Jodi Daniels, Red Clover Advisors, and Kenneth Kinney, VP of Marketing and Digital Strategy at Ai Media Group, discuss some best practices in data, privacy, compliance, and respecting customer data on Ai Media Group’s “Advanced Intelligence” show.
Kenneth: Jodi, welcome to the “Advanced Intelligence” show. Would love to talk to you about data, privacy, compliance, and all that good stuff today. Between CCPA; all the amendments that are going with it; GDPR; we’re seeing legislation a lot of states; you’re throwing cookies away; Apple is making changes to iOS; how should an agency really look at the changes with what’s happening in such fast and rapid cycles, yet still deliver for their clients with good results, all while respecting Consumer Rights and Privacy with respect to data?
Kenneth: At least with respect to the changes that we’re seeing coming with a lot of the laws, what should agencies and brands, look for in the near-to-mid-near future.
Jodi: Well, there’s a variety of new laws on the horizon especially here in the United States. Virginia, literally while we’re recording, is on the governor’s task and expected to pass. It would be the second state privacy law and in some respects it kind of moves a little bit closer to GDPR. There’s a couple other states that are copying California and then a couple of other states that are also moving more to the GDPR approach, which signals a bit of a divide on how privacy looks. Is it the individual or the company’s data? Here in the United States, we’re very company focused. It’s a fundamental shift to start looking at the individual’s data first. An agency really needs to be on top of the laws and understand the impact and be able to create some creative solutions to still be able to connect individuals to the brands. Look everyone’s gonna still need the services. They’re going to still want the cool products. It’s just a matter of how we’re getting it to them. Marketing evolved. When TV came out, that was going to take over radio. When radio came out, it was going to take over newspapers. With every evolution there’s always been some type of a threat and it’s always adapted. That’s going to be the same situation here. People still need the item. We just need to adapt to the current digital environment and do it in a way that respects the individual’s right and we want to comply with some laws.
Kenneth: Well, having worked with a lot of agencies in the past, prior to me even coming over to Ai Media, something you notice is the level of sophistication that a lot of a lot of agencies have or do not have with data use. Luckily, we’re in a place where we have a much higher level of sophistication with data than a lot of agencies. I would love to get your take on what level of sophistication should a brand look for when they’re considering an agency partner to work with.
Jodi: Well, one of the first questions should be is the agency able to comply with whichever law the company needs to comply with. For example, if brand A is a global brand and it needs to comply with GDPR, then it needs to make sure that its agency, who in GDPR-speak is a ‘processor’ or in CCPA-speak is a ‘service provider,’ is able to make sure that it can comply with the law. That’s going be the very first step that you’re going to want to look at. The next is going to be whatever tools you’re using should also should be compliant with whichever laws you again need to comply with. The agency should also be well versed and be able to be a ‘guide’ and help explain here’s what we’re doing; here’s how this is in compliance. Now ultimately it’s the brand and it’s the brand’s data. The brand needs to be the one owning its privacy responsibilities, but a brand hires an agency because it wants that level of expertise. Again, it needs to be a guide and make sure that the vendors is picking has gone through the diligence. Say vendor A, have you complied with XYZ law? You have? Great, you’re going to be on our preferred list. Oh, the cool new vendor over here, you’re going to do what kind of thing with that data? Hmmm. Tell me how that complies….oh, I don’t know….maybe not on your preferred list. That extra effort needs to be on the agency to do that for its clients.
Kenneth: Well, a lot of times this gets discussed by senior directors to C-level and executive level people, but so many others are actually handling the data today. That brings into question, when and who and how people should start thinking about how they’re actually working with the data and respecting compliance. How do you go about helping with organization look at that plan holistically so that everybody that’s touching the data really understands a little bit better how to use it better?
Jodi: Well, part of that has to be to understand that data lifecycle. Where’s the data originating from? Where is it going, literally? What database? For what purpose? Along that journey you can then determine who’s responsible for which part. Do I need to do for a compliance level, but above and beyond compliance, we have to go with our brand strategy? What are our principles? The law might say you can absolutely go and do XYZ, but then the question is should you? What is the end individual going to think about that? If you understand the data lifecycle and the business purpose, then you can make sure that all the different stakeholders….and there should be someone on the brand side that’s going to be responsible for owning that part and there should also be someone internally on the agency side who’s able to corral whether it be multiple people within an agency or just a central person in an agency. Everyone does a little bit different and that’s okay. Someone should be familiar enough with how the campaigns in the different activities will align with the different obligations and because of that, they’ll know we’re going to use data in this manner, through these systems, and for this type of campaign. Because they understand that whole life cycle and they’ve done that diligence, they’re able to speak intelligently back to the brand and you have both sides doing their level of responsibility.
Kenneth: A lot of times brands will hand over a file with a lot of data on it to an agency. What level of expectation should brands really have in passing that data over to use, especially their first party data, with how it should be used or respected by the agency partner that they work with on a day to day basis?
Jodi: So I’m going to actually flip that question a little bit because it really should be the agency to set up the appropriate process to respect the privacy to receive such a file first. That file of personal data should not go through regular emails. There should be appropriate protocols set up like an FTP site or something that’s going to be secure. There’s a lot of still kind of sending all different directions of how that data gets there. That’s going to be the first piece.
Kenneth: An SFTP.
Jodi: Pardon me?
Kenneth: An SFTP.
Jodi: (laughter) Yes, it’s still morning and my cup of coffee was not fully drank yet. (laughter) The idea then is that it’s on the agency to have a solid process. Then from a brand’s point of view, it needs to ask “well, agency where are you storing this?” If I’ve sent it to you appropriately, who has access to it? How long are you keeping it? Where are you putting it? Are they full time employees are they contractors? What are their security measures and controls? So, it’s the brand’s responsibility to make sure that its agency and any service provider is handling the data with utmost care. Again, it’s the agency’s responsibility to make sure that it’s developed a process to handle that data and expects clients to follow that process because it protects both sides.
Kenneth: When you’re working with an agency, like ours or like any, what are the steps that you sort of put into place to help that agency put real processes into place that they can use every day to make consumers feel comfortable and to make the brand’s feel comfortable with respect to that data?
Jodi: The first part is going to be actually what is the business process. If a file is going to come over, someone’s going to have to receive it. Then, where else does it go how many teams need to touch that data? Through understanding the business process, you’re able to figure out which people need to actually have access to it. What’s the best way to have access to it? Where should it stay? How long do you need to keep it? Understanding and creating an appropriate business process that preferably you document so everyone can kind of see that’s our process, but then you will have to train people. Just having a document and filing it in some drive isn’t enough. You have to explain here’s why we’re doing it this way. Here’s what the process is team members. As new people come on board or people change roles you have to keep up with it. Then as new vendors or the business might evolve; there might be other stakeholders or other ways we’re using data. The process has an evolve with that expansion. Training is a critical piece and making sure that it’s a process that’s going to make sense. You don’t want to inhibit a solid business and an efficient and effective process because we need the utmost security and privacy. There’s a way to all of it. You can use LastPass as an example for sharing passwords. Making sure you have someone potentially in I.T. or security managing the access controls to it and reviewing it on a regular basis….those types of things.
Kenneth: One of the things that I’ve always taken a lot of pride in having worked in big data and then brought some of that mindset with me through the rest of my career, including working at Ai Media Group. One of the really impressive things about here that I’ve loved and I now would like to ask you this question, to see if it sort of resonates as well. How can an agency leverage data privacy as a competitive advantage because I’ve seen it as something that we’re able to do. I’ve seen it a lot in big data, but I’m curious how you see this being that you’re focused on that kind of practice?
Jodi: Sure. I think it’s is a big differentiator for agencies and all companies. If an agency thinks about who are its customers, many of those customers likely have privacy as a top priority for them and they will only do business with companies, agencies, and service providers that are honoring those privacy obligations and not jus on paper and a pretty privacy notice, but really speak it. They do that through some of these processes that we had. They’re doing that through educating their clients on here’s how to create a solid marketing program, but with a privacy-first approach. Because whether we like it, this is the current situation and the future is going in that direction. Agencies that are able to adopt that and explain to their brands and customers why this is good for them and how they comply will easily have a competitive edge over all the others that are not. There’s plenty of other companies that are going to kind of be the last to come over because they don’t want to.
Kenneth: Exactly. Well Jodi, thank you. This has been fantastic. Thank you for joining us on the Advanced Intelligence show.
Jodi: Well, thanks for having me. It was a delight.