Why data security matters to your CX efforts
- 02 October, 2019 09:53
As data moves to assume a central role within business in the digital era, its importance to marketing and customer experience professionals has never been greater. But nor has the need to ensure the security of such data.
Data security requirements are only growing as lawmakers look to increase regulations and consumers themselves expect stronger protections against breaches or use outside of stated purpose. By 2022, half the planet’s population is expected have personal information covered under local privacy regulations similar to the General Data Protection Regulation (GDPR) and California Consumer Privacy Act. It’s a significant jump on the one-tenth today, according to Gartner’s State of Privacy and Personal Data Protection 2019-2020 report.
In line with this, consumers will reward, and punish, organisations they believe do or don’t protect their privacy through strong data security. Not surprisingly then, data security has become one of the top risks most organisations face, Deloitte risk advisory cyber team partner, Daniella Kafouris, tells CMO.
“Data security and data privacy are placed as one of the top 10 risks due to the rise in breaches, regulation and reputational damage ensuing from poor practices around data privacy and security,” Kafouris says.
Oracle experience director APAC, Sharon Seppelt-Don, describes data as the engine that runs all businesses. This has elevated data security in the eyes of the entire enterprise.
“Data security is becoming more of a concern for CMOs due to the shift in how marketers are strategising – they are evolving the way they plan, project, forecast and are using data to support their performance drivers,” she says.
Getting on top of data security
There’s an important step before making critical data security decisions, and not least, investing significant amounts of money into systems. And that is ensuring you know which data needs protecting and why.
“It begins with data governance,” University of New South Wales chief data and insights officer, planning and performance, Kate Carruthers, says. “This is about working out what data needs protecting and what data doesn’t.
“There has been a lot of focus on improving data practices and marketers have taken cognisance of it. As more organisations realise data is a real asset and needs to be managed as one, it will be taken more seriously.”
Carruthers, who has a background in marketing and is also a senior lecturer in the university’s school of computer science and engineering, explains the aim is to preserve the confidentiality, integrity and availability of the data.
“Preserving the personally identifiable elements of the data starts with your data governance policy,” she says.
Data security also comes back to ethical use. Kafouris says this again relies on practices that take into consideration how data is protected.
“Organisations not balancing these with the ability to unlock value are not only missing an opportunity, but are also not providing sufficient protection of their customers’ data that can support in building trust,” she warns.
Data leaving the organisation when it’s necessary to execute marketing programs with external providers also poses a particular data security risk.
“This delivers an issue in relation to effectiveness, not a true omnichannel personalised experience, but most importantly security of customer details leaving their secure environments,” Kafouris says.
Good data management practices, according to Carruthers, go a long way to address the complexities of managing data and ensuring data security across multi-channel marketing and multi-silo data. Firewalls, multi-factor authentication and restricting administrative privileges are among the basic steps, although Carruthers adds encryption, access controls based on business purpose and a sensible policy framework to the must-do list.
Oracle’s Seppelt-Don points to data multiplying through the digital landscape, adding complexity and presenting new threats.
“In an ever-evolving ecosystem where digital touchpoints are becoming increasingly intricate, it is very easy to experience pitfalls: Whether this be through bot traffic, fraudulent behaviour, data breaches, leakages, or the most common – incorrect use of data without consent,” she explains.
For Carruthers, one of the most worrying new threats emerging is ransomware, which in some US cases has shut down entire cities. Ransomware is a form of malware that encrypts a user’s files maliciously. The attacker then demands a ransom from their victim in order to unlock and restore data access.
“It will be an increasing threat here in Australia. Can you imagine a marketer’s horror when all their data is locked by bad actors,” Carruthers comments. “Data is your asset and they can crypto-lock your data and ransom it back to you. It’s huge business. If your data is not available to you, you can’t use that asset.”
Up next: How artificial intelligence and machine learning help and hinder data security, plus a checklist
The AI/ML frontier
Another technological change agent in this mix is machine learning and artificial intelligence (AI). As both become more commoditised, organisations are extracting more and more insight from large personal data stores, processing data in new ways and exposing it to new privacy risks. And unlike many regulatory standards, modern privacy laws demand a fundamental transformation in how personal data is managed and cannot be dismissed with a narrow checkbox mentality.
Those in this environment see the opportunities for marketers as well as the resultant pressure on privacy.
“A lot of new cybersecurity products are driven by machine learning - marketers will be able to mine the data and improve predictive models and improve their targeting,” Carruthers says.
Kafouris sees machine learning as a way to support operational privacy implementation and where automation can apply. She predicts these kinds of new technologies will provide opportunities to build privacy by design, nominating blockchain as an example.
However, the more data organisations have, the more people can be identified, even if it has been anonymised. What’s more, data ethics is gaining increasing importance as ML and AI advance, also further raising the privacy stakes.
“Anonymisation and pseudonymisation are often misinterpreted as opportunities to not have to comply with privacy regulations; however, the full lifecycle of data must always be taken into account,” Kafouris says.
Seppelt-Don nominates the expanding rights of data subjects and “their right to obtain confirmation of whether their personal data is being processed, where and for what purpose” as part of these increasing responsibilities around protecting data.
“The consumer must be provided a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of people,” she says.
Expanding rights of data subjects also increasingly includes data erasure, or the right to be forgotten, which allows someone to have the data controller erase his or her personal data.
This is about ceasing further dissemination of the data and also means potentially having third parties halt processing of such data, Seppelt-Don says. “It should also be noted this right requires businesses to compare the subjects’ rights to the public interest in the availability of the data when considering erasure.”
Data security checklist
So to help marketing and CX leaders get a better handle on modern data security, we’ve compiled a quick checklist:
- Privacy needs to be more than just a check-box on the to do list.
- Data security must be applied wherever data resides.
- Look for ways to empower customers to control their data.
- Use privacy consent and marketing for brand differentiation.
- Prioritise privacy and data security across multichannel marketing.
- Plan risk mitigation throughout the data lifecycle.
- Data security technology must develop for consistent security policies across silos.
- Look to machine learning (ML), blockchain and anonymization to meet new privacy requirements.
- Data security technologies and identity and access management (IAM) technologies need to converge.
Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, follow our regular updates via CMO Australia's Linkedin company page, or join us on Facebook: https://www.facebook.com/CMOAustralia.