A Balancing Act: The Fine Line between Personalization and Privacy

There are two opposing truths at the top-of-mind for chief information officers across the world:
- Customers want personalized, customized experiences to fit their in-the-moment needs.
- Society at large is becoming more and more wary of companies tracking, mining, and, in the case of some companies, monetizing their data.
Customers crave a personalized experience. More than crave it, these days, customers expect it. Amazon, Facebook, and Google provide customized experiences – sharing ads and content that is relevant to you, just at the right time. In a world of too many choices and content overload, we rely on algorithms to make recommendations from our entertainment (thanks Netflix) to our partners (thanks Match.com). This desire for a personalized, tailored experience is not new. In a 2008 study out of the University of Texas, researchers found that “customized experiences were perceived to limit informational overload and increase customer engagement.” In the ever-expanding universe of the internet, personalization brings the right content to the right consumer in the right moment.
But, and here’s the crux of it, personalization could come at a cost: your data. Netflix can’t tell you to watch Bridgerton if you haven’t already binged Outlander. In order to provide that personalized experience, it takes massive amounts of customer data. From your demographics, to your historical browser data, to your purchase history, these things add up to an individual consumer with individual needs. And, with lots of noise across the world in this area, consumers are bringing a new focus to what exactly sharing their data might mean. New regulations around the world – including the California Consumer Privacy Act and the General Data Protection Regulation – are making customer control of their data more visible and legally binding. The advancement of technologies supporting “Big Data” processing combined with customizable artificial intelligence and machine learning algorithms have made the ability to process large volumes of data and create insights accessible to many. This has meant that responsible companies worldwide have implemented initiatives to ensure that the customer is aware of data collected and can make certain decisions to restrict its use, subject to a variety of exceptions which vary by country.
In the world of finance and banking, this data is even more sensitive. Banks have access to your purchase history, credit score and more. These data points are incredibly personal and confidential. Safekeeping this data and using it appropriately to provide relevant and timely offers is paramount to building and maintaining consumer trust.
So how can companies meet the demands of both personalization and data privacy?
- Consent – Consumers must opt-in to data harvesting with full understanding of what their consent means.
- Transparency – Consumers want to know exactly what companies know about them and how they obtained those nuggets of information.
- Control – Consumers want the ability to stop or change permissions easily.
- Technology – Data obfuscation tools as well as access management process areas have evolved over the years and must be always kept current.
Personalization and Privacy solutions need to take these facets into account:
- We need to manage an ever-increasing data footprint: As corporate data continues to grow by leaps and bounds, maintaining accurate information to identify personal and sensitive data demands large-scale solutions and the use of artificial intelligence and machine learning. The need for meaningful “synthetic” data to test out scenarios is critical as is the need to provide the customer a point-in-time view of their data that is being collected. All data, especially sensitive data, must always be protected and customers should have the ability to opt-out if desired.
- All data, especially sensitive data, must always be protected: Technology solutions must restrict access to sensitive data solely on a “need to know basis.” Many firms have advanced evergreen “crawlers” that can consistently check repositories to ensure there is no sensitive data where it should not be. Control, governance and oversight for these repositories are very critical and mandated.
- Data deletion can be tricky: In many cases, data is distributed across multitudes of systems and repositories. Technology will need to evolve to ensure that we can track multiple data repositories simultaneously. Subject to record retention and other requirements, we must be able to truly delete data that the customers want us to delete in all instances, to meet regulatory requirements and customer preferences.
- Data is only good if it is recent: For data to have a real impact on a customer journey, we need to act and react multiple times – often within a single day. Near real-time sourcing and action require robust interconnected solutions, all while guaranteeing customer privacy expectations are met.
In combination, these efforts to personalize while maintaining data privacy and security will ensure a robust user experience that puts the consumer at the helm of their own data. That’s what builds trust and it is only by building trust with customers over time that businesses will thrive!