Your Guide to Keeping Consumer Data Secure While Personalizing Campaigns

Customers expect personalization. A well-crafted email with a customer's first name and a product suggestion related to a past purchase, for example, has become the norm.  Research shows 98 percent of marketers believe personalization advances the customer relationship, with 74 percent claiming it has a "strong" or "extreme" impact on the relationship, according to Evergage.

While marketers see the value of personalizing messages, creating them requires customer data. To market effectively, you have to know a lot about a customer. That can range from basic information (such as a customer's name and hometown) to more intrusive information like buying history and spending limits.

Having this kind of coveted data provides amazing targeting applications, but it also comes with great responsibility. Customers are concerned about privacy. One survey shows 91 percent of Americans believe customers have lost control over how their personal data is collected and used, according to Pew Research.

So how can brands provide personalized marketing and protect customer data at the same time? Here are some tips:

Get Consent to Contact

Before reaching any customer digitally, make sure you have permission to do so. Aside from being a best practice, it's also mandated by new privacy legislation. The European Union's GDPR (General Data Protection Regulation), for example, requires businesses to get consent from digital customers before collecting, storing, and using personal data.  Although this legislation was passed in Europe, experts say more laws aimed at protecting personal data elsewhere in the world are likely in the future.

How do you get consent? Ask customers to voluntarily join your email list, or run a promotion on social media that asks for permission to contact the participant with future offers. Whatever the tactic, get permission to make contact.

Don't Assume You Know What Customers Want

Many marketers make assumptions on behalf of customers, and that is starting to bother those customers. What kind of assumptions? Marketers sometimes use pre-checked boxes on forms that automatically sign up subscribers for promotional emails. These pre-checked boxes assume every customer wants to get coupons or a weekly email digest, when customers might not want that at all.

Or, let's say you're at a trade show and you exchange business cards with dozens of people. When you get back to your office, you add everyone to your email list. Why? You assume everyone wants to stay in touch after the show. But they didn't give consent to join your email list at all. That's another assumption.

One of the best ways to respect customers and their privacy is to avoid making decisions for them.

Explain How Information Is Used

One of the best practices pushed in laws like the GDPR is transparency. GDPR requires brands to tell customers how their personal information is collected, tracked, and used.  Many brands use cookies to track a customer's online activities. Since GDPR was enacted, brands must explain how their sites' cookies collect, track, and store data. As a result, you've probably seen "cookie consent" messages pop up on your favorite websites, like this one:

blog21MAR19.jpg

In this case, customers can accept the data tracking policy, select how much data they want collected, and see how their information is used by the company.

Whether you use cookies or not, one of the best ways to show customers that privacy matters is to explain exactly how you gather and use their personal information.

Be Honest About Data Breaches

Data breaches happen, and some of the biggest companies have experienced them. While they're embarrassing, it's important to tell your customers about it, and quickly.  

In the U.S., Uber was forced to pay a $148 million settlement when a 2016 data breach was found to have been covered up by the transportation company's then-CEO, Travis Kalanick. The breach wasn't made public for a year, according to USA Today.

Customers want transparency. In Europe, the GDPR sets strict requirements that companies notify customers of any stolen data within 72 hours.

Personalization and privacy have become a balancing act for brands across the globe. Customers want personalized experiences, but they want to trust their data is safe and being used in ways that they approve of.