Privacy Impact Assessment Guide: 7 Best Practices to Master PIAs
One of data privacy’s greatest challenges is that it can all feel...Read Now
September 23, 2022
Recently, the Osano team was fortunate enough to attend one of the most significant marketing events of the year: HubSpot’s INBOUND conference.
Osano's team members, Amy Beeler and William Chia, at our booth at INBOUND 2022
INBOUND is primarily a networking event for marketing and sales teams, experts in the HubSpot platform, and revenue operations professionals. As the only data privacy vendor in attendance, we were something of an outlier at the event. But that doesn’t mean we felt out of place — on the contrary, attendees were eager to ask questions and have a dialogue with us.
For our part, it was an exciting opportunity to understand how this class of professionals handle consumer data, what their understanding of data privacy is, and how we can make compliance simpler. Here’s what our team members in attendance learned.
Several event speakers touched on the importance of data privacy, and although attendees were surprised to see a compliance vendor at INBOUND, many were happy for the opportunity to chat through their data privacy concerns.
“It seems that this has been very top of mind for a lot of people,” said Amy Beeler, a Senior Account Executive at Osano. “I heard a lot of comments like ‘my boss was just asking about this,’ or ‘Our legal team has been telling us we need to get something in place.’”
“The opportunity to meet martech and marketing professionals on the ground and better understand how they are looking at privacy compliance was a real wake-up call,” said John Allman, our Senior Sales Engineer.
Perhaps more so than any other function in a modern business, marketers handle a significant amount of consumer data. Data privacy, therefore, has a huge impact on how marketers do their jobs. Unfortunately, the team encountered a lot of misconceptions around data privacy concepts at INBOUND. “There is still a general lack of knowledge in the privacy space, which was quite eye-opening to me,” said John.
Many of the people we talked to were confused about whether cookies were going to disappear entirely once browser’s phased out third-party cookies. Others weren’t really certain about what a third-party cookie really was.
Others weren’t even sure which data privacy laws applied to their business. “There are a lot of marketers out there who know privacy is something they need to address within their organization,” added John, “but they have not done so because they do not know what privacy laws apply to them or where to start.”
It’s important to note that we’re not blaming marketing professionals for not knowing about key data privacy concepts. Rather, the onus is on compliance businesses and professionals to educate their non-expert peers.
(To that end, if you feel like you don’t have an understanding of what cookies are and how data privacy laws regulate them, we recommend reviewing “The ultimate guide to understanding cookie laws”).
Many of the attendees knew that data privacy was a topic that merited significant investigation and were eager to learn more.
Caroline Ciacchini, an Account Executive at Osano, certainly found this to be the case. “I found a lot of marketers seemed relieved to see our booth and happy to have an opportunity for conversation in person.”
“I was asked many times, ‘do you mind if I ask a stupid question?’” added Caroline. Those “stupid questions,” however, are essential to becoming compliant. If a business doesn’t understand what law it needs to follow, what constitutes data collection, what a data subject access request (DSAR) is, or any of the other compliance 101 topics, it’ll always struggle to minimize its noncompliance risk. Being unafraid of asking so-called “stupid” questions can be the difference between a compliance program that works and a program that just serves as a bandaid.
Osano’s Chief Revenue Officer, Dustin Joost, observed, “It seems like there are two types of marketers: Those who are trying to ignore the problem, and those who are curious enough to seek out solutions that help them navigate the ever-changing privacy landscape.”
Most of the people we talked to fell into the latter category, but there were some marketing professionals who had gone the “check the box” route to get data privacy off their plate. They bought a cheap consent manager that broke their website or required them to become a privacy expert to keep banners compliant.
“One topic that emerged is how much effort people are putting into ‘finding the way around the privacy problem’ as opposed to understanding it and finding partners who can help them navigate through it,” said Dustin. “One example is the number of attendees with U.S.-based companies who are just turning off traffic from outside of the U.S. to get around EU and similar regions’ privacy laws, as opposed to implementing a solution that maximizes both their reach and their compliance, without extra effort.”
While this isn’t an ideal response to data privacy legislation, it is an understandable one. Especially for marketers who haven’t begun their journey into investigating solutions to the challenges presented by compliance, it can seem like becoming compliant will be an expensive and time-consuming ordeal.
Like any other challenge, marketers are looking to solve compliance as quickly and painlessly as possible — only they haven’t investigated enough to know what the quickest and least painful solution is.
That’s when you see companies taking approaches like shutting off EU traffic entirely. Even if a business has no desire to serve EU customers, this is still a temporary solution at best; more and more states are creating their own data privacy laws, and in all likelihood, there will be a federal data privacy regulation eventually.
No matter whether they wanted to learn more or to avoid the issue entirely, a significant number of attendees weren’t ready to jump into compliance feet first.
“Many, while generally aware that they may be out of compliance,” said John, “still seemed to be adhering to a ‘wait-and-see’ approach.”
There were a few common reasons why they had yet to begin working on compliance. Many marketers told John “that their competitors had not yet implemented anything public-facing,” or that there was “a lack of enforcement thus far in the space and a general feeling that data privacy compliance is not a priority.”
This sense that data privacy compliance isn’t urgent can be chalked up to a lack of awareness around the space. Recent events have demonstrated that data privacy is very much an urgent issue.
Consider the recent CCPA enforcement action against Sephora. The popular beauty product retailer was hit with a $1.2 million penalty after:
The urgency around data privacy compliance is underscored by the lack of knowledge we encountered. When enforcement ramps up, when more legislation is passed, and when competitors begin implementing their own compliance programs, will these marketing professionals be ready? With so much to learn, getting up to speed will be a challenge.
The momentum behind data privacy awareness is building. Marketing professionals are starting to ask questions, and they’re facing pressure from other members of their organization. But they just don’t know where to start. That lack of direction is creating a variety of reactions: some are hungry for knowledge, while others just want this problem to go away.
Only it isn’t going to go away.
As experts in the data privacy space, it’s incumbent upon us to provide the critical information marketing professionals need in order to become compliant with data privacy regulations.
For any marketing professionals reading this, we’ve got some well-researched resources you can use to get up to speed:
More than anything, the team is excited to see how things have changed at INBOUND next year. As awareness around data privacy spreads and as businesses begin implementing their compliance programs in earnest, we’ll be thrilled to learn what new challenges marketers are facing and explore ways for Osano to help.
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.