Is Uncle Sam coming for your data?

Did you know that your company’s use of customer data is on the of minds of the regulators in Washington? Regulation on big data could impact how you personalize, and  leverage customer data for digital and traditional marketing purposes.

Regulators are concerned regarding customers control of their data, monopolies on big data, and personal data security. As a refresher, Big Data is defined as massive data sets that are analyzed to understand patterns and trends of customers or users. It is often used to personalize the user experience.

Regulators are serious about enforcing compliance. The FTC has decided to get involved in Big Data, stating: “The commission will continue to monitor areas where big data practices could violate those laws and will bring enforcement actions where appropriate,” it said in a report issued in 2015.

And, there are many other regulatory agencies getting involved including Securities Exchange Commission (SEC), Federal Trading Commission (FTC), and state/local regulators.

Whether or not you believe there should be additional regulation on big data, as a marketer you will have to adapt to the legislation or face legal battles costing you a lot of money.

We will walk through the major areas of concern to government, and how you can stay ahead of legislation. Major areas of concern:

  • Customers’ control of their personal data
  • Monopoly of big data by the market leaders
  • Personal data security

Customers' control of their personal data

The problem: Regulators have concern that customers do not have enough control over their data. Regulators are looking for companies to make it very clear to customers what data they collect, how they will use it, and also how to opt-out of data collection.

The legislation:  This initiative was proposed by Julie Brill at a privacy conference in Washington, DC. It hones in on the individual’s right to choose what data to be made available to a company. It mentions “I support legislation that would require data brokers to provide notice, access, and correction rights to consumers scaled to the sensitivity and use of the data at issue. For example, Congress should require data brokers to give consumers the ability to access their information and correct it when it is used for eligibility determinations, and the ability to opt-out of information used for marketing.”  This bill was raised by Ed Markey, to regulate how information brokers can work. It points out how cheap it is to buy user’s demographic data and even a full profile. Ed wants to give users greater control over this data.

In Europe, websites have to get informed consent regarding cookie usage.  notes “The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage or for access to information stored on a user’s terminal equipment. In other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.”

What you should do:

  • Clearly tell your customers during the signup process what data is being collected about them and why. Be clear in how the collection of the data helps the user experience. For example, if you use the data to personalize, explain how the personalized experience will help them find products easier.
  • Provide your customers the ability to decide what data is collected about them. Customers should be able to opt-out of data collection.

Google lets you check what information is collected, and lets you adjust it. Google Privacy Control

Amazon lets you adjust what is included in the browse history, and even lets the user shut off history all together. Amazon User History

  • Ability for users to see the content collected. 

Google Activity History

  • Have users select OK to cookie collection.

Google Cookie Choices

More detail on how to implement notifications / acceptance to users before collecting cookies, look here

Monopoly of big data by the market leaders

The problem: The number of mergers in data driven sectors has been on the rise, and governments have taken notice. The number of mergers and acquisitions in data-related sectors has increased from 55 deals in 2008 to almost 164 in 2012” OECD (2015), Data-Driven Innovation: Big Data for Growth and Well-Being, OECD Publishing, Paris.

According to a NY Times article from Jan 8 2017, “And academics and some policy makers, especially in Europe, are considering whether big internet companies like Google and Facebook might use their data resources as a barrier to new entrants and innovation.”

From Kluwer Competition Law Blog “…no doubt sooner or later one or more authorities will open antitrust investigations into specific companies that have stolen a march over competitors in gathering big data and may be using that data to obtain an advantage over rivals in the same or neighboring markets.”

However, the cost of collecting big data is very low and continues to decline. The reality is that as data collection starts happening at even the smallest companies, the barrier to entry related to data collection becomes almost nil.

The legislation:

In Europe, in Google/DoubleClick, it was discussed whether or not cross database usage would impede competition.

The depth and scope of incumbents’ data stores may have implications for innovation—or, more precisely, how new or existing firms can access and use data to develop new products.” according to Debbie Feinstein from the Federal Trade Commission.

What you should do:

  • If your business has strong market power, be careful using your knowledge of customers to price discriminate, as they could be seen as anticompetitive.
  • This is primarily a concern when merging, so if considering a merger be sure to understand importance of customer data on the deal.
  • If you are not the dominant market leader, you are far less likely to be targeted.

Data Security

The problem:

Data security has been a hot topic in the last few years, due to high profile data leaks at major companies.

Russian hacking to influence the US election As we all painfully know, Russia has been accused of influencing the US election through disbursement of fake news, and hacking of information from the Democratic National Committee and to a lesser extent other political linked organizations.

Target data leak In the case of Target, the data leak cost them 39 Million in a lawsuit, not to mention the negative customer sentiment likely costing them far more in lost goodwill.

Anthem data leak In the case of Anthem, the data leak happened to almost 80 Million individuals! This incident has cost Anthem over a quarter million dollars. “Yahoo has now won the gold medal and the silver medal for the worst hacks in history,” said Hemu Nigam, CEO of online security consultancy SSP Blue.

Yahoo data breach There was a massive data breach of Yahoo accounts totalling over a billion accounts. This causes Verizon to demand a better deal, than the 4.8 billion originally planned.

The legislation:

Data breach regulation The initiative is to regulate the “need for federal data breach legislation to replace a confusing patchwork of state standards.”

What you should do:

  • Frequent security audits
  • Frequent security training for your employees related to phishing, etc to reduce threat of social engineering
  • Increased IT security focus and funding through software monitoring tools/platforms for security. There are a number of open source and corporate tools to ensure security: Aorato, Bit9, Cybderscan, Exabeam, Fortscale, LightCyber, Seculert, and Vectra Network.