After advising the UK Information Commissioner’s Office on how marketers will engage with the new Privacy Notices Code of Practice, Nick Martin airs his views on the future of privacy in DM and online.

There aren’t many people who’d admit that their approach to data privacy isn’t quite best practice. But nonetheless, with reasonably generous legislation on the matter, many marketers are doing just enough to stay the right side of the law.

But, with a new Privacy Notices Code of Practice from the Information Commissioner’s Office (ICO) out in the UK this month, now’s a good time to look at the role of privacy best practice in direct and online marketing activity.

The privacy challenge
For starters, if you’re running a European or global team, you’ll already know the challenges involved in working out what’s permissible in each country.

The ICO’s new code is UK-centric at present, but similar codes may emerge in other countries, with the potential for changing the game for best practice across markets.

Demand for transparency is not just coming from government: brand owners are requiring ever higher standards from their vendors, raising the bar to offer customers the same experience – and protection
– wherever they are in the world.

Ultimately, transparency equals trust – consumers need to know that if they consent to give you their data, it will be handled and used responsibly.

What is ‘best practice’?
While wanting the highest standards in data privacy, brand owners also need better insight into their customers’ profiles and needs. This means they need to enhance existing customer data through cross-referencing it with external databases – and, clearly, this must be done without compromising an individual’s data security.

Brand owners need to be able to trust their supplier to exercise due diligence on the pool of email and personal data they are cross-referencing with, not just on the proprietary data.

But with such broad interpretations of what ‘consent’ should mean, there isn’t a clear right answer at present.

When someone asks for compliant data, they need to know what they’re really asking for and what they really want to be given.

To truly adhere to the terms of the new code, data providers should be validating all the data and executing what we call ‘deep diligence’, ensuring permission was given by every individual for each use of
their information.

In other words, when we cross reference a company’s data with ours to provide them with additional information on their customers or prospects,  we only do so with data where the individual has given permission for us to hold their information and use it with third parties for that specific purpose.

Transparency built in
The ‘deep diligence’ policy means that data privacy is engineered into our solutions, and therefore into our customer’s datasets.

The privacy challenge is tackled from the ground up, so that it is future-proof, whichever way the legislation goes, and ready for use in every country.

True transparency cannot be added on at a later date – real best practice is part of the architecture of a product, and the attitude of the company. Because, at the end of the day, the fundamental issue is not  the mechanisms you adopt, but how much your customers can trust you.

Privacy marketing needs to stand for something, and there needs to be standards consumers will recognise and can put their trust in. Hopefully, this will come from the ICO’s Privacy Notices Code of Practice, but ultimately it will only come when vendors and brand owners alike adopt genuine best practice with people’s data, breeding the trust with their customers that’s so vital for commercial success.