As a marketer, you want to know as much as possible about a customer or prospect so that you can develop strategies to better target them and to generate more revenue. As an individual, you want to protect your personal information from misuse or mishandling. Finding a happy place for everyone is complicated. It requires respect and diligence from marketers and trust and understanding from individuals.
This is part one of a series of posts to help promote a general understanding of the current state of Information Privacy in the online world and explain why it’s important to marketers.
Understanding the Information Lifecycle
The Information Lifecycyle as it relates to Information Privacy and Personally Identifiable Information (PII) is defined as the complete history of data from the point it is captured until the time it is destroyed. The IAPP names the individual stages of the Information Lifecycle as: Collection, Use, Disclosure, Retention and Destruction. At each stage in the lifecycle, there are important considerations for marketers.
Collection refers to how data is captured or acquired by an organization. As marketers, we are generally working to strike a balance between collecting as much information possible and not scaring away a prospect or customer. Data can come from Having lots of data points to work with can help with segmentation and targeting. But having more data presents a potential problem in terms of the damage that might arise from a potential data breach. A general rule of thumb is to capture and retain only the information that is both useful and likely to be used.
Over 3 billion records were stolen as a result of data breaches in 2016. It’s not getting any better in 2017. See the biggest hacks of 2017 at ZDNet.
Use includes everything from how the collected information is used to make marketing decisions like segmentation and targeting, to the potential sharing of information between interested parties. As a marketer, honoring the relationship between how you use data and the level of consent that an individual agreed to let you use it is critical.
Disclosure refers to the sharing of information whether it’s with a third party or within divisions or sister organizations of the original data collector. It’s important to be true to the terms of your privacy notice. If you don’t clearly state that data will be shared, don’t share it. And if you do state that it will be shared, be certain that you share only within the confines of your privacy notice and verify that the receiving party will not disclose the information to other parties.
How long to you continue to hold data? The answer should be, only as long as it is useful. Remember that retaining the data creates additional liability in the event of a data breach. A smart marketer will have a policy in place to determine the useful lifespan of data and a plan to destroy the data once it has expired.
At some point data has limited or no value. Determine the point at which the value of the data is less than the potential liability. Then verify that processes are in place to delete the data if there are not legal or compliance issues that would prevent it.
Understanding the full lifecycle can help shape marketing strategy and reduce risk. It’s a responsibility that shouldn’t fall exclusively to the marketer. Several stakeholders should be involved including representatives from IT, Legal and the C-Suite.
Knowledge is key—you can do an informal evaluation of your data simply by walking through these steps. There may be questions you know the answer to, and there may be questions you don’t. As a quick reference, see how detailed you can get with the following questions:
- Use: How are you using the data you’re collecting in your marketing campaigns? Are you collecting data you aren’t using (e.g., birth dates or zip codes)?
- Retention: How long are you keeping the data you collect? What are you doing with that data after it is no longer useful? What is the typical lifespan of your records?
- Destruction: Are you deleting records? If you’re subject to compliance, the answer to this question should include any and all data retention requirements. The same is true if you have legal restraints.
For comprehensive information about the information lifecycle, refer to IAPP.org, and stay tuned for future deep dives into the intersections of privacy and marketing.