British Airways faces a record fine of £183m for last year’s breach of security systems, which resulted in the harvesting of 500,000 customer’s details in the same week that the UK data protection regulator announces it will fine the hotel group Marriott International over £99m, after it was hacked in November last year.
With high profile cases like this increasingly common, it’s clear that the issue of data governance and it is becoming higher in the public’s consciousness. The issue of data protection used to be a conversation for tech geeks. Now it has become a favourite of politicians hitting the campaign trail.
You can see the tide changing. Very public data breaches like the above are forcing a very public debate and will likely to lead to much more legislation and overseeing. Even big tech companies themselves are not immune. It emerged last month that Facebook faces a lawsuit over a data breach that affected nearly 30 million users.
Europe set the pace for the world when it introduced GDPR last year – the single biggest change in data privacy regulation in 20 years. The regulations limited how companies can use information that touch on someone’s ethnicity, political opinions, religious beliefs or sexual orientation. One year on from GDPR and it looks like it could become the global industry standard.
In the United States, where federal oversight is weak, some states are starting to adopt similar measures. The California Consumer Protection Act (CCPA) for example will become law on January 1, 2020. Under the new rules California residents will have the right to know what categories of personal information a business collects about them. They will also have the right to demand that the business delete all personal information it holds about them and they can demand that a business does not “sell” their personal information to third parties.
This is all good news for consumers, but how will it affect businesses?
With my experience, working with companies who use big data and A, I believe that third party data (data collected by someone else) and data brokering is going to become an increasingly difficult business. Any business that sells third party data is likely to see the value of the data erode over time as privacy laws restrict its use and make it increasingly complicated to navigate customer relationships.
So does this mean the end of marketing as we know it? No, it means that first party data will need to be the focus. First party data is collected by a company that has a direct relationship with the customer. For example credit card companies have a tremendous amount of data on us. But selling that data to other companies to use would be third party data.
This shift from third party to first party data will require many companies to change marketing strategies. They will have to think more about how they can utilise the customer information they have, as well as think of new ways to engage their existing customer base or web visitors. The days of being able to buy your marketing list or your next mailing list are numbered – companies need to reinvent how they go about lead sourcing. For companies in Europe, navigating around GDPR means that traditional cold calling / emailing tactics has become outdated and puts them at risk of regulatory scrutiny. This is a big change for just about every business. Even if they thought they were following the best interests of their customers, many are finding themselves on the edge of the law of data privacy.
For companies big or small – if they cannot find ways to leverage their first party data they risk being left behind. Maybe big companies have an advantage because they have large budgets to invest in new technologies. But figuring out ways to unlock and access their data will be a very tall mountain to climb compared to newer companies who can build from scratch. One thing is for sure, competition is going to heat up in business based on who can leverage data the most efficiently.