3 Features You Need to Use PII in a DMP

Written by Ian Simpson

Published January 12, 2017

People are getting a bit jumpy about personal data these days.

Just ask the poor folks at Yahoo who have had to announce not one, but two hacks of their email accounts over the last year.

The result of such high-profile breaches is that people who never gave much thought about trusting a well-known brand with their email or other information, are suddenly much more wary about sharing even the most basic information.

This puts companies in a bind when it comes to using data in such tools as a data management platform (DMP) – how to build trust with customers and at the same time ensure that they can responsibly use the valuable first-party data they share?

What it really comes down to is having the right tools – built with data-privacy and security in mind – to handle Personally Identifiable Information (PII) and other sensitive information.

Not sure what that means? Here are three features to look for in a data-based AdTech/MarTech platform such as a DMP.

1. On-premise data storage

It might go without saying, but the single best way to avoid fiascoes involving data is to make sure that you have full control of it.
Makes sense, right? But it’s not as simple as it sounds.

The overwhelming trend in AdTech and MarTech applications is the cloud-based model. This can be great for scalability, quick implementation and cutting corners on in-house IT costs.

The downside is that brands risk running afoul of regulations about sending data over international borders, may not have the ability to permanently delete it if they need to and have to worry about their cloud-based DMP vendor being secure.

The sum total of those fears is that many advertisers are scared to use PII for their advertising.

However, if you’re looking for a tool that can appease those worries, consider one that offers on-premises data storage.

This goes a long way towards ensuring that you have full control of the data you use.

Other features that go along with on-premises storage include:

  • Audit logs and alerts – to keep track of when and how data is accessed and used.
  • Granular password protections – to control exactly who and what tools have access to what data sets.
  • Data retention settings – perhaps most importantly when it comes to PII for marketing and advertising, the ability to guarantee that sensitive information will not be stored longer than a certain period and can be deleted at the request of the data subject the so-called Right To Be Forgotten).
  • Anonymization of specific data points – making sure that certain data – especially sensitive items – are automatically rendered anonymous. (More on that below.)

Free Cheat Sheet: PII, Personal Data or Both?

Learn the main differences between personally identifiable information (PII) and personal data. Get to know the types of information that are the subject of the new European data privacy regulation (GDPR).

You should also look for tools that include easy-to-use privacy settings. In other words, tools that make it easy to gain consent for usage and track which data may be used for which purposes.

The matter of consent is of paramount importance – for all companies and especially for European companies and those doing business within the EU.

So what exactly do you need in order to use PII?

  1. A way to automatically stop tracking as soon users require it (preferably at the tag level.)
  2. Options for users to choose how their data is used (for marketing purposes/for on-site personalization/without limit, etc.)
  3. The possibility to filter usable data (with consent) from non-usable data even when data points are being merged in a DMP

With regard to Do Not Track option, it is important to make all your tools privacy compliant – even 3rd-party applications that may use tags on your site. That way a user can be assured that their privacy is respected in full.

Once you have a system in place (from data collection to data activation) that guarantees the correct usage of information, you can move forward with taking advantage of the data on hand.

3. Automatic anonymization

No brand will be able to build trust with its customers – and gain their consent to use PII – unless they can guarantee that data will be kept anonymous.

The very nature of personal information makes it desirable to keep it from being misused and consumers may understandably be concerned about their personal information being used in different ways across the internet.

So in order to have the remote chance of using PII, brands must have the tools to automatically render it anonymous. That way no single person could even potentially be affected should it somehow be accessed incorrectly.

How can AdTech and MarTech tools like a DMP accomplish anonymization?

There are a few methods, depending on the type of information in question.

  • Hashing: Creating new, anonymous values for sensitive data by means of a hashing algorithm is one of the more popular methods when it comes to data management for marketing and advertising. It is especially useful for single values or fields and unlike encryption cannot be undone by use of a key.
  • Perturbation: For data that doesn’t necessarily have to be kept in a 1-to-1 relationship with its original, perturbation is often useful. Incomes or purchase amounts, for instance, anonymized by grouping and averaging in such a way as to not statistically change the meaning of the data while removing the possibility of tying any one to a particular person.
  • Generalization: Similar to perturbation in its usefulness, generalization takes specific values and translates them into ranges or groupings. Again, this can be useful for income values ($65,000 – $80,000 instead of $65,399, $66,228, and $78,127) or location (within 20 km of Point A).

Of course, data analysts and anyone who works with data for advertising and marketing could theoretically carry out the task of anonymizing data by hand. But to fully take advantage of the value of data in the fast-paced world of digital advertising, this process should really be accomplished automatically.

A web analytics tool or a DMP or tool that combines elements of both should most definitely include means for anonymization in order to let its user process PII.

Summary

Two things are sure when it comes to data privacy and security.

The amount of data being generated isn’t going to suddenly drop off. If anything, it will continue to grow!

And secondly, hackers will keep trying to get their hands on other people’s information.

These two forces will make brands pay closer attention to privacy and security, especially given the new European rules imposing high fines on non-compliers to the General Data Protection Regulation.

Caught between the value of data and the need to protect it, brands absolutely must make sure they use the right tools to help them in their advertising and marketing efforts.

Free Cheat Sheet: PII, Personal Data or Both?

Learn the main differences between personally identifiable information (PII) and personal data. Get to know the types of information that are the subject of the new European data privacy regulation (GDPR).