If you are reading this, it’s probably no surprise to you that breaches involving personally identifiable information (PII) have been hazardous to both consumers and brands. For consumers, it has included identity theft, embarrassment or blackmail. And for brands it could mean a loss of trust, legal liability and remediation costs.

This includes obvious identification information such as name, personal identification number, credit card number, address, photo, etc; but also things like educational information and employment information.

Often PII is relegated to the domain of the “Information Security Office” in our organizations. But while the ISO knows the guidelines that need to be followed, they are not in the weeds of the day to day work your marketing and martech teams do in order to win, serve and retain customers.

You might also believe a particular marketing tool is “PII safe”. For example DMPs should not hold any PII information. But what data goes into the DMP is not up-to the DMP vendor, it’s up-to what data your brand captures into it. So if you capture identifiable information within the DMP then the onus is on your organization and not the DMP if there is a data breach to your DMP vendor.

Therefore, it’s important that marketers, analysts and technologists are aware of the following considerations and work in alignment with them, given what is at stake.

Identify PII residing in your Martech stack

You cannot protect PII that you don’t know about. Apart from obvious identification information, also think about items such as birthdays, race, physical characteristics (weight, height) , activities, geographical indicators, educational information, employment info, etc.

Now, all PII is not equal and has a different impact in terms of potential harm that could result to the subject individuals and / or the organization if the PII were inappropriately accessed, used or disclosed. NIST calls this the confidentiality impact level which you could determine based on 4 factors.

Identifiability: How easily can the PII be used to identify specific individuals? For example, an email could more uniquely identify an individual than an ip address, which in turn could more uniquely identify an individual than their telephone area code. There are two other aspects to identifiability in addition to the ability to uniquely distinguish an individual :

• Traceability: Is the information sufficient to make a determination about specific aspects of an individual’s activities? An example is web analytics data that could be traced to a specific individual
• Linkability: Is the information related to an individual logically associated or is there there a possibility of logical association with other information about the individual? As an example, with Web analytics, if you are tracking the interests of a person based on their activities on your website and in your order management system, you are tracking to the individual’s purchase history, then you have linked information, If you also have access to the individual’s twitter handle, then the information associated to the twitter handle in your Martech tools is considered linkable to publicly obtainable information about the individual

Quantity: How many individuals can be identified from the PII? So, if the data in your Analytics or DMP had PII then how many individuals could be impacted? A breach of 1,000 records vs 100,000 records might have different impacts.

Sensitivity: What is the sensitivity of the PII data? A credit card number is more sensitive than an IP address which could be more sensitive than a phone number. Also, what is the sensitivity of multiple PII data fields taken together? A name and credit card number separately may be less sensitive than the data fields taken together.

Context of Use: What is the purpose that the PII is stored or used? The context of use may cause the same types of PII to be assigned different confidentiality impact levels. If you take two lists of retail business containing  Name and email address, where one list is used for people subscribing to email offers, while the other list is for people defaulted on the balance of the credit card issued by the the retailer, then potential impacts to the affected individuals could be significantly different. The confidentiality impact of the first list might be low, while that of the second list might be medium.

Access: What is the nature of authorized access to the PII and the location of PII. Is it accessed more often or by more people in the marketing/IT teams? Is it in multiple vendor tools such as analytics, social listening, DMP, etc? Is it on marketer’s or other employee devices on media that they take offsite? If there are more occurrences, then even with authorized access there could be more opportunities to compromise the confidentiality of the PII.

Examples of PII in a Martech ecosystem

Distingushable Information: Name, Alias, Personal Identification number, SSN, passport, drivers license, credit card, financial account, physical address, email address, IP addresss, MAC address, telephone numbers, photographic image, vehicle registration.

Linkable & traceable information: date of birth, race, religion, weight, activities, geographical indicators, employment information, educational information, financial information, social network handles.

Safeguard PII residing in your Martech stack

Based on FTC Fair information practice, PII should be protected through a combination of measures, inclusing operational and security controls. Not all PII needs to be protected in the same way. The protection mechanism could vary based on teh confidentiality level of the PII. Some mechanisms to protect are the following.

Awareness: The first part is for marketers, marketing analysts and IT teams to become aware of PII and PII confidentiality impacts.

Reduction : Reduce PII to holdings to the absolute minimum necessary for performance of marketing functions. Also, once the collected PII ceases to serve its purpose to marketing, it needs to be destroyed. 

If your brand has a tendency to store and archive “everything” then that ideology will need to be reconsidered to review your brand’s holdings of previously collect PII to determine whether the PII is still relevant and necessary to meet current marketing needs. If the answer is just “yes I need all that data”, your brand has a greater chance of being exposed than if you had the absolute minimum needed PII holdings.

De-identification: Remove or obfuscate enough PII from an access location such that remaining information does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual.

De-identified information could be re-identified through decryption under specific cicumstances and access controls as needed. You could also anonymize the data so that it cannot be reidentified in the future.

Access Enforcement: Work with Martech vendors to implement access control mechanisms for your marketing / IT teams to be able to enforce access control policies.

Conclusion

Today marketers are, more than ever, dealing with data about their customers and prospects. It’s of vital importance that every marketer, marketing analyst and marketing technologist understand these basics of PII and confidentiality impacts related to PII .

Awareness is the first step because it will influence the decisions you make about data within your Martech ecosystem. And it will not only help safeguard both your customers and brand against breaches, but also help you be a responsible marketer who deserves the trust of the people who do business with your brand.