On June 14th, HealthLink Dimensions’ Vice President of Marketing, Nathan Lenyszyn, had the chance to speak with Chris Arrendale, the CEO of CyberDataPros, about how to utilize third-party marketing automation platforms in a safe way. CyberDataPros is a data privacy and cybersecurity consulting firm that works with clients around the world by providing audits, risk assessments, vulnerability scanning, and more. The company prides itself on its ability to take small- to mid-sized businesses and help them gain a “better security posture”, understanding how data flows, how it’s mapped, and who has access to it. Read on to learn how to comply with US privacy laws and how to efficiently deal with multiple kinds of data.
Why Is Data Privacy Even Important?
Successfully protecting data means that you are storing it, securing it, and carefully selecting all of the appropriate access levels. The movement to protect consumer data started in California, the state with the fifth-largest economy in the world. Residents wanted to ensure that their sensitive information stored in Silicon Valley was protected. Fast-forward to the present day, nine states in the US have now signed their own state privacy laws into effect, with Texas being the most recent.
Privacy regulations are constantly evolving. Take this example: HealthLink Dimensions has worked with CyberDataPros for less than a year, and privacy laws have already changed since the start of their relationship. More than ever, companies like HealthLink Dimensions require a lot of guidance in navigating the changing laws to ensure they are 100% compliant. This is especially true for healthcare marketers, who must always be attentive to how and where their data is being used or sold.
Not All Data Is Treated Equally
First thing’s first: what are the different types of data?
First-Party Data: This data that is collected directly from consumers (with their consent, of course), making it the best kind of data. Don’t sit on first-party data and let it get stale; put it into action in your marketing early on.
Second-Party Data: This next type of data is gained from a trusted, contractional partnership with a third party that can provide and share data with others. These relationships are important, so have them in writing to avoid any risks.
Third-Party Data: The last type of data, and the most common one, is obtained from publicly available sources that can be collected from sources such as past employment info from LinkedIn or general tax records from the IRS site. This gives you the ability to match it up with your own data to store or share the results.
Privacy vs. Personalization
HealthLink Dimensions is a third-party data provider, and its pharmaceutical clients want to segment consumers using their sensitive information. Is this a reasonable usage of data to personalize the experience for those on the receiving end, or is this an invasion of their privacy?
Arrendale confirmed that this would be a reasonable use of segmentation, which is the “key to success for marketers.” He describes data segmentation (filtering data by certain metrics or fields) as a best practice from both privacy and security perspectives as well as a marketing one.
“You don’t want to just be sending the same message to your entire audience: having that segmentation is very important, especially as it relates to sending an optimal message to the buyer at the right time,” he explained during the webinar.
That’s the personalization route. What you don’t want is to confuse that data collection with overstepping the boundaries of privacy.
“I think one key takeaway here, especially for marketers, is the concept of overcollection. When you’re collecting the data, are you collecting more than you’re going to use or do more with it than is applicable?” Arrendale questioned. He explained that if you have these sensitive fields stored, whether it’s knowingly or not, it will become a big problem for your company later on if there is a breach.
Looking Ahead
Over the next six to twelve months, we are going to see more states enact their own privacy legislations. Consumers must also be considerate of national privacy laws for the future. According to Arrendale, we will definitely continue to see annual audits take place, meaning that businesses over a certain size or surpassing a certain revenue will be required to submit annual audits to a regulatory body.
Other countries like Canada, Brazil and Australia have evolved to implement similar privacy laws, “and we’re trying to get there,” CyberDataPros CEO confirmed.
One Last Tip
How can you make sure consumers aren’t receiving hundreds of emails a second, which would be flagged on many marketing platforms? “Send it slow and low” is Arrendale’s strategy of choice. Don’t attack consumers with emails: make it look more like a conversation once you get that data.
Clearly, managing third-party data from a deployment perspective once it is licensed can be tricky. To see Lenyszyn and Arrendale’s conversation in its entirety, you can view the webinar now.