I don’t typically look forward to conversations about customer information and consumer privacy at work—not because I dislike the topic but rather because of the insane amount of acronyms there are to keep track of.
When I started out in email marketing, I remember reading through pages of CAN-SPAM documentation on my second day of the job (and then reliving that exhilarating experience again this past year with the release of CASL). Today, marketers are steeling themselves against the soon-to-be enforced GDPR and its wide-reaching implications for marketing practices. And all of this is in addition to industry-specific information acts like HIPAA for healthcare marketers, FERPA for education marketers, and FCRA for financial services marketers.
It’s a bit of an alphabet soup, but one that marketers must keep track of if they don’t want to face serious legal consequences.
Meanwhile, on the opposite side of the conversation, marketers have to contend with audiences that can range from apathetic to full-on paranoid when it comes to data tracking and customer information. Who can blame them? Web users push around tons of digital information every day, and unless you have a strong technical background, it’s likely that you don’t know much about what is actually happening to your data.
Marketers exist at the center of this push–pull dynamic, working to comply with laws, alleviate customer concerns, and somehow collect data that enables them to tell better stories. But while there are a hundred-and-one resources about how to better comply with regulation, there seems to be a lack of conversation around how we speak to our audiences about data and privacy.
Is it possible for brands to share their data practices in a way that informs and reassures their audience?
Image attribution: Leeroy
The scope of this challenge for marketers may be wider than we want to admit. Just two years ago, more Americans reported being worried about their data security than losing income. This sentiment has only expanded in more recent time, with Gigya (now part of SAP) reporting that 69 percent of Americans and British consumers express concerns over data security with Internet of Things devices and 68 percent don’t trust brands to appropriately use their personal data.
Let that sink in: 68 percent of the audience doesn’t trust your brand to handle their data appropriately.
Some data collection and treatment best practices can help. The Department of Homeland Security actually released an excellent guide to privacy compliance auditing that lays a nice foundation for marketers. If your brand isn’t hitting these four points in some way, it’s likely your ability to communicate with your audience is going to be hamstrung from the start.
Let your audience know when you’re collecting data. For many use cases, marketers already do this—if your user is filling out a form on your site, it’s assumed they understand you’re collecting this information. But this becomes a fuzzier matter with regard to information that is collected automatically like web-session data or cookies. A good rule of thumb is if the data collected can individualize a person’s information (even if not identifiably), then you should provide some kind of notice or access to notice.
Email marketers are well aware of the idea of opt-in and opt-out management, but in the broader marketing data landscape, it can become a little more complex. Opt-in, at the very least, can be easily achieved again with situations where a user is actually providing their info—just throw up a correctly worded checkbox or two and you’re covered. But consider also providing means of opting out of some data collection.
Give access to your users to see what data you have on them. Like notice, this primarily applies in cases where user data can be used to single out a user or affects the user’s experience with your brand. Facebook, for instance, offers users a way to read through their ad targeting attributes and erase them at will.
This is by far the most catch-all category of the four, but simply put you should make an effort to secure your customer data, explain in plain terms how your users’ data is secured, and in the event of a breach, immediately and continuously communicate with your customers.
Image attribution: Leeroy
But what does it actually look like when a brand communicates with their users about data in creatively good (and bad) ways?
Included in their agreement documentation, Reddit provided their community with a warrant canary: a special clause that basically says, “As of this date, we haven’t been asked to secretly hand over any user data as part of a surveillance effort.” The importance of a warrant canary doesn’t come with its inclusion in a privacy statement; rather it becomes important when it pointedly disappears, like it did for Reddit in March of 2016. This was a creative way for Reddit to meet their audience—a crowdsourcing, highly fastidious (even to a fault) group of readers—on a hard data topic that they weren’t legally allowed to talk about.
This is an extreme case (your brand probably doesn’t need a canary statement), but it illustrates a powerful example of how to take a frightening and technical conversation and turn it into a way to build brand trust.
Image attribution: Arvin Febry
The Equifax data breach last year, conversely, provides a textbook study in how not to handle customer data concerns—from not notifying customers immediately to trying to cover their legal bases with misleading content (this was reversed after much public outcry) to eventually revealing that data outside the scope of what customers knew was being tracked had also been compromised.
It was a big, ugly mess for Equifax, and one that marketers should learn from. Trying to sequester information in the event of a failure doesn’t only harm your customers’ trust, it also extends the bad PR cycle for your brand as information trickles out over time, rather than just landing at once, giving your brand room to release content and statements over time meant to repair and heal.
All this conversation really boils down to a simple idea: Try to make topics of privacy and data more of a conversation than just a statement to your audience. It doesn’t have to dominate your content, but making it available to those who want to engage can go a long way towards earning the trust of your audience.
For more stories like this, subscribe to the Content Standard newsletter.
Featured image attribution: London Scout