How marketers across industries are learning compliance lessons from banking and healthcare

By understanding how healthcare and banking marketers have managed to control personal information and remain compliant regarding personal data while still developing strong advertising campaigns, marketers are adapting tactics from those sectors across industries. 

Healthcare marketers are achieving data compliance by anonymizing data and collecting less 

As data becomes more valuable, marketers look to the strictest sectors for best practices and compliance examples to protect user data and privacy. For instance, in healthcare, personal information must be carefully shielded. 

“Marketers can learn from HIPAA on being extra cautious when working with sensitive information, such as PII,” said Mateusz Krempa, Chief Operating Officer at Piwik PRO. “Data should be anonymized or aggregated to reduce the risk of re-identification. Technology partners should have strong privacy practices in place and comply with regulations. In all cases, an organization must remain the sole owner of the data collected without any third parties having the ability to access it or even use it for its own gain.”

Establishing privacy-friendly analytics consists of setting up methods for collecting, measuring and analyzing data in a way that respects the privacy of individuals and also delivers relevant insights. This includes ensuring that people maintain control over their data, that what’s collected and how it’ll be used is clear, that a privacy-by-design mentality is at work and that data security is in place. 

For example, with healthcare, there’s a checklist to help ensure analytics vendors are HIPAA compliant, saving marketers time and allowing them to understand their obligations better. 

“When an organization has control over collected data, only then can it fulfill all the requirements of data privacy laws around the globe,” Krempa said. “On top of that, more data is not always better, and teams, in general, should avoid collecting excessive or irrelevant information that could pose privacy risks.” 

Siloed banking data is a textbook for balancing compliance with robust CX

In the banking world, there is the challenge of collecting data from siloed sources and finding the appropriate tech to analyze it and bring it together while keeping customers happy. 

“The most crucial part of banking is monitoring the full customer journey,” said Krempa. “There’s usually a separate data collection for public sites such as main websites or landing pages and then a second, more rigorous technology for monitoring the transactional systems or banking apps. It’s a challenge to stitch those datasets together where you can see what a user does on both sides.” 

The banking industry’s methods to work around these challenges are strategies marketers and advertisers of any industry can adopt. 

“While it can be challenging, employing the same analytics in public sites and secure or post-login areas is well worth the effort,” Krempa said. “Banks often leverage data analytics to provide personalized services and enhance the customer experience. This can result in more relevant and engaging experiences. Tech and gaming companies can certainly adopt a similar approach, as they, like banks, should prioritize customer trust and secure user data.” 

Finding the right vendor to make it all come together

Besides vetting vendors and partners to ensure they meet technical requirements around privacy compliance, it’s essential to verify that they can meet the expected privacy standards. 

While the questions a team should ask a prospective analytics partner to ensure they’re able to offer the necessary privacy-friendly setup depends on many factors, the most crucial question Krempa urges marketers to ask is whether the analytics software in question helps organizations comply with all the privacy laws of the markets they work on — now and in the future.

“Additional questions teams should ask include: What security measures do you have in place to protect data from unauthorized access or breaches?” said Krempa. “Do you conduct regular security audits or assessments? How do you ensure individual privacy is protected? Do you share data with any other parties?”

And since data sharing between the EU and the U.S. is still restricted after the invalidation of the Privacy Shield and the Schrems II ruling, those working with global data have additional issues to consider. 

“Where is the data center located, and can the solution be hosted away from U.S. big tech?” said Krempa. “This is especially important for organizations that must comply with the Schrems II ruling. As for features, what options do they have that allow you to get additional data in a compliant way in case no consent is given, such as anonymous tracking and AI artificial data? What is the scope of privacy features they offer out of the box?” 

Additionally, all parties should sign data processing agreements to ensure everyone upholds their obligations.

“Establish comprehensive data processing agreements or data sharing agreements with vendors to outline the obligations, responsibilities and rights of both parties regarding data privacy and security,” said Krempa. “Conduct ongoing assessments of the vendors’ privacy and security practices, as well as regularly review their data protection measures, certifications and compliance with relevant regulations.”

Successful marketers and advertisers are taking lessons from healthcare and banking marketers’ books and adapting them as their own. Thoroughly vetting data and analytics vendors will help ensure marketers and advertisers across the board are prepared for any privacy regulations that come their way.

Sponsored by: Piwik PRO