It’s no secret: capturing first person consumer data is one of the—if not the most—important justifications for experiential marketing budgets.
With data breaches becoming a shared headache in PR departments across the country, as well as new privacy laws popping up at what feels like a daily pace, it’s no surprise that experiential marketing teams are starting to go under the microscope for two reasons:
1) The obvious: to make sure consumers continue to be engaged and connected to the brand.
2) And a new one: to ensure the data that is being captured complies with the constantly changing privacy laws and organizational information security policies.
Knowing what’s compliant and what isn’t takes a specialized skill set, and frankly, one that’s best left to information security professionals.
As an interim, we put together three simple questions (for non-legal scholars!) to ask of yourself and your teams when it comes to making sure your experiential marketing has basic levels of data compliance:
1) Encryption. Do all of your systems that interact with consumers’ Personal Identifiable Information (PII) follow current encryption standards? Pro-tip: if you’re handling PII and it is NOT encrypted, you’re doing it wrong. In fact, stop right now and consult a technology expert to help you!
2) “Hacker” Prevention. Has your vendor passed regular Penetration Testing and Vulnerability Scans on the technology and products you use for experiential marketing? Even novice hackers are well-versed in software development, so they know exactly where to look for weaknesses.
3) Policies. Do you only partner with vendors that meet your internal standards for consumer PII data handling? Even if your organization has strict privacy and security protocols, but a vendor you’re using doesn’t, if a breach were to happen, your brand will still make news headlines.
While three high-level questions is hardly a data security policy, they guide the first few steps we explore with our clients when setting up consumer data capture.
The last two years have been quite a learning curve for us, making sure our clients are protected and safely handle consumer data, but it’s for two very good reasons: it’s not only the responsible thing to do but it’s also the law.