Put consumer data privacy first -- analytics value will follow

Data privacy and privacy policies are sensitive subjects, but done right, they may also create a competitive advantage.

Two years ago at a predictive analytics conference, Andrew Pole gave a keynote on how Target Corp. used consumer data to improve marketing efforts.

"'Guest' is Target's word for customer," said Pole, then senior manager of media and database marketing for the Minneapolis-based retailer. "Instead of CRM, we do GRM."

Not unlike other businesses, part of Target's strategy involved capturing and combining demographic and behavioral data from multiple channels. The data helped build customer profiles and shed light on repeated behavior, which Target used to strategize marketing campaigns. But the data was also used to forecast new behavior -- such as planning for a baby.

"How in the heck do we do that?" Pole asked attendees. "We develop a model to predict if a woman is likely to be pregnant with child. We've done this, and it's fairly accurate."

At a predictive analytics event, Pole's talk of mining consumer data to uncover marketable patterns of behavior was not surprising. But earlier this year, when The New York Times writer Charles Duhigg pulled back the curtain on how Target identifies potentially pregnant customers, the story -- which featured Pole -- did not sit as well with readers. In the days after the article hit newsstands, the retailer was called "Orwellian" and "creepy," and online media sites were inspired to publish stories on data protection.

The line between data analytics and data privacy is hardly a well-defined one, and with the advent of "big data" analytics, the line has become even blurrier. Better technology and increasingly granular data analyses raise security, ownership and privacy questions, not just for consumers, but also for businesses that want to better understand and serve their customers. Even so, data privacy and privacy policies are still sensitive subjects; questions about these topics tend to elicit generic or vague responses -- if they elicit one at all. But as the subject of privacy becomes more prominent for consumers, there are steps businesses can take to avoid entering into Big Brother territory.

Data education

In the last four to five years, corporate employees who have access to consumer data have grown dramatically, according to Noah Lang, vice president of business development at Reputation.com, an online reputation management company based in Redwood City, Calif.

The biggest risk in the big data industry is leakage of data: the wrong data getting into the wrong hands at the wrong time.
Noah Langvice president of business development, Reputation.com

Today, chief marketing officers, marketing managers and business analytics professionals, to name a few, all have their hands in the data pot. The problem, Lang said, is that training and education on consumer privacy rights, data protection and security are not keeping pace.

"One of the key things to note is that you have more uneducated employees -- I don't mean in the traditional sense, but instead in terms of privacy -- touching consumer data than ever before," Lang said.

As data accessibility increases, the chances of mishandling sensitive information increase as well. Before granting access, business owners and risk managers should ensure internal policies and procedures on data usage are in place and have been communicated to those collecting and analyzing data.

But education isn't a one-way street. To build strong policies and procedures, businesses need to become educated on how they interact with data -- what information they're collecting and what information they're purchasing. Specifically, Lang said, business owners and risk managers need to keep tabs on who is collecting what, where the data is coming from and where it's going.

"The biggest risk in the big data industry is leakage of data: the wrong data getting into the wrong hands at the wrong time," Lang said.

Knowing how data is moving through the business can expose potential gaps in the system. That can, in turn, cut down on expensive and damaging data breaches. Knowing what data is being collected can help determine how it should be handled. If a company collects personally identifiable information, for example, security compliance, encryption and restricted access should factor into the equation, Lang said.

Another, more conservative approach is to quell what's become an insatiable hunger for data by instead collecting only what's needed, Lang said. His advice echoes the "focused collection" initiative from the White House's Consumer Data Privacy Bill of Rights, unveiled just days after Charles Duhigg's data mining article appeared.

But focused collections push against a common practice and a growing industry trend, especially for businesses investing in big data technologies. A Hadoop cluster, for example, can indiscriminately capture huge volumes of multistructured data, which businesses can explore at a later time and determine whether it's of any real value. Some analysts see this as an opportunity to strike out in a new data management direction, but Lang cautions against it.

"There are always interesting things you can do with data down the line," he said. "But that's the number one place you can reduce risk: Don't overcollect."

Privacy as a competitive advantage

Consumers are also becoming savvier. They are employing companies like Reputation.com to take control of their online appearance. They are learning how businesses are mining data. And they're becoming more attuned to online privacy policies. According to Lang, this growing consumer awareness can be a competitive advantage for businesses.

"You have to have some kind of notice if you are collecting data," he said. "You can choose to bury it in a privacy policy or you can choose to feature it."

Providing clear notice and context to customers about data collection and analysis can help businesses build better relationships. But transparency is only part of the equation, said Lang. Allowing customers to weigh in on what is being collected can give customers a sense of control.

Companies such as Google or Facebook are doing this today -- to a point. When they roll out a new product or a new privacy setting, they include an option to opt in or opt out. It's a start, Lang said, but it stops short.

"We have demonstrated within our products a secondary degree of control," Lang said. "The ability to append or delete or update data actually makes consumers far more willing to participate."

While providing this kind of control can help build trust between businesses and their customers, it can also supply businesses with the most up-to-date, most accurate data about their customers, Lang said.

But banking on data privacy as a competitive advantage won't be a safe bet forever. The online world is changing: Consumers are realizing their data is an asset, Lang said, and they're going to want to control that asset.

"That's what's being built today by some of the leading data protection companies: the tools and the infrastructure to collect your own data, to protect your own data and to release it as you so please," he said.

Next Steps

Learn about six data privacy questions to ask SaaS vendors

Read how data privacy concerns are still hindering cloud progress

When it comes to BYOD, businesses must be clear on data privacy

Dig Deeper on Business intelligence data mining