Using tech to deliver superior, multi-channel privacy experiences: A lawyer’s guide

Delivering high-performing, multi-channel privacy experiences can present in-house legal teams, CMOs and CIOs with competing challenges: Legal is concerned with satisfying regulatory requirements and protecting the organization from risk, Marketing is focused on demand generation, and IT is directed to keep the entire infrastructure secure and running at maximum uptime. When business objectives aren’t properly orchestrated the result is a disconnected privacy experience, often manifesting as a “cookiepocalypse” of consent banners. Unfortunately, this has become the depressing norm across many websites. Not only is this frustrating to the user – it can be highly detrimental to both the organization’s legal and business interests.

In my previous blog post, “A legal perspective on how to win the war against cookie consent fatigue”, I argued that it is the responsibility of in-house lawyers to engage with Marketing and IT to embed privacy experiences which are not only compliant with global privacy laws but deliver a superior user experience. This post digs deeper into the technology considerations for delivering privacy experiences across multiple channels, and what lawyers need to know to best support their businesses. 

Place your customer at the center with headless DXP 

Your greatest competitive advantage is your company’s relationship with and knowledge of its customers.  It follows that the more connected your company’s user data, the better the privacy and overall user experience you can provide.  So, the challenge is how to consolidate this data across all your customer touchpoints – website, mobile app, ecommerce store, service center, perhaps brick-and-mortar store – into a single source of truth about your customer. 

For the vast majority of companies using traditional, on-premises content management solutions (CMS), personal data - whether cookies, device IDs, or subscriber information - remains held in disconnected silos across the enterprise. The result? Poor data utilization, an inconsistent and fragmented Privacy UX, and an increased risk of data breaches.  However, with more companies embracing digital transformation and moving away from clunky, multi-platform on-prem systems to omni-channel, headless digital experience models in the cloud, there has never been a better opportunity to make privacy a native part of your company’s digital strategy.  

A headless Digital Experience Platform (DXP), provides a centralized data repository that enables your company to publish content to any location and deliver to any channel. Because everything is held in one place, it allows you to efficiently architect your Privacy UX around customer identity and deliver personalized privacy experiences, securely across platforms and products.  

So when you receive those “Right to be Forgotten” or “Right to Delete” requests, with headless CMS, you and your overworked team do not have to go through each system searching for personal data - it is all in one place. 

Make it seamless with SSO

SSO, otherwise known as “Single Sign On” or “Federated authentication” eliminates the need for your customers and end-users to create and remember additional logins and passwords across hosting environments. It provides a joined-up environment for identity management across your digital touchpoints, removing friction and significantly boosting customer engagement with your marketing activities.  

Additionally, it means that you are less reliant on third-party data and data focused on identifying users, such as contextual data and data collected through forms, and can provide a more unified experience across touchpoints.

It also significantly strengthens data security by regulating and simplifying login access for both your customers and your backend users, closing data breach vulnerabilities and providing centralized visibility and control – all key considerations for in-house lawyers where risk mitigation is a key part of the job. 

Build value through Privacy UX

The ideal privacy experience incorporates customer experience best practices and human-centered design to provide a unified solution that complies with global privacy regulations and delivers a superior user experience. At Crownpeak we call this Privacy UX.  The greater your company’s capability to understand your customer, the greater its ability to compete by building trust and delivering high value, tailored experiences. 

However, be mindful of the information you request from your visitors. The problem is often not that there is too little data but that there is too much. Indeed, with many of today’s decentralized solutions, there is more data feeding into company systems than you will ever know how to use. Instead of being a “value-add,” unmanaged, surplus data becomes a privacy and data breach risk.

Here are my top three tips for building customer profiles:

1. Use a progressive consent solution to incrementally build your customers’ profiles as they engage across channels. Always earn before you ask - clearly demonstrate the value they will be receiving for every piece of data they exchange.
2. Start slowly: Only ask for the information required to identify your customer and help them complete their task (e.g., email, telephone number, user login). Focus on building trust and limiting data collection to only the information you really need. 
3. Always provide your customer with the ability to know, at any time, exactly how and where their data is stored, how it is being used, and how they can manage and control it. 

Protect and differentiate the brand 

Managing privacy requirements in an increasingly dynamic regulatory environment calls for a privacy management solution capable of collecting and governing multi-channel customer consent.  The official California Consumer Privacy Act (CCPA) enforcement date has just passed, along with the second anniversary of the European Union’s General Data Protection Regulation (GDPR), and now with the landmark Schrems II decision, in which the Court of Justice of the European Union ruled the Privacy Shield framework invalid, understanding consent, data mapping, and international transfers in a way that benefits your customer has never been more important.  

Rather than fearing these requirements and treating them as boxes to be ticked, lawyers have a duty to understand the technological approaches that will afford the business the greatest legal protection while delivering value to both the customer and the enterprise. 

Your CIOs, CMOs, and leadership team are relying on you. Be their partner 

Crownpeak is proud to be cited as a Strong Performer in the 2020 Forrester Wave™ Privacy Management Software, Q1 2020 report. To learn more about why Crownpeak may be the right solution for your enterprise, download a copy of the report!