tag:www.econsultancy.com,2008:/topics/privacy-data-protection Latest Privacy & data protection content from Econsultancy 2016-08-02T12:30:00+01:00 tag:www.econsultancy.com,2008:BlogPost/68108 2016-08-02T12:30:00+01:00 2016-08-02T12:30:00+01:00 Brexit and the Digital Single Market: Three ways forward Todd Ruback <h3>Brexit, data protection and the Digital Single Market</h3> <p>The people have collectively spoken and now policy makers need to forge a path forward that honours the will of the people, while also ensuring the UK’s access to the all important EU economic market – especially the digital market and this is no easy task.</p> <p>The UK’s decision to leave the European Union comes just on the heels of the passage of the EU’s General Data Protection Regulation (GDPR), a massive piece of legislation that aims to give control over personal data back to the individual through a series of new codified rights.</p> <p>The GDPR is a pan-European law that will add certainty for companies selling their wares to EU citizens.</p> <p>More importantly, it is the foundation of the <a href="http://ec.europa.eu/priorities/digital-single-market_en">Digital Single Market</a>, a strategic European initiative that aims to create fertile conditions for European-based innovation that will add billions of Euros to the overall economy, the UK included, while creating countless jobs.</p> <p><iframe src="https://www.youtube.com/embed/mTeqrJJPkfg?wmode=transparent" width="560" height="315"></iframe></p> <p><em>As well as increasing access to goods and services, the Digital Single Market will also improve networks and drive economic growth</em></p> <p>The UK’s pending exit from the EU puts it at risk of not participating in the Digital Single Market unless another option can be implemented.</p> <p>Here are three possible paths forward, none of them straightforward, but paths nonetheless.</p> <h3>Three paths forward</h3> <p><strong>1. UK adopts GDPR</strong></p> <p>The UK can adopt the GDPR as its own national data protection legislation, but then would still be left with the dystopian act of applying – upon a politically bended knee – to the EU to be granted “adequacy” status, which is legal jargon recognising that your data protection law offers the equivalent level of protection that the GDPR provides.</p> <p>If you receive “adequacy”, as countries like Canada and Argentina have been granted, then data can flow between the two economies freely.</p> <p>At issue is whether political egos will get in the way of applying for “adequacy” designation, and that is impossible to predict.</p> <p><strong>2. Be Switzerland </strong></p> <p>A second path forward would be for the UK to follow the Swiss model and negotiate a series of critical trade agreements with the EU that will allow the UK access to the EU digital market.</p> <p>While a series of one-off trade agreements may require a lot of heavy lifting and must be done quickly, it is important to remember that reciprocal access by the EU to the UK economy, the second largest in the EU after Germany, is important to the EU.</p> <p><strong>3. EEA Membership</strong></p> <p>A third path forward may be the simplest and could represent a balanced approach that would both honour the collective will of UK citizens, while still providing access to the EU Digital Single Market.</p> <p>Namely, the UK could apply to become part of the European Economic Area (EEA), a 1994 agreement that opens the EU market to non-member states under certain situations.</p> <p>Norway is the prime example, but there are technical considerations that I am not qualified to comment on that still must be met before a country can join the EEA, and like the first option, could result in an unbalanced relationship since membership is contingent upon meeting EU mandated and monitored requirements.</p> <h3>Riveting but serious </h3> <p>The UK political theatre playing out in front of us is riveting, especially for an American privacy wonk such as myself.</p> <p>But its entertainment value is far outweighed by the economic seriousness that portent if cool heads don’t negotiate a way forward.</p> <p>I know some of these cool heads, both in London and Brussels, and am confident that they will find that path forward that honours the democratic will of the referendum, while also fostering conditions for joint economic prosperity.</p> <p>It’s in everyone’s best interest.</p> <p><em>More on Brexit and the UK's digital economy:</em></p> <ul> <li> <a href="https://econsultancy.com/blog/68003-ecommerce-in-the-uk-post-brexit-positives-negatives-opportunities/">Ecommerce in the UK post-Brexit: Positives, negatives &amp; opportunities</a> </li> <li> <a href="https://econsultancy.com/blog/68001-how-will-brexit-impact-digital-businesses-and-marketers/">How will Brexit impact digital businesses and marketers?</a> </li> <li> <a href="https://econsultancy.com/blog/68099-three-ways-uk-retailers-can-utilise-the-post-brexit-gbp-drop-to-target-international-customers/">Three ways UK retailers can utilise the post-Brexit GBP drop to target international customers</a> </li> </ul> tag:www.econsultancy.com,2008:BlogPost/68048 2016-07-13T14:39:00+01:00 2016-07-13T14:39:00+01:00 Personal data and privacy in the digital healthcare age Lori Goldberg <p>In the past I’ve used NikeID, which communicates with a chip inside my sneakers to track my run data.</p> <p>Confession: I once attended a digital media conference and entered a contest to log the most steps on the conference floor. I tied my step-counting device to my ceiling fan and let it go all night.</p> <p>For some, there is concern that personal health data can be hacked, stolen, or exploited for marketing purposes without consent.  </p> <p>For those of us in the digital advertising sector, we have a responsibility to be clear about where our data comes from, consumer protection laws, as well as the benefits of advancing our health through data collection.</p> <p>Given this, below is a brief summary of how personal body data is being collected, protected, and used in the digital advertising sector today.</p> <h3>Current state of digital privacy</h3> <p>In terms of digital marketing, <a href="https://econsultancy.com/reports/healthcare-study-organizing-marketing-in-the-digital-age/">healthcare and pharmaceutical sectors</a> have long worked under state and federal laws to protect sensitive personal health information.</p> <p>For example, <a href="https://econsultancy.com/blog/67498-digital-media-vs-hipaa-violations-risking-your-reputation-in-healthcare/">HIPAA, the Health Insurance Portability and Accountability Act</a>, works to protect confidentiality of patients and control the flow and purpose of information used by insurers.</p> <p>Additional laws are in place that govern how and when healthcare providers can contact patients for the purpose of selling new drugs and treatments.</p> <p>These laws typically boil down to intent: is the marketer protecting the public from health risk, or are they trying to make money?</p> <p><img src="https://assets.econsultancy.com/images/0007/7028/fitbit.jpg" alt="" width="700" height="466"></p> <p>If there is a health risk to an identified class of patients, their personal information is more likely to be accessed.</p> <p>Additionally, Google and the Federal Drug Administration protect consumers with a thorough legal-medical review (LMR) process of each ad campaign.</p> <p>The privacy of your personal health information generated by apps and websites (also known as Patient Generated Data) is largely protected by HIPAA if the data is tied to a personal identifier, such as a user account associate.</p> <p>However, it is important to note that apps are developed around the world and enforcement of HIPAA policy is difficult unless complaints are filed.</p> <p>In fact, eHealth presents a new challenge for HIPAA. In 2015, the Office of the National Coordinator for Health Information Technology (ONC) and HIPAA began a two-year project to understand the sector and draft new policy on this matter.</p> <p>Until then, consumers should not quickly assume that app developers – particularly those outside the U.S. – are storing secure, HIPAA-compliant data.</p> <h3>Wearable tech</h3> <p>With the recent introduction of wearable technology and smartphone apps accessing our bodies, our personal body data is being trusted to technology companies and app developers who operate largely based on their own privacy terms and conditions.</p> <p>Companies such as Apple have vigorously protected consumer data, however many app providers are relatively anonymous to the general public.</p> <p>They are vulnerable to data breaches, hacks, and their own marketing principles.</p> <p>Apple’s HealthKit and Health apps collect health and fitness data including heart rate, calories burned, cholesterol, and blood sugar.</p> <p><img src="https://assets.econsultancy.com/images/0007/7029/fitbit_2.jpg" alt="" width="700" height="500"></p> <p>They also can connect with healthcare providers to share lab results, medications, and more. The insight provided makes a doctor more informed about the holistic status of one's health; however fears of data security persist.</p> <p>Many of the free apps available for download will earn revenue by selling your data, which could be associated with your account or user name identifier.</p> <p>According to the <a href="http://blogs.wsj.com/digits/2014/09/09/as-apple-moves-into-health-apps-what-happens-to-privacy/">Wall Street Journal</a>, “many of the roughly 40,000 health apps and wearable devices on the market today make money by selling user data to marketers and other companies.”</p> <h3>Epidemiological data</h3> <p>Epidemiological data is patient-anonymous data that allows the medical community as well as marketers to better track disease outbreak, rises in specific types of illnesses, and more.</p> <p>For example, <a href="http://thomsonreuters.com/en/products-services/pharma-life-sciences/pharma-business-development/incidence-and-prevalence-database.html">the Incidence &amp; Prevalence Database</a> covers over 4,500 diseases, procedures, symptoms and other health issues for incidence, prevalence, morbidity, mortality, comorbidity, treated or diagnosed rates, cost and much more.</p> <p>Forecasting tools such as this allow pharmaceutical advertisers to concentrate efforts in predicting illness patterns and making treatments marketed and available at the right time and place.</p> <h3>Personal genomics</h3> <p>Personal genomics through DNA sequencing provides your body’s genetic information for use in predictive forms of medicine.</p> <p>This could reveal genetic links to cancer, inherited predisposition to disease such as Alzheimer’s, or even help a doctor determine which medications will be most effective in treating your illness.</p> <p>DNA sequencing is available from popular online companies such as 23andMe, sequencing.com, and deCODE.me.</p> <p>Laws have been enacted in some U.S. states and by the federal government, such as the <a href="https://en.wikipedia.org/wiki/Genetic_Information_Nondiscrimination_Act">Genetic Information Nondiscrimination Act</a> (GINA) to protect citizens from being discriminated against based on their genetic profile.</p> <p>This information, if attained by an insurer or employer, may identify the person as a health risk or insurance risk.</p> <p>In summary, respected companies such as Apple will fight to keep personal health info safe, but the far reaches of its App Store reveal thousands of anonymous tech companies that are vulnerable to data breach and are perhaps willing to sell your information for profit in exchange for free apps.</p> <p>Google and the FDA work to regulate advertising claims among pharmaceutical companies and healthcare providers who partner with agencies schooled in LMR best practices.</p> <p>The upside of this data is in predictive medicine and personal insight into your health and fitness, which is a huge benefit for many people.</p> <p><em><strong>July is Data Month here at Econsultancy, so be sure to check out <a href="https://hello.econsultancy.com/datamonth/?utm_source=econsultancy&amp;utm_medium=blog&amp;utm_campaign=econblog">our latest reports and blog posts</a>.</strong></em></p> tag:www.econsultancy.com,2008:BlogPost/67988 2016-07-08T15:48:00+01:00 2016-07-08T15:48:00+01:00 Can search revolutionize healthcare & the diagnosis of diseases? Patricio Robles <p>When you don't feel so well, what do you do? Millions upon millions of people turn to their favorite seach engines looking for information.</p> <p>In fact, approximately 1% of Google searches are related to medical symptoms.</p> <p>Google has been paying attention and this week, the search giant <a href="https://search.googleblog.com/2016/06/im-feeling-yucky-searching-for-symptoms.html">announced</a> that it will start displaying lists of conditions related to symptoms described in searches.</p> <p>For example, a search for "swollen joints" will return a list of conditions commonly associated with this symptom, such as arthritis.</p> <p>For some searches, Google will "also give you an overview description along with information on self-treatment options and what might warrant a doctor’s visit."</p> <p>The company says that "by doing this, our goal is to help you to navigate and explore health conditions related to your symptoms, and quickly get to the point where you can do more in-depth research on the web or talk to a health professional."</p> <p><img src="https://assets.econsultancy.com/images/0007/6391/symptom-search3.png" alt="" width="304" height="617"></p> <p>The information Google displays is based on health conditions that appear in search results and filtered against data the company collected from doctors for its <a href="https://econsultancy.com/blog/66672-semantic-search-the-future-of-search-marketing/">Knowledge Graph</a>.</p> <p>Google says doctors from Harvard Medical School and Mayo Clinic provided feedback "for a representative sample of searches."</p> <h3>A two-way street</h3> <p>Naturally, Google is quick to point out that despite its efforts to ensure accuracy, the information it displays is not a substitute for professional medical advice.</p> <p>But if it can successfully help consumers separate the wheat from the chaff when they turn to the web with worry about a cough or a rash, Google has the potential to make an imprint on the way consumers use the internet to take care of their health.</p> <p>Search's biggest contribution to healthcare, however, might not be how it can help consumers but rather how it can help healthcare professionals better serve their patients.</p> <p>Google rival Microsoft has been exploring whether data from its search engine, Bing, <a href="http://blogs.microsoft.com/next/2016/06/07/how-web-search-data-might-help-diagnose-serious-illness-earlier/">could one day help physicans diagnose illness earlier</a>.</p> <p>In a paper published in the <em>Journal of Oncology Practice</em>, Microsoft researchers described how they took anonymized Bing search logs to identify searches associated with individuals who had likely been recently diagnosed with pancreatic cancer.</p> <p>They then looked at these individuals' prior searches in hopes that they might identify queries that could have helped provide an earlier diagnosis.</p> <p>The results were quite remarkable...</p> <blockquote> <p>We find that signals about patterns of queries in search logs can predict the future appearance of queries that are highly suggestive of a diagnosis of pancreatic adenocarcinoma.</p> <p>We show specifically that we can identify 5 to 15 percent of cases while preserving extremely low false positive rates of as low as 1 in 100,000.</p> </blockquote> <p>Because this particular form of pancreatic cancer is fast-spreading and deadly, the ability to detect it even weeks earlier could mean the difference between life and death for a patient.</p> <p>There are obviously numerous privacy and ethical considerations that would need to be addressed before this research could be applied in the real world, but the authors of the journal article do believe there is potential. </p> <p>As Microsoft's Mike Brunker explained:</p> <blockquote> <p>They hope the positive results from the feasibility study will excite the broader medical community and generate discussion about how such a screening methodology might be used.</p> <p>They suggest that it would likely involve analyzing anonymized data and having a method for people who opt in to receive some sort of notification about health risks, either directly or through their doctors, in the event algorithms detected a pattern of search queries that could signal a health concern.</p> </blockquote> <p>While it could take some time for such a vision to be realized, the idea that one's web search history could be capable of saving his or her life is an exciting one and might eventually lead to advances that enable doctors to better serve their patients.</p> <p><em>For more on this topic, see:</em></p> <ul> <li><em><a href="https://econsultancy.com/reports/healthcare-study-organizing-marketing-in-the-digital-age/">Healthcare Study: Organizing Marketing in the Digital Age</a>.</em></li> <li><em><a href="https://econsultancy.com/blog/67881-seven-big-challenges-facing-healthcare-marketers/">Seven big challenges facing healthcare marketers</a>.</em></li> </ul> tag:www.econsultancy.com,2008:BlogPost/67991 2016-06-23T17:05:49+01:00 2016-06-23T17:05:49+01:00 What is the role of marketing agencies in data management? Stefan Tornquist <h4>Q. It seems like the industry press is continually heralding the decline of media agencies, but they seem to be very much alive. What’s your take on the current landscape? </h4> <p>For a very long time, agencies have been dependent upon using low-cost labor for media planning and other low-value operational tasks.</p> <p>While there are many highly-skilled digital media practitioners - strategists and the like - agencies still work against “cost-plus” models that don’t necessarily map to the new realities in omnichannel marketing.</p> <p>Over the last several years as marketers have come to license technology - data management platforms (DMP) in particular - agencies have lost some ground to the managed services arms of ad tech companies, systems integrators, and management consultancies. </p> <h4>Q. How do agencies compete?</h4> <p>Agencies aren’t giving up the fight to win more technical and strategic work.</p> <p>Over the last several years, we have seen many smaller, data-led agencies pop up to support challenging work - and we have also seen holding companies up-level staff and build practice groups to accommodate marketers that are licensing DMP technology and starting to take <a href="https://econsultancy.com/blog/65677-a-super-accessible-beginner-s-guide-to-programmatic-buying-and-rtb/">programmatic buying</a> “in-house.”</p> <p>It’s a trend that is only accelerating as more and more marketer clients are hiring Chief Data Officers and fusing the media, analytics, and IT departments into “centers of excellence” and the like.</p> <p><img src="https://assets.econsultancy.com/images/0007/6426/analytics.jpg" alt="" width="750" height="442"></p> <p>Not only are agencies starting to build consultative practices, but it looks like traditional consultancies are starting to build out agency-like services as well.</p> <p>Not long ago you wouldn’t think of names like Accenture, McKinsey, Infinitive, and Boston Consulting Group when you think of digital media, but they are working closely with a lot of Fortune 500 marketers to do things like DMP and DSP (demand-side platform) evaluations, programmatic strategy, and even creative work.</p> <p>We are also seeing CRM-type agencies like Merkle and Epsilon acquire technologies and partner with big cloud companies as they start to work with more of a marketer’s first-party data.</p> <p>As services businesses, they would love to take share away from traditional agencies. </p> <h4>Q. Who is winning?</h4> <p>I think it’s early days in the battle for supremacy in data-driven marketing, but I think agencies that are nimble and willing to take some risk upfront are well positioned to be successful.</p> <p>They are the closest to the media budgets of marketers, and those with transparent business models are really strongly trusted partners when it comes to bringing new products to market.</p> <p>Also, as creative starts to touch data more, this gives them a huge advantage.</p> <p>You can be as efficient as possible in terms of reaching audiences through technology, but at the end of the day, creative is what drives brand building and ultimately sales. </p> <h4>Q. Why should agencies embrace DMPs? What is in it for them?</h4> <h4>It seems like yet another platform to operate, and agencies are already managing DSPs, search, direct buys, and things like creative optimization platforms.</h4> <p>Ultimately, agencies must align with the marketer’s strategy, and DMPs are starting to become the single source of “people data” that touch all sorts of execution channels, from email to social.</p> <p>That being said, DMP implementations can be really tough if an agency isn’t scoped (or paid) to do the additional work that the DMP requires.</p> <p>Think about it: A marketer licenses a DMP and plops a pretty complicated piece of software on an agency team’s desk and says, “get started!”</p> <p>That can be a recipe for disaster. Agencies need to be involved in scoping the personnel and work they will be required to do to support new technologies, and marketers are better off involving agencies early on in the process. </p> <h4>Q. So, what do agencies do with DMP technology? How can they succeed?</h4> <p>As you’ll read in the new guide, there are a variety of amazing use cases that come out of the box that agencies can use to immediately make an impact.</p> <p>Because the DMP can control for the delivery of messages against specific people across all channels, a really low-hanging fruit is frequency management.</p> <p>Doing it well can eliminate anywhere from, 10-40% of wasteful spending on media that reaches consumers too many times.</p> <p>Doing analytics around customer journeys is another use case - and one that attribution companies get paid handsomely for.</p> <p>With this newly discovered data at their fingertips, agencies can start proving value quickly, and build entire practice groups around media efficiency, analytics, data science - even leverage DMP tech to build specialized trading desks. There’s a lot to take advantage of. </p> <h4>Q. You interviewed a lot of senior people in the agency and marketer space. Are they optimistic about the future? </h4> <p>Definitely. It’s sort of a biased sample, since I interviewed a lot of practitioners that do data management on a daily basis.</p> <p>But I think ultimately everyone sees the need to get a lot better at digital marketing and views technology as the way out of what I consider to be the early and dark ages of addressable marketing.</p> <p>The pace of change is very rapid, and I think we are seeing that people who really lean into the big problems of the moment like cross-device identity, location-based attribution, and advanced analytics are future-proofing themselves. </p> <p><em>Go <a href="http://hello.econsultancy.com/the-role-of-the-agency-in-data-management/">here to download the full report</a>.</em></p> tag:www.econsultancy.com,2008:BlogPost/67911 2016-06-14T14:22:59+01:00 2016-06-14T14:22:59+01:00 How often your website needs a security audit & what you need to check Bart Mroz <p>In fact, President Obama recently stated that <a href="https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know">hacking of U.S. businesses</a> is an increasing threat and provided information on how to better protect against attacks.</p> <p>Still, most companies conduct a security audit and backup only when they absolutely have to.</p> <p>Little do they know that hacking today is more present and sophisticated than ever, so website security testing is no longer an option, it is a necessity.</p> <p>The question of how often you should conduct a website security audit is vague.</p> <p>Ideally, you should download a security system that manages this for you and verifies your site’s safety automatically so that you do not have to worry about upkeep.</p> <p><em>Security</em></p> <p><img src="https://assets.econsultancy.com/images/0007/5873/security.jpg" alt="" width="558" height="458"></p> <p>Additionally, there are various security-related tasks you should keep in mind when taking preventive action to secure your website against malicious attacks.</p> <p>Here are a few ways to stay ahead:</p> <h3><strong>Regular scanning</strong></h3> <p>Check your website regularly and test all links to ensure identity thieves and hackers have not introduced malware into advertisements, graphics or other content provided by third parties.</p> <p>Unique pieces of malware were <a href="http://www.cnbc.com/2016/04/11/three-fourths-of-websites-are-at-risk-of-malware-study.html">up 36% last year</a> so you need to schedule monthly or even weekly scans.</p> <p>If a link has been compromised then your customers can be the target of bait links which lead to major problems that you do not want to be accountable for.</p> <h3><strong>Penetration testing</strong></h3> <p>If you store any type of valuable information such as customer contact information, transactional data or proprietary information, these are all high-value targets for hackers.</p> <p>Consider hiring cybersecurity consultants or ethical hackers to identify vulnerabilities in the code that basic software security programs alone cannot discover.</p> <p>Companies that did this in a study by WhiteHat Security saw a <a href="https://info.whitehatsec.com/rs/whitehatsecurity/images/2015-Stats-Report.pdf">decrease of 65% in vulnerabilities</a>. In today’s increasingly connected world, it is important to preemptively find weaknesses before hackers do.</p> <h3><strong>Integrating advanced security apps</strong></h3> <p>While you should never keep unnecessary customer data on the backend of your site, it is smart to utilize the right application scanning tools to help you identify vulnerabilities in your system.</p> <p>These should identify everything from <a href="https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29">Cross-Site Scripting (XSS)</a> to vulnerabilities inside debug code and leftover source code that could put your data and your customers’ confidential data at risk.</p> <p>There are advanced threat protection apps from security companies such as Symantec that you can use to check your website’s security; it runs through every aspect of your website without disrupting service so your users are still able to navigate smoothly.</p> <p>While running in the background, these programs periodically check to make sure that your site remains functional and intact.</p> <p>Some common security threats that your security app should be checking include:</p> <ul> <li>SQL Injection</li> <li>XSS (Cross-Site Scripting)</li> <li>File Disclosure</li> <li>Remote File Inclusion</li> <li>PHP/ASP Code Injection</li> <li>Directory Traversal</li> </ul> <h3><strong>Why go secure?</strong></h3> <p>Having a secure website can help you in many ways. Other than just giving you peace of mind, it will also make your customers feel much safer during their visits – which is especially true for ecommerce sites that are high risk. </p> <p>According to TNS Research, common customer concerns include:</p> <ul> <li>87% of online shoppers are concerned about credit card fraud</li> <li>85% of shoppers are concerned about identity theft</li> <li>83% are concerned about sharing personal information</li> <li>77% are concerned about spyware</li> </ul> <h3><strong>Don’t underestimate the dangers</strong></h3> <p>Many site owners believe that viruses usually hit personal computers so securing their websites is not a priority.</p> <p>However, having a site taken down by malicious activity can cost you thousands of dollars and large quantities of important data, not to mention lost sales and customer confidence.</p> <p>About <a href="http://www.scmagazine.com/whitehat-security-release-website-security-statistics-report/article/416402/">55% of retail sites</a> are “always vulnerable”, meaning that they are at serious risk of getting hacked by criminals. Maintaining normal and reasonable security is not expensive but getting hacked is.</p> <p>Regularly checking the security of your website with an audit is an essential part of operating a successful website that is safe from malicious threats.</p> <p>The dangers are interminable and the downfalls that can come from getting attacked can be very costly. If you haven’t already taken steps to increase your website’s security, now is the time.</p> <p>If done correctly, it will help protect both you and your customers from attacks.</p> <p>The time you save from preemptive measures is worth far more than the amount of time that you’ll invest to resolve a security threat when it occurs.</p> <p>Most importantly, you’ll be able to sleep well at night knowing that your website is as secure as can be.</p> tag:www.econsultancy.com,2008:BlogPost/67881 2016-05-26T13:42:32+01:00 2016-05-26T13:42:32+01:00 Seven big challenges facing healthcare marketers Patricio Robles <h3>1. Digital underinvestment</h3> <p>By some estimates, healthcare spending in the US is close to 20% of GDP, but healthcare marketers aren't funneling much of their marketing dollars into digital. </p> <p><a href="https://econsultancy.com/blog/67131-pharma-s-mobile-social-efforts-aren-t-as-healthy-as-they-should-be">According to</a> Deloitte Consulting, healthcare and pharma marketers spent just $1.4bn on digital ads, a figure that lags marketers in other industries.</p> <p><img src="https://assets.econsultancy.com/images/0006/8525/deloitte1.jpg" alt=""></p> <p>One of the consequences of this digital underinvestment is that this has created opportunities for third parties to become the go-to resources for consumers and physicians looking for healthcare information online.</p> <p>This is despite the fact that, in many cases, healthcare marketers' organizations have valuable, proprietary data and content.</p> <h3>2. Measurement &amp; metrics</h3> <p>While measurement is top-of-mind for most marketers, it hasn't been as important in healthcare because of the role marketing has played historically in healthcare organizations.</p> <p><a href="https://econsultancy.com/blog/67863-healthcare-marketers-making-progress-on-measurement-metrics/">That's changing</a>, and many organizations have adopted a number of sensible growth and brand-related metrics.</p> <p>But adoption of metrics related to stakeholder engagement and marketing communications, including patient satisfaction and paid media, are still undervalued, which can make it more difficult for healthcare marketers to "connect the dots."</p> <p><img src="https://assets.econsultancy.com/images/0007/5068/hccforating.png" alt=""></p> <h3>3. Market structure</h3> <p>Healthcare is not a typical market. In the US, few consumers pay directly for care and drugs; instead, third parties like insurers pay the bills and control where, when and how consumers access the healthcare system.</p> <p>For marketers, this presents a number of challenges. One of the biggest: even if you can persuade a consumer that your hospital provides the highest quality of care or that your drug is the most effective, the consumer might not be able to access your product or service.</p> <p>So in many cases, healthcare marketers find themselves playing a game of triangulation involving consumers and care providers, like hospital systems and physicians.</p> <p>For obvious reasons, this makes developing an effective marketing strategy a more complicated proposition.</p> <h3>4. The trust gap</h3> <p>The healthcare industry, and pharma in particular, doesn't have the best reputation thanks in part to <a href="https://econsultancy.com/blog/67590-can-targeted-social-ads-help-pharma-overcome-drug-pricing-controversy">controversies over subjects like drug pricing</a>.</p> <p>That has created a trust gap in which consumers as well as physicians are less likely to trust ads and information that come from healthcare marketers.</p> <p><img src="https://assets.econsultancy.com/images/0006/8526/deloitte2.jpg" alt="" width="635" height="467"></p> <p>To rectify this, healthcare marketers <a href="https://econsultancy.com/blog/67747-pharma-marketers-should-use-storytelling-to-improve-the-industry-s-reputation">will need to become more adroit at storytelling</a>.</p> <p>Unfortunately, as Alexandra von Plato, group president of North America for Publicis Healthcare Communications Group, has observed, "We neglect the origin story. Instead we run these dumb ads," referring to the ubiquitous and oft-parodied television ads promoting prescription drugs.</p> <h3>5. Lawmakers</h3> <p style="font-weight: normal;">Those <a href="https://econsultancy.com/blog/67227-ban-on-consumer-ads-could-make-pharma-s-digital-shortcomings-more-costly">"dumb ads" haven't made fans of physicians</a>, and the aforementioned drug pricing controversy has made pharma companies Enemy #1 for some lawmakers in the US.</p> <p style="font-weight: normal;">That could soon have a dramatic impact on healthcare marketers as lawmakers consider reigning in how healthcare marketers promote their wares to professionals and the public.</p> <p style="font-weight: normal;">Given how reliant pharma marketers in particular have become on television ads, and how underinvested they are in digital, greater restrictions on advertising could make life very difficult.</p> <h3>6. HIPAA</h3> <p>Consumer adoption of wearables is growing but healthcare marketers are struggling to take advantage of wearable opportunities.</p> <p><a href="https://econsultancy.com/blog/67074-is-the-healthcare-industry-prepared-for-wearables">There are a number of reasons for this</a>, but one might be HIPAA, the Health Insurance Portability and Accountability Act, which regulates the use of Protected Health Information (PHI).</p> <p>Healthcare organizations regulated by HIPAA <a href="http://www.healthcareitnews.com/news/are-wearables-violating-hipaa">must receive consent</a> from patients before their PHI is used for marketing purposes, and there are many grey areas, particularly as far as innovative technologies such as wearables are concerned.</p> <p>That means healthcare marketers realistically don't have the same flexibility as marketers in other industries that aren't subject to HIPAA.</p> <h3>7. Data</h3> <p>Out of necessity, healthcare organizations may be adept at dealing with issues related to data security.</p> <p>However, as a recent Econsultancy and Ogilvy CommonHealth report - <em><a href="https://econsultancy.com/reports/healthcare-study-organizing-marketing-in-the-digital-age/">Organizing Healthcare Marketing in the Digital Age</a> -</em> discovered, a majority are unprepared to deal with emerging data sources or to collect high volumes of data at speed.</p> <p>Furthermore, a surprising large number of organizations (44%) aren't even prepared to use their CRM data in marketing campaigns.</p> <p><img src="https://assets.econsultancy.com/images/0006/7696/Screen_Shot_2015-10-05_at_18.50.56.png" alt=""></p> <p>Because effective collection and use of data is increasingly integral to successful digital marketing, healthcare marketers' capabilities around data will need to improve.</p> tag:www.econsultancy.com,2008:BlogPost/67840 2016-05-23T14:29:29+01:00 2016-05-23T14:29:29+01:00 Highly targeted online ads don't work: Stanford researchers Patricio Robles <p>Eilene Zimmerman <a href="http://www.gsb.stanford.edu/insights/pedro-gardete-real-price-cheap-talk">explains</a>...</p> <blockquote> <p>In this case, the researchers were looking at cheap talk in retail, for example, an ad promising 'Lowest Prices in Town'.</p> <p>That can be credible when it’s used to draw in appropriate customers; in this case, those who are price sensitive.</p> </blockquote> <p>At the same time...</p> <blockquote> <p>They found that the most personalized ads were less effective because consumers worried they were being exploited.</p> <p>For example, says [Stanford Graduate School of Business professor Pedro Gardete], someone looking for a prom dress 'might get an ad from a retailer saying, "We have a wide selection of prom dresses! Click on this link!" The consumer clicks, and it turns out the retailer has dresses for all occasions but not specifically proms,' says Gardete.</p> <p>Those kinds of ads frustrate consumers and eventually become meaningless to them.</p> </blockquote> <p>Based on this, Gardete suggests that businesses might adopt a "less is more" approach in which less information is collected, information collection is more transparent, and targeting is used more sparingly. </p> <h3>Theory versus reality</h3> <p>While there's no doubt that a growing number of consumers are concerned about their privacy and how marketers are using information to track and target them, given the continued level of interest and investment in targeting tech and targeted ad offerings, does the researchers' model actually reflect reality?</p> <p>Obviously, a hypothetical retailer falsely promoting that it has a wide selection of prom dresses when it doesn't isn't likely to see good results, <strong>but this isn't how most experienced digital marketers are operating.</strong></p> <p>Instead, <a href="https://econsultancy.com/blog/64099-what-is-retargeting-and-why-do-you-need-it/">retargeting</a> (and <a href="https://econsultancy.com/blog/10194-the-roi-of-personalisation-infographic">personalisation</a>) are widely seen to drive ROI in the real world.</p> <p>As an example, AdRoll, a performance marketing platform provider, detailed <a href="https://www.adroll.com/sites/default/files/resources/pdf/case-study/AdRoll%20Case%20Study%20-%20Chubbies.pdf">in a case study</a> (PDF) how one apparel retailer used retargeting to deliver a 10.5x average ROI, 13% conversion lift and 33% lower CPA than average for other apparel retailers.</p> <p><a href="https://econsultancy.com/blog/64980-put-your-email-list-to-work-facebook-custom-audiences">Facebook Custom and Lookalike Audiences</a> have delivered similarly impressive results.</p> <p>Crowdfunding platform Tilt <a href="https://www.facebook.com/business/success/tilt">doubled</a> its conversion rate using Custom Audiences, and lowered its mobile cost per install by 30% using Lookalike Audiences.</p> <p>And Hospitality giant MGM <a href="https://www.facebook.com/business/success/mgm-resorts-international">realized</a> a greater than 5x return on spend using Custom Audiences.</p> <p>Needless to say, any specific marketer's mileage will vary, but on the whole, marketers are becoming more and more adept at targeting consumers online and doing so to good effect. </p> <p>That doesn't mean that marketers should rely on targeted ads exclusively, and the Stanford research is a reminder that targeted ads need to deliver what they promise to consumers.</p> <p>But targeted ads are here to stay because they work well enough of the time, even if <a href="https://econsultancy.com/blog/67830-young-users-aren-t-fans-of-targeted-social-ads-report/">many consumers say they don't like them</a>.</p> tag:www.econsultancy.com,2008:BlogPost/67784 2016-04-27T11:06:15+01:00 2016-04-27T11:06:15+01:00 EU data laws: An update on GDPR & Privacy Shield Todd Ruback <p>The controversial Apple and FBI matter – where the FBI sought to compel Apple to unlock an old iPhone model as part of a domestic terrorism investigation – has already become old news.</p> <p>In the EU, terrorism in Brussels and Paris is forcing uncomfortable and morally difficult conversations about security, privacy, and fundamental human rights. </p> <p>While I am optimistic that we will arrive at a good place, the EU is enacting a flurry of powerful new privacy laws that will impact us all.</p> <h3>General Data Protection Regulation (GDPR)</h3> <p>On the 14<sup>th</sup> April 2016, the EU Parliament <a href="https://econsultancy.com/blog/67540-what-is-the-eu-general-data-protection-regulation-gdpr-why-should-you-care/">formally adopted the GDPR</a>; another legislative step in the multi-year process to overhaul the EU’s disparate data protection laws. </p> <p>The next step will be for the GDPR to be officially published, translated, and put to print in the Official Journal of the European Union, hopefully by June.</p> <p> Just 20 days following that, the two-year countdown to the GDPR taking effect will commence. </p> <p>As the GDPR winds its way through the end of this legislative process, it’s important to note how much work organisations will have to complete during this small two-year window. </p> <p>It will strengthen the individual’s control over their personal data by new rights that will be bestowed upon EU citizens, such as the right to data portability and the right to be forgotten (erasure).</p> <p><img src="https://assets.econsultancy.com/images/0007/4342/The_EU.jpg" alt="" width="800" height="600"></p> <p>On the flip side, organisations will have new codified obligations to honour the individual’s rights, and these obligations will force companies to create new privacy-centric business processes – no easy task in the best of times. </p> <p>For example, the quaint notion of “bundled” consent – those dense, unreadable Terms and Conditions buried in the footer of a site that say use of the website constitutes consent to the company’s data practices – is non-existent. </p> <p>In it’s place, companies are going to have to give prominent notice and obtain a user’s consent when a person visits their website.</p> <p>Other changes include more transparent privacy policies and the requirement to have processes for a person to access, review, and correct their personal data, as well as request that data can be easily transferred or taken from one service provider to another.</p> <p>All of this, and more, needs to be considered, created, tested, and put in place by the time the GDPR takes effect. That means you need to start now.</p> <p><strong>Why is this important?</strong> </p> <p>Namely because the EU’s data protection authorities have enhanced new enforcement powers that include the ability to penalise an organisation up to €20m or 4% of it’s annual global turnover, whichever is greater.</p> <h3>Privacy Shield </h3> <p>While the GDPR’s impact will be huge, at the same time, the evolution of the digital world continues to sprint forward. </p> <p>Similar to the Berlin Wall, digital borders have come crashing down; allowing for the natural flow of data between Member States but also between the EU and US, its largest trading partner. </p> <p>Both economies are in fact dependent upon this fundamental notion. </p> <p>However, the fledgling Privacy Shield – a heavily negotiated replacement to <a href="https://econsultancy.com/blog/67144-safe-harbor-2-0-an-update-on-eu-privacy-law/">the invalidated US Safe Harbor Program</a> – recently received a tepid review by the Article 29 Working Party (WP29).</p> <p><img src="https://assets.econsultancy.com/images/0007/4343/safe_harbor.png" alt="" width="351" height="144"></p> <p>The Privacy Shield at the highest level is a mechanism that allows organisations to transfer personal data about EU citizens to companies in the US. </p> <p>It’s needed because the EU, for a host of reasons, has not recognised the US as a country that has “adequate” data protection laws, although the US does in fact heavily regulate data protection through a variety of laws and robust enforcement. </p> <p>But because of this political fact, a negotiated agreement that created a mechanism needed to be put in place, thus the Safe Harbor Program (which became obsolete), and now the Privacy Shield.</p> <p>Although many thought-leaders have concluded that the Privacy Shield provides essentially equivalent levels of data protection as EU law, the WP29 has chosen a more cautious route, one that whilst not rejecting it, also doesn’t endorse it. </p> <p>I anticipate the Privacy Shield will be heavily challenged in the EU courts, but that it will ultimately prevail. </p> <p>Any other result would have a tremendous negative impact on both economies, which no reasonable person could want.</p> <h3>ePrivacy Directive </h3> <p>On the 12<sup>th</sup> April 2016, the European Commission began its comprehensive review of <a href="https://econsultancy.com/reports/the-eu-cookie-law-a-guide-to-compliance/">the ePrivacy Directive</a>. </p> <p>Some call it the cookie law, which requires companies to give notice and get consent before they use any sort of tracking technologies or analytics tools when you visit their sites. </p> <p>The Directive also restricts how telecom providers can treat or move electronic communications. The review aims to close any potential gaps between the ePrivacy Directive and the GDPR.</p> <p>As a stakeholder in the process, I am aware how important it is to get it right. </p> <p>Of concern to me is the separate notice and consent requirement the ePrivacy Directive has from the GDPR. </p> <p>But I am also confident that the distinct transparency requirements between the two laws can be merged so the consumer can be well informed and make meaningful decisions that are best for themselves.</p> tag:www.econsultancy.com,2008:BlogPost/67718 2016-04-14T11:01:52+01:00 2016-04-14T11:01:52+01:00 Key trends in online identity verification (so everybody knows you're a dog) Danny Bluestone <h3>Using our ‘real’ identities online</h3> <p>Online anonymity is waning. A user’s digital behaviour never used to be closely connected across the web, nor did it connect to their offline lives.</p> <p>Technically, there were also fewer plug-and-play solutions like <a href="https://econsultancy.com/blog/61911-the-pros-and-cons-of-a-facebook-login-on-ecommerce-sites/">Facebook Connect</a>, which can follow and connect users’ activities across the Internet. </p> <p>The desire for anonymity hasn’t completely disappeared. But, as the social web has grown, people have become happier to use their ‘real’ identities online. Some social networks are even throwing their influential power behind ‘authentic’ identities to make their platforms more credible and secure.</p> <p>For instance, Twitter issues verified account status to key individuals and brands who are highly sought after. This helps users differentiate and validate if specific accounts are credible. </p> <p>Furthermore, the boundaries between social and commercial websites are blurring. Some users submit real-name <a href="https://econsultancy.com/blog/67117-analysing-amazon-s-palliative-approach-to-fake-reviews/">reviews on Amazon</a> and other ecommerce sites like Etsy, where authenticity can increase sales by generating confidence from customers. </p> <p><em>"<a href="https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_you%27re_a_dog">On the internet, nobody knows you're a dog</a>"</em></p> <p><img src="https://assets.econsultancy.com/images/0007/3930/dog.jpg" alt="dog" width="500"></p> <h3>The rise of identity verification services</h3> <p>So, identifying people online – and confirming that information against their ‘real’ selves – is becoming increasingly important. </p> <p>Verification is required by a surprising amount of digital businesses: from purchasing products and applying for services, to social networking platforms, where users’ authenticity is built into the experience.</p> <p>It’s consequently no surprise that the technology behind identity verification services is constantly evolving, while balancing two critical, and often competing, factors: security and user experience.</p> <p>Last year alone ecommerce fraud <a title="rose by 19%" href="http://www.infosecurity-magazine.com/news/uk-online-banking-fraud-soars-64/" target="_blank">rose by 19%</a> and online banking losses soared by 64%, compared to 2015. High-profile <a href="https://www.marketingweek.com/2015/10/30/the-talktalk-hack-shows-why-every-brand-must-take-customer-data-seriously/">data breeches at TalkTalk</a> and Sony have made consumers more aware of the security threats.</p> <p>Yet users are still incredibly fickle. They will go elsewhere if the verification stage of a purchase or online account setup is too lengthy or rigid regarding which proofs of identification are acceptable. </p> <p><em>TalkTalk website</em></p> <p><img src="https://assets.econsultancy.com/images/0007/3932/Screen_Shot_2016-04-14_at_10.36.35.png" alt="talktalk" width="615"></p> <h3>Trends in verification solutions</h3> <p>Exposing more personal information about ourselves and revealing our true identities online opens up great opportunities and risks. Organisations must navigate (and mitigate) these for their users.</p> <p>Consequently, a number of solutions have emerged to validate who we are online.</p> <p><strong>Two-Step Verification</strong></p> <p>Creating a username and password to access specific websites is the most familiar online identity system. But, we’ve known it’s a broken process for years. </p> <p>It’s too difficult to create and manage unique, elaborate passwords for each online account we have. And even the idea that a ‘strong password’ can protect us is now a fantasy, with hackers regularly breaking into computer systems and releasing username and password data.</p> <p>Worse than this, plenty of us <a title="daisy-chain accounts" href="http://www.wired.com/2012/11/ff-mat-honan-password-hacker/all/" target="_blank">daisy-chain accounts</a> to our main email address; creating a single point of failure for hackers to exploit, gaining entry to countless more with ease. </p> <p>The most common solution is two-factor authentication: requesting knowledge (such as an alphanumerical ‘secret’) and possession (adding a physical level) for a user to verify themselves. Cash machines were the original implementation of this idea, requiring possession of a physical card and remembering a secret PIN. </p> <p>The trick is establishing a second, physical authenticator that is secure, but doesn’t inconvenience the user.</p> <p>For example, many companies have avoided the delay and cost of issuing unique physical tokens (such as a key fob, or card reader); instead, asking users to add a mobile contact number and enter unique codes sent via SMS. </p> <p><img src="https://assets.econsultancy.com/images/0007/3931/Screen_Shot_2016-04-14_at_10.27.47.png" alt="two step verification" width="615"></p> <p><strong>Biometric Verification</strong></p> <p>Biometric technology can streamline the second step in two-factor authentication. Fingerprint data is the clear favourite, as a particularly elegant solution for unlocking smartphones.</p> <p>Promoted by Apple and Samsung, it requires investment from device manufacturers to install the sensors and secure partners willing to use the channel for purchase, like PayPal. </p> <p>Concerns about storing such sensitive data has been addressed with both companies storing an encrypted mathematical model instead of the fingerprint images. But as a <a title="Mashable hack" href="http://mashable.com/2013/09/25/video-hack-apple-touch-id/#KhNkh0x3zZqo" target="_blank">Mashable hack</a> revealed, people leave copies of their fingerprints everywhere – and lifting a copy can be used to unlock devices. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3706/econsultancy-touchid3-blog-flyer.jpg" alt="" width="470" height="265"></p> <p><em>To set up Apple’s TouchID, users repeatedly tap the phone’s sensor so it can map a single fingerprint that will unlock the phone. </em></p> <p>Some businesses are even exploring more outlandish models. Amazon recently filed a patent application for <a title="payment by selfie" href="http://www.independent.co.uk/news/business/news/amazon-files-patent-to-offer-payment-with-a-selfie-a6931861.html" target="_blank">payment by selfie</a>.</p> <p>Preventing fraudsters using a photo to pose as another, the proposed system would involve its own two-step process. One photo would be taken to confirm identity. Users would be asked to subtly adjust their position, then a second photo would ensure their proximity to the device.</p> <p>MasterCard has already trialled facial recognition technology, ensuring users are actually there with a blink instead. 83% of those tested believed it felt secure.</p> <p>The company has even proposed <a title="heartbeat recognition" href="http://www.theverge.com/2016/2/23/11098540/mastercard-facial-recognition-heartbeat-security" target="_blank">heartbeat recognition</a> as an alternative, integrating sensors that can read people’s electrocardiogram, or the unique electrical signal their heart produces.</p> <p> <img src="https://assets.econsultancy.com/images/resized/0007/3695/econsultancy-mastercard-blog-flyer.jpg" alt="" width="470" height="267"></p> <p><em><a title="MasterCard's selfie pay system" href="http://newsroom.mastercard.com/latin-america/photos/mastercard-identity-check-selfie-pay-en-mobile-world-congress/" target="_blank">MasterCard’s selfie pay system</a> was available to test at Mobile World Congress, Barcelona. </em></p> <h3>National service verification</h3> <p>Demand for access to government services online is rising – but verification is particularly critical for national schemes.</p> <p><a title="CitizenSafe" href="https://www.citizensafe.co.uk/" target="_blank">CitizenSafe</a>, one of <a href="https://econsultancy.com/blog/65774-gov-uk-the-government-s-website-is-better-than-yours/">GOV.UK</a>’s certified identity verification providers commissioned a <a title="YouGov survey" href="http://digitalmarketingmagazine.co.uk/digital-marketing-news/govuk-verify-partner-citizensafe-launches-consumer-awareness-campaign-with-cyber-duck/3239" target="_blank">YouGov survey</a> that found 61% of full-time workers (and 64% students) believed online identity verification was the most convenient option for them. </p> <p>Hailed by the UN for providing the world’s best e-Government content, <a title="Estonia's service provision" href="http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/" target="_blank">Estonia’s service provision</a> rests on centralised unique personal identification codes, given at birth. Microchipped ID cards with this code enable users to sign things online and use a range of digital services from online banking to voting.</p> <p>But, such comprehensive nationalised schemes have faced concerns from privacy and civil liberties groups.</p> <p>Instead, countries like the UK and US are adopting a verification approach that checks who the user is against physical sources, such as passports, utility bills or drivers licence. These sources aren’t centrally stored, so no department or individual knows everything about you.</p> <p>Transitioning from public beta to live next month, <a title="GOV.UK Verify" href="https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify" target="_blank">GOV.UK Verify</a> is the UK’s solution to accessing national services easily (yet securely) online. GOV.UK certified a variety of identity verification companies, like CitizenSafe, to verify users’ identities on the Verify portal. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3704/govukverify2-blog-flyer.jpg" alt="" width="470" height="255"></p> <p><em><a title="GOV.UK Verify" href="https://identityassurance.blog.gov.uk/2016/04/06/new-certified-companies-now-connected-to-gov-uk-verify/" target="_blank">GOV.UK Verify</a> empowers you to choose from a range of certified companies to verify your identity. </em></p> <p>Users complete the online verification process just once to create an account they can use to quickly and easily access a multitude of government services, such as tax returns, benefits and allowances. </p> <p>Furthermore, two-factor authentication is used when users login to their online account, needing to enter a user ID and password as well as a code sent to a stored phone number.</p> <h3>New data storage solutions</h3> <p>Whatever identification solution is used, a critical question remains around how personal data is stored to safeguard it against hackers.</p> <p>Even if hackers can’t access your credit card details, obtaining your home address, date of birth, contact details and other personal data could give them enough to access, change or use a multitude of your online accounts, posing a serious risk.</p> <p>One of the recent solutions to overcome this issue is blockchain technology. Initially developed as a ledger for bitcoin transactions, blockchain is an incredibly secure distributed database where no single organisation (or individual) holds all information.</p> <p>Blocks of data are added sequentially, embedded using a ‘hash’ of the block just before it. CoinDesk explains how this acts as a <a title="digital version of a wax seal" href="http://www.coindesk.com/information/how-bitcoin-mining-works/" target="_blank">'digital version of a wax seal’</a>, confirming data is legitimate and hardening the chain against tampering and revision.</p> <h3>Summary</h3> <p>Connecting our digital services and activities with our ‘real’ offline identities has significant implications for our safety.</p> <p>Leveraging the myriad of new technologies and systems available, businesses have some choice and must balance the security of user data with providing a seamless service, or users will look elsewhere. </p> <p>Whatever approach you choose, communication with customers throughout their experience is the key. For instance, users may be reluctant to give you their mobile number during an <a href="https://econsultancy.com/blog/64385-how-to-attract-registrations-without-creating-a-barrier-to-checkout/">online sign-up</a> if you don’t explain that it’s for a two-step identity verification process that will protect their identities.</p> <p>Carefully considered communication, on the other hand, is likely to make users tolerate a slightly more elaborate on-boarding process in the interest of keeping their data safe.</p> tag:www.econsultancy.com,2008:BlogPost/67668 2016-04-04T14:25:51+01:00 2016-04-04T14:25:51+01:00 Data can be toxic, here's how companies should handle it Patricio Robles <p>Schneier <a href="https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html">blames</a> the "hype cycle of big data" on the risks that have been created...</p> <blockquote> <p>Companies and governments are still punch-drunk on data, and have believed the wildest of promises on how valuable that data is.</p> <p>The research showing that more data isn't necessarily better, and that there are serious diminishing returns when adding additional data to processes like personalized advertising, is just starting to come out.</p> </blockquote> <p>He also points out that many companies underestimate the risks and impacts of data breaches and overestimate their ability to mitigate against them.</p> <p>And in some cases, Schneier believes, companies choose to take unreasonable risks with data because they're encouraged to.</p> <p>"The culture of venture-capital-funded startup companies is one of extreme risk taking," he argues.</p> <blockquote> <p>[These companies] are so far from profitability that their only hope for surviving is to get even more money, which means they need to demonstrate rapid growth or increasing value.</p> <p>This motivates those companies to take risks that larger, more established, companies would never take. They might take extreme chances with our data, even flout regulations, because they literally have nothing to lose.</p> </blockquote> <h3>Realistic versus unrealistic solutions</h3> <p>Not surprisingly, as a security expert and privacy advocate, Schneier wants greater regulation of data "collection, storage, use, resale and disposal" and even suggests that certain business practices that involve "surveilling people" be made illegal.</p> <p>Ostensibly, this includes much of the activities associated with digital advertising.</p> <p>While greater regulation around data is indeed likely given the growing number of costly breaches, it's highly unlikely that large swaths of the big data economy will be rendered illegal.</p> <p>Even so, companies shouldn't ignore Schneier's arguments.</p> <p>Data is digital black gold and it's similar to the black gold that comes out of the ground. That black gold, when controlled, fuels the industrial economy, but when spilled, is the source of environmental disaster.</p> <p>Likewise, digital black gold <a href="https://econsultancy.com/blog/67674-what-are-first-second-and-third-party-data/">fuels the internet economy</a>, but can also be the source of disaster when it leaks.</p> <h3>What companies should do</h3> <p>So what should companies do to avoid disaster? Here are several suggestions.</p> <h4>1. Develop a data strategy</h4> <p>In most cases, companies aren't collecting more and more data because storing it is so cheap. Many are storing all the data they can get their hands on because they don't have <a href="https://econsultancy.com/blog/67296-how-to-create-a-clear-data-strategy-for-your-business/">a data strategy</a>.</p> <p>Without a strategy, decision makers will favor storing any and all data in the hope that they might develop a use for it later on.</p> <p>In reality, "we don't know if we'll need it therefore we'll keep it" is typically a poor excuse for data collection and retention, the result of laziness and not true lack of knowledge.</p> <h4>2. Develop data acquisition and retention policies</h4> <p>With a data strategy in place, companies can create sensible data acquisition and retention policies.</p> <p>Such policies can ensure that they have the data they need to meet business goals while reducing the risk that they're storing data that they don't need, or storing data in ways that are unnecessarily risky.</p> <h4>3. Treat data differently</h4> <p>Sensible data and retention policies will inherently reflect the fact that data differs in nature.</p> <p>For example, data that contains personally identifiable information (PII) isn't the same as data that doesn't contain PII, and should be handled and stored differently as a result. </p> <h4>4. Embrace compliance and risk management</h4> <p>Certain types of data are already subject to regulation.</p> <p>For instance, in the US, some health information is protected by <a href="https://econsultancy.com/blog/67498-digital-media-vs-hipaa-violations-risking-your-reputation-in-healthcare/">Health Insurance Portability and Accountability Act (HIPAA) rules</a>.</p> <p>Companies subject to these rules should see compliance as an opportunity to ensure that they're taking all the steps they can to secure their data.</p> <p>Even companies that aren't subject to government regulation have the opportunity to embrace data security through risk management.</p> <p>It's now possible to acquire data breach insurance, and companies that opt to do so can use the process as a means to implement data security best practices.</p>