Chief marketing officers and chief privacy officers have very different ways of looking at the world.
“Are there any marketing folks in the room?” asked security professional Aubrey Turner, addressing roughly 50 privacy pros at an International Association of Privacy Professionals conference in Washington, DC, on Tuesday.
No hands went up.
“Good – because I’m going to pick on them for a minute,” said Turner, who serves as director of strategic solutions for identity access management at Optiv Security, a cybersecurity solutions provider.
The tension derives from opposed priorities around data collection, access, management and use.
“I’m not knocking the marketing team – they have to do what they have to do – but they’re building first and thinking about the implications second, and we’re not often part of that conversation,” Turner said. “The information they’re collecting … may be sensitive and they might be sharing it with third parties. The risk to exposure is there and we need to understand it.”
That’s not to say that marketers don’t care about consumer privacy, but CPOs often find that they’re not being consulted about marketing’s decisions, especially around data.
An educational session about online behavioral advertising in financial services called “Wait, Marketing Wants to Do What?” should have been called “Wait, Marketing Did What?” quipped Jamie Rubin, a partner at InfoGroup LLP, which focuses on privacy, data security, ecommerce and information technology.
But data collection, especially for cross-device profile building, has already become inextricably interwoven with the debate around consumer privacy.
While a recently released cybersecurity report from the George Institute of Technology highlights that “businesses are driven to collect more data on consumers to improve operations and lead generation, posing a significant risk to privacy,” the 2015 Edelman Trust Barometer found that 54% of consumers cite “greed” and “money” as the two main motivators behind business innovation.
According to Nielsen’s most recent “Global Trust in Advertising” report, digital advertising brings up the rear in terms of trust, behind television, print, radio, billboards, movie trailers and even product placements in TV shows.
It’s perhaps understandable, considering the origin story of the now famous case of Target knowing a teenage girl was pregnant before her dad did by sending a mailer to her home full of baby-related items like cribs and diapers.
Andrew Pole, the statistician who cracked the code on Target’s pregnancy prediction algorithm, told The New York Times in 2012 that the original motivation came from the marketing department, when two colleagues popped by his desk to ask, “If we wanted to figure out if a customer is pregnant, even if she didn’t want us to know, can you do that?”
The marketing use case for Target’s pregnancy score is clear – sell more stuff and keep customers coming back to the store. But it’s a privacy quagmire.
“Look at the largest enterprises – GE or Walmart, for example – and think about the number of consumer identities they have,” Turner said.
Despite the perception that compliance is tedious or inhibits creativity or innovation in some way, it’s always better than having to mount a defense, said Michelle Cohen, a privacy lawyer at Ifrah Law LLC.
“My goal is to keep the client outside of litigation,” said Cohen, who joked that before being introduced to a client’s new CMO a while back, she was told by her client to “scare him.”
Because litigation is avoidable. “The way to do [it] is to have a fulsome consent policy, even though the marketing folks may not be all that excited about it,” Cohen said.
Although Cohen was referring in that instance to compliance with the Telephone Consumer Protection Act, the federal statute that limits robocalling and the use of autodialers, it’s a sentiment that rings true across the board.
Take it from Kristi Thompson, deputy division chief of the Federal Communication Commission’s Telecommunications Consumers Division enforcement bureau: “Sometimes people think compliance is boring, but the alternative is excitement – and legal excitement is expensive.”
