All posts by Jeff Mitchell
Data privacy regulations are changing globally and businesses need to keep up. Regulations like CCPA and GDPR are important but can be challenging to comply with when managing thousands of customers’ data. That’s where AE comes in.
AE was built with data privacy in mind. When designing our system, AE looked to the most restrictive privacy regulations that existed at the time. Since then, we have always stayed ahead of the data privacy curve.
This means that customers who use AE can focus on what they do best and leave privacy to us. Our system automatically keeps your customer data up to date and compliant. Further, with our new Privacy Center, it gives consumers the ability to manage their own data, saving you hours.
Keep reading to discover how AE automates data privacy compliance for our customers…
Explicit Consent
Terms of consent must be clear. Consent must be freely given and can be withdrawn at any time.
At AE, customers move through an explicit upfront registration process before they get added to our system. Basically, our customers’ members must opt in, otherwise we won’t collect any data.
Companies can offer opt-in at a general level or specific to their campaigns or brands. For example, members can opt in to all company content or for a single newsletter. This is especially useful if a company has more than one brand under its umbrella.
It isn’t enough to say that you have explicit consent – you have to be able to prove it. In the AE dashboard, you can clearly see where and when a customer signed up and and what they opted in for. This kind of documentation is necessary in order to stay compliant with data regulations like GDPR and CCPA.
Right To Be Forgotten
Customers have the right to ask a company to remove all their personal data.
AE is a centralized customer database, so no matter where the customer signed up, all the data will be compiled into a single profile. Further, if you go to that customer record and delete it, it will delete everything on that user across AE. It’s essentially one lever for a bunch of operations that would be painful to do otherwise.
Companies with multiple business units or large numbers of customers can further streamline user deletion by utilizing AE’s Privacy Center. This allows customers to access, modify, and delete their own data. (Learn more about that here.)
At AE, we believe that customer data should basically evaporate as time passes – a business shouldn’t keep the data forever. If the member isn’t interacting with the business on a regular basis, then it should be removed.
AE keeps data for a maximum of 2 years, after which it is automatically purged. This can of course be adjusted. If our clients want to be even more stringent they can shorten that period to whatever they like.
Right to Data Access
Customers can request a full electronic copy of all the data collected on them.
With AE’s Privacy Center, customers can help themselves to the information they need. At the same time, companies can educate their customers on why they are gathering the data and what they are using it for. By explaining data use and providing alternative options to, say, account deletion, customers feel in control and companies get the data that advances their marketing. Not only are a lot of hours saved on data management, but a relationship built on communication and trust is encouraged.
With AE’s privacy center customers can:
- Review and update login permissions
- Review and delete account information
- See their activity list
- Download their data
- Delete their account and information
(Learn more about AE’s privacy center here.)
Secure Data Systems
Companies must design their systems with proper security protocols in place from the start.
When designing our own systems, AE looks to the most restrictive privacy regulations that currently exist. So when AE was founded, pre-GDPR, we were certified by Privacy Shield. They were and still are a leader in data security frameworks.
AE has a strong security architecture that has been tested in numerous ways and proved to be a difficult environment to penetrate. Over the years we have gone through many rigorous infosec review processes with our larger enterprise customers. We’re talking long questionnaires, where every minutia of data security is examined and every box must be checked in order to pass.
All of these safety precautions are what has allowed us to work with large enterprise customers who are very diligent about data privacy.
—
If you have any questions about data privacy, compliance, or how AE works, send us a message using the blue chat bubble!
What is CIAM?
CIAM stands for customer identity and access management. AE is an example of a CIAM solution as we handle both customer identity and access management.
When you allow users to sign up or to log in – that’s the access management part of it. The customer identity part is the user information that is stored in a centralized system for our clients.
What are the Benefits of CIAM?
The main benefit of CIAM is the centralized nature of the data. So if you have multiple points of entry for a customer into your application or service, all the customer data will end up in one place.
The same applies if you have multiple sites that are part of a network. Rather than having 10 different records for one customer scattered throughout the internet, AE allows you to have a single record in one place. So customers can have access to 10 different sites, but you’re not picking up overlapping data.
This also simplifies things like data removal because you only have hit delete once and the data is removed across all records. Basically your customer records are consolidated into a nice centralized system.
What to look for in a CIAM platform?
When comparing CIAM platforms, ask the following questions:
What sort of features do they offer that allow you to be compliant with data regulations?
First consider what level of data security you are committed to offering. Are you going to offer the minimum that is required by law or do you have another framework to consider? Depending on where you live, the data regulations will vary so ensure that the CIAM understands the individual needs of your company.
How easy is it to use?
A simple question, it can be hard to know until you’ve actually tried it out. Unfortunately by that time you’ve often already invested in the product. Choose a CIAM that allows you to trial the product before committing and has a strong onboarding process. Be really clear about your need to haves and nice to haves and make sure they overlap with the CIAMs capabilities.
What’s the quality of the data that’s being collected?
Simple profile information can be kind of blown up as being this amazing thing. However, it is important that there is actually value in the customer data that is being collected. Look for data that refreshes over time automatically. For example, AE gathers data in real time to keep customer data useful. Also consider what data you actually need to meet your goals. Make sure that the data provided is actionable and not just “nice to know.”
—
If you have any other questions about CIAM, shoot us a message using the blue chat bubble!
Data is collected every time you visit a website, engage on social media or buy something online. But not all of it can be used to identify who you are. Let’s take a look at what PII is, data privacy implications, and how using PII with permission can drive your company’s revenue.
What is Personally Identifiable Information?
Personally Identifiable Information (PII) is information that can be used to identify an individual. This information could be used alone or with other data to trace back to a specific person.
There are two kinds of PII – linked information and linkable information.
Linked information can be used on its own to identify an individual. This can look like an individual’s: full name, date of birth, email address, telephone number, home address, social security number, driver’s license number, or credit card number.
Linkable information can only be used to identify someone when used with other data.
Some examples are: first or last name, country, state, city, postcode, gender, race or job related information.
Cookies and IP addresses are seen as PII according to the data regulations in some countries, but not to others. Depending on where you are located, what is regarded as PII can vary.
How can PII drive company revenue and reduce costs?
Traditional marketing approaches, such as “batch and blast” email marketing, are not very efficient. Of the thousands of emails that are sent out, maybe 5% even open your email, let alone take the action you want. The more generic or broad that you’re being in your marketing, the more it’s going to cost you as a business.
With PII, you can identify your customer base and better understand those customers. And the more detailed the information you have on your customers, the better you can service that customer. You can tailor your product more closely to your market.
If you are able to pre-qualify your audience ahead of time, you can send a much smaller email list or a very targeted ad group. That saves you money because you’re not paying for as much volume. You also get a much higher return on your spending, closer to 50% or 60%, because you know your audience so well.
AE is a customer identity and access management (CIAM) platform that relies on PII to provide useful customer data for its clients. This both reduces wasteful spending and increases revenue because the people you put your messages in front of are more likely to take a sales action.
Data Privacy: Can you capture PII and be GDPR compliant?
AE aims to find the perfect balance between giving businesses the information they need in order to better serve their customers and also making users aware of the information they will be sharing. We’ve taken a stand in support of privacy rights and have built privacy protection and awareness into our product.
There’s tons of benefits to using PII and that’s why there is an entire industry around it.The trade off is that this is somebody information that they may not want to share. So you need to ask.
With new privacy regulations such as GDPR and changing definitions of what constitutes personal data, it can be hard to keep up. Companies have a responsibility to protect customer data.
The good news is, as long as you’re being explicit and up front about the information you’re capturing, you can capture PII and remain compliant with data regulations and customer expectations.
When it comes to personal data, many don’t realize that there are a lot of rules around data capture that need to be adhered to. For example, companies need to be able to show a relevant reason for gathering the data – they can’t just grab everything in the hopes of using it later.
Some rules, like the data expiration, are simple in theory but can quickly become a headache for companies that are managing data manually.
AE has data compliance built in and automates many processes like data expiry. This privacy protection layer is a huge benefit to our clients.
Is your company GDPR Compliant? Check out our GDPR flow sheet here.
How can companies capture PII?
You can capture PII in two main ways. First, there is the traditional up front method, such as your typical web form. Since you are asking your customers to fill out the information, this only works if they take the time to fill out the form.
A more effective method is to capture PII using social login, as social networks often provide a lot of basic customer information automatically. The user is still notified of the types of data they will be sharing with your business and they need to approve it. But checking that box is a whole lot less effort than filling out a form.
Once the link has been established to a user’s social network, you can start to get a lot of behavioral data too. This is closer to the Netflix approach, where it’s not necessarily first name, last name, and where they’re from, but what actions are they taking on this platform?
No matter how you gather PII, you need to be up front and allow the user to approve the data sharing, and then also comply with the other elements of data regulations.
How does AE capture PII?
AE has two products, called AE Connect and AE Insights, and both gather PII.
AE Connect is the front facing element that allows users to sign up to a service on a website. This is where the permissions approval process takes place. When users sign up, we gather some static personal information, such as where the user is from or where they’re geographically located.
(Check out exactly what data AE Collects.)
AE Insights is the back end element that provides behavioural data in the style of Netflix or Amazon. This data is all accessible through a dashboard or API. AE Insights helps companies understand how users are interacting with brands off their website. What media are they consuming on YouTube? What kind of music are they listening to on Spotify? AE’s social listening provides a complete view of customers by gathering social data in real-time.
Why would a customer opt in to sharing their PII?
Customers will share their PII if there is a clear benefit to them — they need to feel that it’s worth it, and that the risk of adverse impacts is minimal. Therefore, companies have to be smarter in how they express what they want to know about users and what they intend to do with the data shared by users.
Companies need to move away from let’s just get them to sign up. Or – let’s just get them to hit our web page and we’ll grab everything we can about them without asking them in case we need to use it later. A little more up front communication is required in order to get an opt-in.
Services like Amazon have been using customer information for years. When it’s done right, it serves both the customer and the company. On Amazon, a customer is usually glad to get a notice when a product becomes available or goes on sale. It is clear when scrolling through the site that it is being catered to you, and that makes for a more useful, relevant experience. Users agree to this when they sign up for an account with Amazon.
The same applies to Netflix and their movie recommendations. When tracking and cookies have a clear benefit, customers are more likely to agree to their use, instead of settling for a non-personalized experience.
It all comes down to clearly expressing the benefits to the customer of sharing their information and then giving them the choice.
Going forward with PII
PII will continue to add value to businesses’ marketing and sales strategy.
Companies need to understand what PII is and how it can elevate their marketing. There is a huge opportunity for personalized marketing that needn’t be passed up. Look for tools that encourage the effective use of PII and automatically regulate the data according to privacy regulations. This will prevent a lot of headaches in the long run.
Companies need to start being more aware of their responsibility in how they ask for customer information. If customers understand what they are getting out of sharing their data, they will likely see it as a fair exchange. Building trust-based relationships with customers, is a sure way to stand out from the rest.
Read our privacy promise to learn more about AE’s commitment to data privacy.