Securing consumer data in the age of personalisation
By Dave O’Flanagan, Chief Product Officer, Sitecore
With stories of data leaks an almost daily occurrence, it’s becoming harder for consumers to have faith that brands are putting in the measures to protect sensitive information. Yet, brands are collecting more data than ever before in order to build personalised content that drives positive customer experiences. The emergence of technologies such as Generative AI, which are reliant on vast amounts of data to learn and grow, will compound this need to hoover up this information. But, with a greater reliance on data comes greater concerns around privacy and security.
Brands now face an increasingly tricky balancing act between consumer demands for personalisation and security and – with reputations on the line – creating harmony between the two has never been more important. It all relies on a much needed value exchange to occur between brand and consumer – and for this to happen trust is key.
A trust-building exercise
It’s obvious that for brands and retailers, security and trust matters. If consumers don’t trust a brand or retailer’s digital offering, then they won’t interact or purchase from it. Research from Okta highlights that 85% of consumers are unlikely to purchase from a brand they don’t trust. Every time a consumer interacts or purchases from a brand online they are essentially trusting them with their personal information. Whether it’s dates of birth, credit card details or shoe sizes, the brand has a duty to keep this data safe and secure.
In an ideal world, businesses should only collect vital customer data, limit who has access to this data and implement a strong data management strategy around its storage. At every stage of the data sharing and storage process it should be encrypted. This is something we do at Sitecore, in fact we never actually see any external data that is shared with us. It is all encrypted. These steps all act to reduce the attack surface, limiting the risk of data breaches and keeping end-customers safe.
Putting in place the correct security controls not only keeps customer data safe, it also builds the trust necessary to deliver the personalised experiences that consumers are looking for. In fact, from our own research, we know that 70% of consumers say brands should connect with them on a personal level.
Regulation is on the rise
To help brands and retailers manage their approach to data gathering, we’ve seen a raft of regulations put in place, perhaps most famously (on infamously) is the European Union’s General Data Protection Regulation (GDPR).
Across Europe, GDPR was originally introduced five years ago to protect consumers from having their data shared and sold across the internet without their consent. By and large, GDPR has been a success. It has sparked significant improvements in the governance, monitoring, awareness, and decision-making regarding the use of consumer data. Because of the regulation, businesses worldwide were forced to take a closer look at their approach to consumer data privacy and security.
However, many argue that the solution put in place to attain consumer approval for data sharing has led to a clunky experience. With disruptive pop-up banners greeting users’ first time visits to websites and asking them to opt in to sharing cookie data.
These concerns, among others, are currently being debated as the UK seeks to amend its local version of GDPR and offer a more ‘business friendly’ approach. If these intended amends pass, we could see a reduction in the need for consent banners. The argument is that this will improve the customer experience and give businesses more power to personalise their brand offerings.
Delivering on brand promise
Regardless of what the regulators say, brands and retailers still need to take certain measures to ensure they can collect needed customer data in a safe and secure manner.
Broadly speaking, those looking to gather customer data currently have two options. Either they collect this data implicitly or explicitly. An explicit method could entail serving site visitors a questionnaire asking them about their age, gender, etc. An implicit method might rely on tracking social media behaviour and cross referencing with previous purchasing data.
However, with third party cookie data likely to soon be a thing of the past, implicit data collection may become a less valuable option. In a future scenario, brands and retailers would only be able to gather implicit data from their own online properties – more commonly referred to as first party cookie data. Apple’s Safari and Mozilla’s Firefox already block third party cookies as a default whereas Google’s Chrome continues to allow them, for now.
It’s likely that a combination of explicitly asking consumers a few simple questions, such as age and gender – and then combining this with first party data, sought from previous on-site purchases – will be the winning formula.
Regardless of what approach retailers and brands take, they will need to remain customer-focused. Their offerings will need to take into consideration both customer concerns around security and their expectations for personalisation. Trust will need to be maintained throughout.
My advice? Brands should treat personalising the online experience by mirroring what often happens in-store. If a customer walks into a store, you’d neither ignore them or straight away bombard them with product offers. In the former, the customer is left feeling like a brand isn’t interested in making a personal connection with them whilst in the latter, they’re overwhelmed with too much choice and offers that aren’t completely relevant. In a good store, customers are typically greeted with a friendly smile and asked a few simple questions. If they make a purchase, this information is then be logged and used to inform future recommendations. The online experience should replicate this.
Security and personalisation should come hand in hand. The more information customers give away, the more they expect brands to take care of that information. Brands and retailers need to find the right balance of offering a genuinely enjoyable experience that feels safe and leads to a worthwhile purchase. Then, they can truly show they’re worthy of a consumer’s trust – and loyalty.