Personalization at scale is where retailers and consumer brands are competing to win. But in focusing on “playing offense” to capture value, executives are often overlooking their “defense”: preserving, protecting, enabling, and accelerating the hard-won gains of their digital efforts by ensuring that personalization at scale keeps personal data secure and private.

As the enterprise risk of collecting, holding, and using consumer data to personalize offerings grows, so do the business-impairing consequences for those who fail to get it right. Despite these challenges and opportunities, most marketing leaders remain surprisingly unconcerned with how to manage data security and privacy.

In a recent McKinsey survey of senior marketing leaders, 64 percent said they don’t think regulations will limit current practices, and 51 percent said they don’t think consumers will limit access to their data this despite other recent surveys showing that more than 90 percent of consumers are concerned about their online privacy, and nearly 50 percent have limited their online activity because of privacy concerns.

Getting the security and privacy of personalization wrong can slow time to market for new applications, constrain remarketing and consumer-data collection, result in significant fines, or worse cause material harm to brand reputation through negative consumer experience. Getting it right reduces time to market, puts security and privacy at the heart of the company’s value proposition, boosts customer-satisfaction scores, and materially reduces the likelihood of regulatory fines.

Where to start

For most companies, getting security and privacy right begins with remediating and transforming the digital-marketing applications and systems that generate, transmit, consume, store, or dispose of consumer data. Leading brands make this part of a broader baseline assessment of data security and privacy across people, processes, and technology and tie it to business use cases.

They also put marketing at the center of the effort, educating teams on the value at stake through, for example:

  • establishing and enforcing standards on security and privacy for creative agencies

using best practices for data protection in their day-to day-work

  • tokenizing consumer data
  • ensuring consent compliance
  • sanitizing data before using them in outbound communications and remarketing
  • being accountable for incidents when they occur

The dialogue with marketing and other stakeholders in this context should be ongoing, to match the enterprise’s evolving needs for data and technical capabilities and to capture the value from use cases.

An imperative on security and privacy can help with many things from eliminating tech debt to breaking down silos by opening iterative dialogue on data needs and new operational requirements between the business and the security and privacy functions. Aligning on core beliefs and a framework to approach the effort can help the team quickly get the needed conviction and buy in.

Personalize security and privacy for the consumer

Leading financial institutions have already unlocked the value of increasing net promoter scores (NPS) by taking the hassle out of consumer validation processes. By reducing hold times, simplifying and tailoring multifactor authentication to meet consumer preferences, and placing data-protection controls for consumer-facing applications in the hands of the consumer, they are improving customer experience without compromising underlying security and privacy.

Leading retailers and consumer brands can adopt a product-management mindset and delight consumers by building data-protection options into consumer-facing applications and support functions. By partnering with cutting-edge technology innovators, they can tailor processes to what is most convenient for the consumer. Good places to start are multifactor authentication by text, call, or randomly generated code, or built-in strong-password-generating tools to simplify password recall for consumers accessing a retailer’s direct to consumer application. Measuring performance over time through commonly available customer-experience dashboards such as NPS can ensure that attempts to build security and privacy into consumer-facing applications are refined quickly and iteratively.