Building consumer trust through privacy best practices October 13, 2016 by Eric Schreiner As the pace of innovation within the marketing technology landscape continues to accelerate, companies have the opportunity to craft more personalized experiences for customers across their digital touch-points. To power these new experiences and still respect an individual’s right to data privacy, the collection, storage and access of user profile data has emerged as a key component of the enterprise technology stack. To ensure customer data remains safe in the wake of disastrous breaches, such as the recent Yahoo breach, it’s best to follow best practices within data collection and sharing. Transparency Whenever data collection occurs, customers should be notified, all intended uses should be called out and the benefits should be articulated. With this level of transparency, customers can make an informed choice about whether they are comfortable with the data exchange, with the added benefit of building confidence with the brand requesting the information. To power these new experiences and still respect an individual’s right to data privacy, the collection, storage and access of user profile data has emerged as a key component of the enterprise technology stack. Progressive Profiling Many data collection practices seek to gather as much information about the user at each interaction, regardless of whether the data will be used as part of the engagement. Progressive profiling is based on the idea that only the data needed to support that engagement is collected and that profiles are built over time as part of an ongoing, trust-based relationship. By only requesting the information that is needed, customers are more likely to provide their personal details since the request is within the context of the engagement. Preference and Communication Management Access to shared data is a core privacy principle. However, it is also an opportunity to extend the relationship with the customer by allowing them to determine when and how they receive marketing communications. Placing these controls in the hands of the end consumer demonstrates that data is going to be used according to the customer’s preferences, not the marketer’s. This is also an opportunity to limit the number of marketing systems that contain customer data. If a customer has opted out of email communications, then your Email Service Provider doesn’t need to store any data about that customer. Privacy by Design Data privacy and security cannot be an afterthought when it comes to data collection and storage. Data protection and access are an essential design element of the marketing technology stack. In other words, companies should not be handing out keys to the front door to get all of their customer data. Systems and individuals should have scoped access to the data that is needed to support the business use case instead of sending the entire user profile to each system. Companies should not be handing out keys to the front door to get all of their customer data. Systems and individuals should have scoped access to the data that is needed to support the business use case instead of sending the entire user profile to each system. Data breaches can impact the bottom line of a business and controlling access to data ends up being a central piece for companies today. Integrations are critical because security is at a point where the weakest link isn’t the bad actors breaking into a system, rather it’s the people who have access, and it gets abused. Make sure to lock down all of your integrations and then decide if these integrations have too much data. When selecting a CIAM vendor, companies need to ensure its solution uses these best practices. At Janrain, controlling access to data is a core capability of our CIAM solution. Each system is explicitly authorized to access necessary profile elements, which limits the amount of data that is stored outside of the CIAM solution. Lowering exposure of profile data helps prevent potential leaks or breaches. We continually ensure our clients’ customer data is safe and secure.