Data privacy lessons marketers must take heed of in 2023

CMO speaks to a raft of technology and industry thought leaders around Data Privacy Data to find out what's in store this year and what marketing leaders and their teams can do to minimise risk

Bigger penalties for customer data privacy breaches in Australia, along with retaining customer loyalty in the face of stronger concerns around data use and growing AI utilisation, are going to dominate the way organisations must handle personal data this year.

That’s the view of a host of data and technology thought leaders, who CMO reached out to as the world recognised annual Data Privacy Day on 28 January. The aim of the day is to create awareness about the importance of respecting privacy, safeguarding data and enabling trust. These ambitions are more critical than ever, as marketing teams and the organisations they work for balance growing desire to harness data for personalised engagement and business improvement with tougher rules around protecting customer data against nefarious activities and inadvertent breaches.

For senior director of international data science and analytics at Doordash, Kshira Saagar, increased penalties associated with serious breaches of the Australian Privacy Act 1988 will overshadow customer data privacy in 2023. As was confirmed last year, the OAIC now has increased powers with enhanced enforcement and information gathering and sharing capabilities. There’s also a proposal in the works to remove the constraint data must be stored in Australia for fines to apply.

“For a long time, data privacy of customers has been an afterthought, with most marketing teams sharing Excel lists of customer emails, details and other information across their own teams and agencies, with lack of proper tools or lack of time as excuses,” Saagar tells CMO. “This needs to now be completely rethought and should give pause for reflection, given increased penalties.

“There are better tools and technologies out there that allow for seamless data sharing at the click of a button, and teams need to invest in these tools.”

It’s a similar regulatory story globally, with the GDPR out of the EU, and increasing enforcement activities levying fines across the industry. The CCPA out of California and equivalent legislation in US states, while having more focus on opt-out than opt-in for individuals, are also key, says Devicie security and compliance director, Glyn Geoghegan. The vendor provides end-user device management as-a-service.

Of particular note to Porter Novelli Australia CEO, Rhys Ryan, is the Attorney General’s consideration of further changes around the ‘right to be forgotten’. This is expected to introduce complexity into all forms of digital marketing and ecommerce.

“There may even be a fundamental challenge to a core element of the growth of the modern Web and social media platforms, such as the idea consumers must hand over their data to companies – for free - in order to interact with them,” he says. “I’ve always found it strange we, as consumers, compliantly go along with this demand, especially when we’re already giving these companies value in the form of cash in return for goods and services.

“It’s possible this idea may finally begin to be challenged as this Government pushes further reforms.”

Alongside this, Porter Novell is anticipating an evolution in ransomware attacks. While threat actors in live breaches are getting smarter, more targeted and more efficient, Ryan says new data shows fewer ransoms are being paid over the past 12 months. Whether to pay or not remains a debate this year.

“As data privacy remains top of mind, we will see more catastrophic reputational damage for those organisations whose leaders didn’t anticipate the challenge of communicating simultaneously with hundreds of thousands of people, often in an environment where they can’t use the normal tools of communications because a threat actor has taken down the necessary systems,” Ryan says.  

“Companies with the best network security can be hacked. And in some cases, organisations find out they have had a data breach at the same time as everybody else, which is tough if you’re a listed or government entity holding the data of millions of customers.”

There is no doubt recent data breaches, such as those experienced by Medibank and Optus, have seen data privacy and associated topics become mainstream news and driven customer expectations up.

“When Kochie is speaking to my mum at 7am in the morning about the value and sensitivity of her data, we have now hit a different level of understanding,” The Lumery co-founder and CEO, Rajan Kumar, says. “This means forced action. Brands, law makers, individual practitioners and technology companies must move. Whether companies are ready for it or not, legislation is coming, and consumer privacy is firmly on the agenda for our Government.”

In a similar vein, OpenText VP A/NZ, George Harb, and his team are anticipating customer loyalty to be key in privacy program development in 2023. “In today’s era of consumer activism, individuals are making purchase decisions based on their perception of how committed an organisation is to managing and protecting their personal data,” he says.  

Harb notes a global OpenText survey among consumers last year found 49 per cent of Australian respondents would no longer use or buy from a company they were previously loyal to if it failed to protect or leaked their personal data. Moreover, almost two thirds of local consumers would be willing to pay more to use or buy from an organisation that was expressly committed to protecting personal data. And more than a third said they would no longer use or buy from a company they were previously loyal to if it failed to respond to a privacy access request under the Australian Privacy Act.

“This Privacy Act includes the right of access, the right of rectification and the right of erasure and almost half indicating they would no longer use or buy from a company if it shared their personal data with third parties for anything other than its specified purpose,” Harb says. “It is crucial businesses ensure they prioritise protecting consumer data to safeguard consumers’ trust as we navigate through 2023.”

Technology advancements helping and hindering data privacy

So is there technology advancement or adoption curve acceleration with the power to positively versus negatively impact how organisations tackle data privacy this year?

“On a practical level, especially with a marketing lens, we are seeing different questions being asked of technology vendors,” replies Kumar. “In the last five years, the primary focus has been on increased maturity of digital marketing. This year, that will be balanced out with questions about data security, privacy and consent management. This is a positive step and those brands that embrace this changing landscape will come out on top in the eyes of the consumer.”

The rise of centralised data stores and personal data syndication services is another interesting area to watch for Kumar.

“In a positive sense, the idea critical first-party data [such as a driver’s license number or passport number] is only being held in a single repository that brands and services can securely access, brings a level of confidence to a consumer,” he says. “However, unless appropriately governed, certain companies could turn into monopolies which is extremely dangerous.”

Then there’s increased use of machine learning and artificial intelligence (AI). By extension, these have huge potential for negative and positive consequences, says Geoghegan.

“The large body of curated data typically required to get good results creates an environment which hugely incentivises broad acquisition of data beyond the core purposes it is initially collected,” he explains. “While the technology has the potential to greatly improve the quality of data processing, it raises new privacy concerns together with concerns about the biases that may be present in the data.”  

More positively, Harb points to AI-powered data discovery tools, of which OpenText provides, enabling organisations to scan unmanaged or unclassified information to identify personal and sensitive data across content repositories in order to better manage it.  

“It seems no matter where I look, I see conversations about AI taking over,” Secure Code Warrior CMO, Junie Dinda, agrees. “One such area has been AI-generated code, and there has been a lot of discussion in the security community about the plethora of security issues its adoption could pose for a business. I have no doubt such technologies will be useful to help with a level of automation.

“But for now, I would be very cautious about what you generate and use from both a marketing and security perspective. All it takes is one exploitable mistake for a threat actor to cause widespread reputational damage, and it's simply not worth the artificial time saved.” 

Kumar equally sounds a note of warning on AI and the data being used to drive it forward. “We’re seeing ChatGPT spreading like wildfire. AI technology that’s crawling over data sets and all information  injected into it,” he says.

“While the conversation is largely centred around the endless possibilities or detrimental impact on certain professions, very quickly we’re going to see conversations about privacy, accuracy, data completeness and the potential use of data to fuel the algorithm without appropriate consent. AI or algorithm ‘data-scope’ and management of that is going to be critical, very quickly.”  

Elsewhere, Protegrity A/NZ managing director, Robert Beck, believes data governance departments are beginning to understand they cannot rely on perimeter protection alone for keeping data safe and secure. Saagar specifically notes increasing cyber security incidents, coupled with changes to Privacy Act, are driving large organisations to invest more in data masking and data cataloguing products, to get a better grip on their in-house data, and the associated commitments.

Many marketers are also increasingly preparing for the approaching removal of third-party cookies from Google at the end of this year. “Whether this will be positive or negative will depend largely on how companies address the management of their own first-party data,” n3 Hub business development director, Stephen Schwalger, says.

“Organisations that develop a first-party data strategy with permissions-driven privacy and security-based model at its core can deliver positive privacy outcomes for their customers. Applications such as customer data platforms with the appropriate security, privacy and data encryption features will be important as will improved overall IT systems security.

“For smaller and mid-tier companies, we see privacy of PI becoming a more critical issue as they often don’t have the IT and platform resources to manage these requirements.”

According to Harb, struggles to meet prescribed deadlines is why automation and workflow management will become top data privacy technology capabilities.

“Finally, with cybercrime presenting a formidable challenge to modern life and work and the potential to wreak havoc on our businesses, an organisation’s best defence against cyber threats is a cyber resilience framework including robust, multi-layered security and data protection,” he says.

Critical components of a holistic approach to cyber resilience include employee training; blocking threats before they can infiltrate a network by protecting endpoints; preventing email-borne threats such as ransomware, phishing and business email compromise; threat hunting with security analysts to detect and respond to breaches as quickly as possible; and recovering data by keeping critical systems online during a worst-case scenario.

Up next: What marketing leaders and their teams can do to be better prepared

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

More Videos

More Brand Posts



CMO's top 10 martech stories for the week - 9 June

Read more

Great e-commerce article!

Vadim Frost

CMO’s State of CX Leadership 2022 report finds the CX striving to align to business outcomes

Read more

Are you searching something related to Lottery and Lottery App then Agnito Technologies can be a help for you Agnito comes out as a true ...


The Lottery Office CEO details journey into next-gen cross-channel campaign orchestration

Read more

Thorough testing and quality assurance are required for a bug-free Lottery Platform. I'm looking forward to dependability.

Ella Hall

The Lottery Office CEO details journey into next-gen cross-channel campaign orchestration

Read more

Great Sharing thoughts.It is really helps to define marketing strategies. After all good digital marketing plan leads to brand awareness...

Paul F

Driving digital marketing effectiveness

Read more

Blog Posts

Marketing prowess versus the enigma of the metaverse

Flash back to the classic film, Willy Wonka and the Chocolate Factory. Television-obsessed Mike insists on becoming the first person to be ‘sent by Wonkavision’, dematerialising on one end, pixel by pixel, and materialising in another space. His cinematic dreams are realised thanks to rash decisions as he is shrunken down to fit the digital universe, followed by a trip to the taffy puller to return to normal size.

Liz Miller

VP, Constellation Research

Why Excellent Leadership Begins with Vertical Growth

Why is it there is no shortage of leadership development materials, yet outstanding leadership is so rare? Despite having access to so many leadership principles, tools, systems and processes, why is it so hard to develop and improve as a leader?

Michael Bunting

Author, leadership expert

More than money talks in sports sponsorship

As a nation united by sport, brands are beginning to learn money alone won’t talk without aligned values and action. If recent events with major leagues and their players have shown us anything, it’s the next generation of athletes are standing by what they believe in – and they won’t let their values be superseded by money.

Simone Waugh

Managing Director, Publicis Queensland

Sign in