HOW TO

BALANCEPERSONALIZATION

AND PRIVACY FOR OUTSTANDING

CUSTOMER EXPERIENCES

EXECUTIVE BRIEFExecutive Summary

02

Digital business introduces exciting opportunities to engage

with customers anywhere and at any time. Mobile devices, the

Internet of Things (IoT) and other channels your customers

interact with offer new avenues to collect customer data that

can be used to personalize their experiences. No matter where

your customers interact with your brand, ensuring that you can

provide seamless, secure and engaging experiences is critical.

However, customers are often wary of how companies use and

share their information, making them increasingly reluctant to

share data beyond what is absolutely necessary. In a recent

survey, 71 percent of consumer respondents said they believe

brands with access to their personal data are using it unethically.1

The same survey revealed that more than half of consumers

haven’t used a digital service because of privacy concerns.

These attitudes, combined with a patchwork of evolving

geographic, industry and corporate privacy regulations, are

placing pressure on organizations to protect their customers’

privacy and take extra care when collecting and sharing

customer data. Despite these complications, businesses still

need to collect this data to deliver the engaging, personalized

experiences their customers demand.

Satisfying these opposing requirements is not as impossible

as it may seem. Purpose-built customer identity and access

management (CIAM) platforms deliver the capabilities needed

to do both. The right solution can enforce customer data-

sharing consent and adhere to privacy regulations, while

allowing businesses to store and manage preferences and

other customer data that can be used for personalization.

More than half of consumers say they

haven’t used a digital service because of privacy concerns.2

CUSTOMERS EXPECT INTERACTIONS DRIVEN BY PERSONALIZATION AND PRIVACY

03

“An organization’s approach to customer privacy is

increasingly becoming a competitive differentiator.” 3

-Forrester

When customers trust that an organization is a responsible

steward of their information, they reward the business with

loyalty and positive word of mouth. Organizations that lack ways

to protect data from unauthorized sharing, data breaches and

misuse stand to lose this trust. That translates into lost business.

Privacy fears are also driving stronger, more complex mandates.

Regulations can apply to geographies, industries, even

demographics. In Europe, the General Data Protection Regulation (GDPR) stipulates where the data of European citizens

must be stored, how customer consent is enforced and how data is collected. Once it goes into effect in May of 2018,

organizations will face fines of up to four percent of their annual revenue or ten million Euros for violations.

To thrive in this increasingly complex landscape, organizations must carefully control which customer data attributes are

accessible to applications. They must ensure that apps only have access to the attributes they need and, particularly for

partner applications, that customers have consented to sharing data. Finally, they must make these consents intuitive.

Lengthy privacy policies full of legalese are a thing of the past. Your customers expect user-friendly controls that let them

manage their consents and clearly see who has access to their data.

Centralized privacy management capabilities enable compliance with a growing number of dynamic privacy regulations.

With centralized policies, you can confidently control how and where data is used. Without them, it’s risky to embark on

new initiatives to improve customer experience, and you risk tight restrictions from security, legal and compliance teams.

Those are steep sacrifices in today’s multi-channel marketplace, where competitive advantage lies in personalization.

So how can organizations use customer data to build personalized experiences?

First, let your customers explicitly state their preferences. Relying on assumed, implicit preferences derived from

browsing history or marketing platforms can yield inaccurate assumptions.

Then, rely on a secure, centralized repository to store and manage customer data and preferences from different

applications and channels. Make sure it can handle the scale required for customer-facing deployments and that it

exposes customer data through developer-friendly REST APIs. Without these critical pieces, you’re likely to frustrate

customers with inconsistent or inaccurate experiences across channels.

BUSINESSES MUST DELIVER PERSONALIZATION-PRIVACY BALANCE

04

ENABLE PREFERENCE AND PRIVACY MANAGEMENT IN 1-2-3

Personalization and privacy management are critical for regulatory compliance and delivering seamless and secure

customer experiences in the world of digital business. When evaluating a CIAM platform, ensure that it enables the

following capabilities:

01 Unified Customer ProfileDigital business generates and uses data across multiple customer engagement channels, devices and apps, as well as internal business units and third-party partners. Effective personalization and privacy management requires storing customer preferences, consent choices and other data into a secure, scalable unified profile that is accessible to all applications. A complete view of the customer consists of many different types of data, including structured information such as name, age and contact information, and unstructured data like purchase history and behavior patterns. CIAM platforms can help migrate or synchronize all of your existing data into a unified customer profile. Once it’s there, you can manage customer data, including implicit and explicit preference information, to create a highly valuable profile that offers deep insight into who the customer is and what he or she wants.

Policy-based Data GovernanceProtecting consumer privacy and adhering to regulations is complex. It can require multiple layers of policy enforcement and control. Look for policy-based data governance capabilities that can adhere to regional, corporate or industry regulatory constraints and enforce customer consent. Your CIAM platform should also do more than just govern access to an entire customer profile; it should make fine-grained distinctions about what data attributes within the profile can be accessed. For example, a third-party marketing email service may need access to customer names, email addresses and opt-in preferences, but not payment information. Customers may also want to restrict certain attributes, such as their email address, from being shared with certain partner applications. Sharing data with third-party service providers and data brokering is becoming more common in the digital ecosystem. Policy-based data governance will ensure that you’re adhering to regulations and giving customers control over and insight into where their data is being shared.

02

Consent ManagementCustomers expect their experiences with your brand to be user friendly, including the experience of managing their privacy consent. Having a centralized profile to store privacy and consent preferences, that are in turn enforced by centralized policies, allows you to expose customers’ data to them on any channel. You can do this using intuitive controls that let customers see who has access to their data and manage which attributes they’ve consented to share. This approach is far better than asking customers to consent to a lengthy, catch-all privacy policy. Taking the time to give customers this type of insight and control will reassure them that you’re being a good steward of their data.

03

Forrester states that modern digital business tactics—particularly marketing initiatives like delivering seamless

multi-channel customer journeys, behavioral targeting and location-based mobile marketing—are forcing marketers

to become more conscious of privacy challenges.4 As digital technologies offer more ways to reach customers, we

must be careful to not overstep boundaries into the territory of negative customer experiences. The personalization

and privacy management capabilities of CIAM solutions enable us to confidently walk the fine line between

leveraging customer data for personalization and adhering to privacy regulations.

#3164 | v00d | 07.17

ABOUT PING IDENTITY: Ping Identity is the identity security company. We simplify how the world’s largest organizations, including over half of the Fortune 100, prevent security breaches, increase employee and partner productivity and provide personalized customer experiences. With Ping, enterprises can securely connect users to cloud, mobile and on-premises applications while managing identity and profile data at scale. Visit pingidentity.com.

1. Mindi Chahal, “Marketers Overestimate Consumers’ Attitude to Data,” Marketing Week, June 23, 2016, accessed July 17, 2017 at https://www.marketingweek.com/2016/06/23/marketers-overestimate-consumers-attitude-to-data/ 2. Ibid 3. Vendor Landscape: Privacy-Support Providers for Marketers, The Customer Trust And Privacy Playbook For 2017, Forrester Research, last updated Aug 25, 2016. 4. Ibid

CONCLUSION