Q&A with Tealium: Data regulations and the consumer experience

Be careful what you wish for. Every carefully curated ad that pops up on social media, every time a company seems to know exactly what you want, when you want it, is the result of just how accessible our individual data has been up to this point in time.

But recent data privacy scandals have rocked the very foundation of online marketing—in turn, shaking up the highly personalized consumer experience that we’ve quickly become used to. With yet more data regulations on their way, what does this mean for the future of marketing?

We were lucky enough to discuss this issue and more with Mike Anderson, co-founder and CTO of consumer data-management company Tealium.

1) Why are we seeing such a sudden rise in consumer data regulations?

Some of the biggest news stories of the last few years have been the direct result of the use— or misuse, rather—of consumer data. Consumers and lawmakers are more aware than ever of how the proverbial sausage gets made when it comes to their online experiences.

While the vast majority of companies collect and use consumers’ data with good intentions, and consumers generally trust the companies they like with their data, I think everyone recognizes the need to codify how trust should be earned and the consequences for when that trust is breached.

The GDPR and CCPA are the first ripples of a much larger wave of regulations to come.

2) Given the wealth of data out there, do you think that the GDPR and CCPA are cases of “too little, too late”?

At the heart of these regulations is instilling trust in consumers and providing accountability for when that trust is broken. It’s never too late for companies to take control of how they handle consumer data or to place trust at the center of the customer experience. 

On the macro-scale, is it too late for these regulations to have the desired effect of instilling trust in consumers? In the long run, consumers will be more wary about the information they’re giving to companies, and companies will be incentivized to do better with that information.

With consumers able to request that companies delete their data or take individual action, these regulations shift the balance of power in a way that’s ultimately positive for all parties. 

Companies are also realizing that requirements like GDPR and CCPA are resulting in effort that isn’t just a set it and forget it strategy.

These requirements coming out in quick succession are showing companies that privacy is something that must be addressed from a company culture perspective, and in that sense, it’s never too late.

3) Where do you think businesses might slip up? What are some of the common pitfalls to be avoided?

One of the most common points of failure for businesses trying to comply with GDPR and CCPA regulations, such as the right to have one’s information deleted, is the fractured nature of most companies’ technology stack.

Consumer data is collected, stored, and activated through dozens, if not hundreds, of different pieces of software, many of which don’t speak to each other. Without the ability to see all of this data in one place, companies will struggle to comply as the first wave of deletion requests roll in en masse.

4) It’s been reported that the introduction of the CCPA may cost businesses up to $55 billion in initial compliance costs—how can businesses lessen this financial outlay?

With GDPR already in effect for over a year now and the 1st January 2020 deadline for the California Consumer Privacy Act (CCPA) on the horizon, companies should be proactively taking steps to securely, ethically and legally handle this data. 

In Tealium’s newest data study, “Trust is Golden: How Brands Can Prioritize Privacy in the Age of Data”, we have included steps companies can take towards fully complying to the new CCPA regulations and lessen this financial outlay:

1. Abide by a new definition of privacy: Creating a policy that is understandable and clear enough to be shared among consumers and employees alike is the first step in attaining CCPA compliance. 
2. Draft a privacy manifesto: This helps companies ensure that their processes line up with those required by the CCPA. Not only is this a must to avoid any issues with law enforcement, but also to have a simple plan for data collection.
3. Remember that trust is a company-wide effort: Tying the first two steps together, this final step proves to be the most important. Consumer trust is key for a successful business, and cannot be done without the proper, company-wide procedures.

In addition to these steps, organizations should be able to answer four questions about what’s happening with their consumer data:

• What’s being collected?
• Are customers giving consent? 
• Can they request what’s known about them? 
• Can they ask for that data to be erased? 

Everyone within the organization should understand the intent behind the company’s data practices. During these conversations, team members should take inventory of all the data points the brand currently collects and weed out what isn’t needed. This way, when regulatory requirements do come into effect, there is less of a scramble to clean up practices. 

5) Do you think that the CCPA—and the ramifications for personalization—will have a significantly detrimental effect on the overall user experience?

I believe CCPA will have a significant effect on the overall user experience. With several businesses having been hit with penalties under new privacy regulations, it’s evident that consumers now have a desire to be in control of how their data is collected and used amongst brands. 

However, while brands must be compliant and ethical about how they gather consumer data, they are still expected to build complete customer personas in order to provide relevant, personalized experiences. 

6) If so, how can brands help mitigate these effects as much as possible?

Brands can take several approaches to ensure they are not infringing on consumers’ privacy, but the key is—they must always be completely transparent with consumers.

If a brand begins explaining to consumers how their business handles customer data and this makes them uncomfortable, the company likely needs an adjustment in both mindset and practices. 

To continue providing a unique, personalized experience to consumers, brands must become more deliberate in their data collection practices.

It is the responsibility of the brand to educate consumers, manage and communicate data privacy practices and protect consumer data. Therefore, businesses must be transparent in the ways they are collecting and using data—electing consumers to share more data which will result in a better brand experience. 

Brands need to also explain the ‘why’. Companies should strive to tell consumers the story of how the brand is using their data to create a relevant brand experience.

By making this known upfront, consumers are more than likely to share more data with a brand. This can be achieved by rewriting consumer-facing privacy and data usage policies.