Technology has changed the way we market to consumers, allowing for more real-time data and personalization. Because of this shift, we too must change how we use and protect that data. And with laws like GDPR going into effect, this issue is not going away anytime soon. Discover actionable ways you can improve security both from an organizational standpoint and from the view of your users.
2. 2
• Our goal is to have this be an interactive session, so please submit your questions throughout the
presentation and we will be sure to answer as many as we can in the last 15 minutes.
• No worries about scrambling to take notes. As a follow-up, we will send an email of the video
recording and the entire deck for your records.
• If you would like to live tweet throughout the webinar, feel free to use – #hile-lights
• We’d love to hear from you! If we don’t cover something, or if your question isn’t answered – send
us an email and we will get you a response as soon as possible – Contact@HilemanGroup.com
Housekeeping Notes
HILE - LIG HT S PRESENT S
3. 3
Chelsea Kiko
MarketingAutomationTeam Lead at Hileman Group
@Ckiko47
Michelle Law
Analytics Process Lead at Hileman Group
@MrktingMichelle
Bob Eckman
Chief Information Security Officer at MCPc
Introductions
HILEMAN G ROUP
5. 5
• 79% of consumers would stop dealing with a company if their personal data was misused.
• Post-GDPR, 40% of companies think reliance on customer consent will be the biggest challenge to
achieving their marketing objectives.
The Current Climate of Data Security in Marketing
HILE - LIG HT S PRESENT S
Source: Marketo®
7. 7
Platform
HILEMAN G ROUP
Platforms could include, but aren’t limited to, content management systems (CMS),
advertising accounts, marketing platforms, social accounts, etc.
• Use strong passwords and change all default passwords for built-in accounts to prevent
data breaches
• Assign access levels (admin/editor/viewer) to allow only necessary use
• Create a data protection plan for when/if employees leave
• Limit login attempts with account lockout policies to prevent a brute-force attack
• Install security updates
Take the time to establish the correct hierarchy of access throughout your organization.
8. 8
Third-Party Security
HILEMAN G ROUP
Third parties are any vendor, customer or partner whose security failure can lead to a
security failure of any of your critical assets or systems.
• Know your third-party platforms
• Talk to your IT and legal teams AND the third-party team
• Be transparent about how data (both yours and your users) is being used by third parties
• Review your third-party associations. Start small, just start!
Establish a repeatable third-party sign-off process, involving IT and legal.
Repeat this process as a check-in on a regular basis.
9. 9
SSL Certificates
HILEMAN G ROUP
Secure Sockets Layer (SSL) certificates ensure transactions between web servers and
browsers are secure by protecting website content and data.
• Crucial for e-commerce, financial or any site that uses credit card information
• Browsers display a warning icon and/or “Not secure” in the address bar near the URL
• HTTPS is a known ranking factor in Google search results
• Certificates expire usually every 1-2 years
Check with your hosting provider. Many will offer this certificate for free.
11. 11
Subscription Centers
HILEMAN G ROUP
• Help make sure your leads
understand and choose
what content they get from
your organization
• Great opportunity to link to
privacy policy and explain to
users why you are emailing
them and what you do with
information
Rather just an unsubscribe, give the user options to update preferences so you don’t risk a total unsubscribe.
12. 12
Privacy Policy
HILEMAN G ROUP
• Very important to
communicate with users
what you are doing with
their data
• Avoid legalese, be
transparent in your
intentions
• Link to privacy policy on all
forms and subscription
center
• Helps your organization
stay compliant while also
earning the trust of your
users Avoid legalese, be transparent and define your goals.
13. 13
Cookies
HILEMAN G ROUP
• With the new rollout of
cookie consent for GDPR
(we’ll chat about that
later), it is important to
implement cookie consent
to users
• Simple pop-up on your site
that lets them ‘accept’ that
you may be tracking their
cookies for a better user
experience
The best policy is to have this available on your homepage of your website.
14. 14
Data Retention
HILEMAN G ROUP
• Is the continued storage of
an organization or user’s
data for compliance or
business reasons?
• Again, be transparent; tell
the user how long you plan
to keep the data and give
them options
The best policy is to have this available on the homepage of your website.
15. 15
Implied vs. Explicit Consent
HILEMAN G ROUP
WHAT is the difference in consent?
• Implied consent means a previous business relationship exists
• Explicit consent means all data and information has been freely given
WHY it’s important – stay on the right side of the law
• List buying is an outdated tactic and isn’t legal everywhere – skip the headache and use your own data
• Website cookie opt-in
• Pre-filled forms for consent do not count as explicit
16. 16
Implied vs. Explicit Consent
HILEMAN G ROUP
Don’t forget that a person has the right at any time to withdraw this consent and that that withdrawal
process should be as easy as how consent was given in the first place.
• Global audience best practice
• Explicit consent, double opt-in approach
• They sign up themselves
• You send a link to authenticate their actions
• Implied consent can have a gray area – make sure to play it on the safe side
18. 18
KeyTakeaways
HILEMAN G ROUP
• Take the time to establish the correct hierarchy of access throughout your
organization and your platforms/software.
• Establish a repeatable third-party sign-off process involving IT and legal. Repeat
this process on a regular basis as a check-in.
• Check with your hosting provider. Many will offer a SSL certificate for free.
• Rather than offering just an unsubscribe, give the user options to update
preferences so you don’t risk a total unsubscribe.
• Avoid legalese, be transparent and define your goals within the privacy policy.
• The best practice is to have a privacy policy available on the homepage [in a call
out] of your website which includes information about data retention.
• Don’t forget that a person has the right at any time to withdraw this consent and
that the withdrawal process should be as easy as how consent was given in the
first place.