If anonymous visitors are viewing at work, the technology can identify the organization domain the web visitor works for. It’s only when an individual chooses to submit their information on a form or opens an email from an organization that uses MA that a cookie is served, data collected and identifies a person.
It’s when programmatic display or remarketing platforms come into play that you need to be very careful on your choice of partner. These platforms allow marketers to identify anonymous website visitors/cart abandoners and programmatically deliver an offer via email, display advertising in browser or social, or send a direct mail piece to them. Read The Wild West of Digital Marketing for more.
In order to do these programmatic activities, you need to have additional data points to accomplish this, like an IP address or other PII that may not have been provided to your organization. Some programmatic providers are getting into hot water for illegal wiretapping by tracking website viewers then continuing to collect keystrokes and search history long after they visited an organization’s website.
Takeaways for Marketers:
- Marketers for your organization can use a programmatic display ad, social ad, direct mail provider that never lets any party have access to that data directly. Data transfer must be encrypted/decrypted, bi-directionally and not possible to be intercepted via web by any other party. Marketers will see de-identified metrics but can identify conversions.