The combination of recent identity theft and privacy scandals combined with significant new regulations have created a potential minefield for marketing and advertising agencies. How do we continue to create highly targeted, relevant advertising while ensuring that we’re protecting our customers’ information and making the right ethical and legal choices? This question was put to a panel of legal and advertising experts at the November edition of the Austin Advertising Federation’s Breakfast Serial.
One of the first questions the panel addressed was the applicability of the European Union’s Global Data Protection Regulation (GDPR), which went into effect in May of this year. The answer was a resounding “YES,” the regulation does apply to most US-based marketing agencies, because they reach a broad audience and use global networks like Google and Facebook. Brain+Trust Partners’ Tim Hayden, a panelist with extensive experience in the technology and advertising realms, also made the point that the recently passed California data protection law, California Consumer Privacy Act (CaCPA) of 2018 is similar to the EU’s GDPR and brings many of the same requirements to American companies.
So, given the onus is on advertising firms, what are immediate actions that we can take? The panel made two very clear recommendations:
- Review all sensitive customer data that your company stores, maintains, and handles, and ensure that you are taking all reasonable precautions to protect that data. Understand what you need and what you don’t, and stop collecting information you don’t need.
- Purchase cyber security liability insurance. This initial step will protect your firm in the event that you face a lawsuit.
These two actions will reduce your risk and provide a first layer of defense in case something goes wrong. The panel also pointed that making good faith efforts to protect data is a defense should you face litigation. Beyond the potential risks, executing good data protection and keeping your customers aware of your efforts inspires confidence and could serve as a competitive differentiator.
The panelists also suggested two resources that advertising firms can use to learn more as they craft their data protection strategy:
- Federal Trade Commission’s Cybersecurity for Small Business: A wide range of information from cybersecurity basics to a guide for employers
- Consumer Data Platform: Vendor-neutral information about the issues, methods, and technology related to customer data management
An audience question delved into a common practice in the advertising world, especially with smaller firms: The use of contractors. The counsel for both contractors and employees was clear: Ensure that they sign a confidentiality agreement that survives the duration of their employment, including voluntary and involuntary separations.
Paula Pierce, an attorney and frequent speaker and writer on identity theft, suggested that employers consult a lawyer when they make their first hire and any time one is terminated. She pointed out that small ad firms can address cost concerns by negotiating with law firms and requesting fixed fee arrangements whenever possible. James Hughes, a senior associate in the Austin office of Norton Rose Fulbright, added that a lawyer can quickly identify any major areas of concern.
The conversation ended on both a positive and cautionary note. While data and identity theft will remain a source of income for people around the world, and consumer privacy concerns will continue to expand, advertising will likely take on a simultaneously anonymous and individual tenor. So, advertising firms will have an obligation to protect both data and an opportunity to provide the most relevant and compelling content.
Sameer Shah is a member of Austin Ad Fed and the founder and principal of Khaana Marketing.