Tiffany Mura, Founder & Senior Strategist, bizprox
As the web and smartphones have become integral parts of society over the past 20 years, we have become conditioned to leaving huge data trails wherever we go in the digital world. The internet is predicated on this model; data is the currency of the web. We, as consumers, actively participate in this value exchange because it has, in large part, made our lives better.
But at the same time, the frequency, volume, and complexity of data tracking have reached a level that is nearly incomprehensible to the average person. Sure, we hear that we should monitor our privacy settings on Facebook and protect our passwords, but these admonitions are disproportionately small compared to the vast amount of personal data that is being collected and integrated. It has taken the Cambridge Analytica crisis to bring it to light and to show the frightening potential for misuse.
If you think about it, it was only a matter of time.
Despite the extreme example of data misuse illustrated by the Facebook/Cambridge Analytica scandal, the figurative horse has left the barn regarding consumer behavior. We are so conditioned to data sharing and so desirous of what it gets us in return that I doubt there will be significant backlash. Even the #deletefacebook “movement” urging abandonment of the exact platform which committed the alleged offenses has quickly fizzled. However, I do think that the crisis will generally motivate consumers to be more considerate of whom they are sharing their data with and ensuring they are getting value in return.
There will definitely be more regulation, but it is unclear how far-reaching it might be. Facebook has already started self-regulating itself by instituting new restrictions on what data can be used to target ads. As of October 1, 2018, they will be removing the program through which advertisers can use third-party data purchased from other providers to target ads. Eventually, Facebook will remove the ability to use third-party data that was available through deals directly between Facebook and the third parties such as Axicom and Oracle.
It’s hard to say whether there will be congressional legislation coming out of the hearings to finally put in place a comprehensive set of data protection regulations for the US as the GDPR is doing in the EU. Even if it does not, I expect to see increased scrutiny on data collection and use practices across the board.
First, we have to consider the fact that healthcare and pharma companies are collecting some of the most private and valuable information about a person – a data set that provides far more robust information than a credit card number. It is also a data set, which, if used maliciously, could be potentially be much more harmful to the person than a stolen credit card number. And there are unfortunately forces out there that want to exploit this data. Healthcare and pharma companies figuratively have valuables in their houses that thieves want to steal.
But, to create programs that consumers want to engage with and that will withstand increased regulation, healthcare and pharma companies need to do more than protect the customer data they are collecting and using. They have to be good data stewards. Good data stewardship means respecting value exchange with their customers by treating data like the valuable personal property it is, not just a monetizable asset, i.e., not just a way to drive new and repeat prescriptions.
Good data stewardship is comprised of four pillars that encompass the explicit and implicit aspects of collecting and utilizing customer data within programs such that it creates a relationship built on trust. This trust requires more than compliance with regulations; it also includes other, more implicit aspects of data usage collection and usage.
Compliance – This foundational pillar is the explicit requirement of following all applicable laws and regulations when creating personalized programs that utilize data. First and foremost is HIPAA, but others need to be considered as well, depending on the program type. These can include, but are not limited to, CAN-SPAM, GDPR, and FTC regulations.
Transparency – Be transparent with your customers what data you are collecting and why.
Value Delivery – Deliver value to your customers equal to or, preferably greater than, the data you are collecting.
Sensitivity – Be mindful of the gray areas of privacy. Don’t be “creepy.” While something might not violate a particular regulation, it might not “feel good” to a user when it has to do with their health information. You will need to work with your UX designers to model multiple use cases to assess this thoroughly, which takes time. But, considering what will and won’t feel right to a customer is essential to creating a program that consumers will trust and want to engage with.
There are six steps to designing for good data stewardship in any customer program:
Utilize a multidisciplinary team with best-in-class agency partners – At the start of a project, the sponsor should gather a cross-functional team that includes the key project stakeholders, including legal, regulatory, IT, and best-in-class agency partners to cooperatively design the program and ensure all points of view on program requirements are considered from the outset. IT is particularly important for the storage and security of the data the company is collecting and using and the data that any third-party partners are collecting and using. The agency partners should be experienced in creating compliant programs of that type since the content requirements vary depending on the program
Design privacy throughout the customer journey – From awareness-building efforts to retaining customers, make good privacy practices and value exchanges an integral part of program design. Don’t make it feel like a bolted-on afterthought
Collect and utilize data with a clear purpose and value exchange that benefits the customer – Design the program so that the customer understands this value exchange clearly before providing the data
Know what data third-party partners are collecting and how they are using it – Ensure that you know what information your third-party partners are collecting and how it’s being secured and used. Work with your agency to stay current on any changes to these policies that may affect your program
Use clear, understandable language to communicate privacy policies – Ensure that your UX designers are contextually integrating clearly-written data collection, data usage, and privacy information so that it is easier for the user to understand
Keep your data house in order – Vigilantly monitor and respond to internal and third-party data breaches.
If any industries are prepared for potential increased scrutiny and regulation of data collection and usage, it’s healthcare and pharma because they are already used to functioning with stringent regulations. By adhering to good data stewardship practices, they can continue to create compliant, impactful programs that customers want to engage with even if there is a backlash resulting from the current data climate.