What is your personal data really worth and how is it used?
Regardless of the industry you work in, the demographics of your target market, or the types of goods and services you provide, you know that collecting data on your customers helps you improve almost every aspect of your business.
The types of data collected by businesses include various types of data:
- information about a fitness watch,
- a user’s IP address,
- past search queries,
- a user’s location,
- the ads a person clicks on online.
But what exactly are the benefits of collecting this type of consumer data, and what responsibilities do companies have in collecting and storing this data?
What is personal data and why is it so important?
Personal data is “any information that directly or indirectly identifies a natural person” according to the CNIL.
This definition includes many common forms of information, including:
- postal and e-mail addresses,
- telephone numbers,
- driver’s license,
- bank accounts,
- credit cards,
- social Security number.
This data can be very useful for companies to better understand their prospects and launch targeted marketing campaigns.
Used properly, the data helps companies better understand the needs and desires of their customers. It serves as the basis for personalization, improving customer service and creating customer value. They help to understand what works and what doesn’t. They also form the basis for automated and repeatable marketing processes that help companies evolve their operations.
The GAFAMs* (Google, Apple, Facebook, Amazon and Microsoft), for the most part, generate value by exploiting them, selling them (for example, via a data broker) or exchanging them for other data.
*This acronym refers to the five most powerful technology companies: Google, Apple, Facebook, Amazon and Microsoft.
How is personal data collected?
Companies collect data in many different ways, from many different sources. Some collection methods are highly technical in nature, while others are more straightforward and direct.
The consumer data that companies collect can be divided into four categories:
Personal data: This includes personally identifiable information, such as social security number and gender, as well as non-personally identifiable information, including your IP address, web browser cookies, and device identifiers (which your laptop and mobile device have).
Engagement Data: This data concerns how consumers interact with a company’s website, mobile applications, text messages, social media pages, emails, paid advertisements and customer service routes.
Behavioral data: This category refers to transactional details such as purchase histories, product usage information (e.g., repeat actions) and qualitative data (e.g., mouse movement information).
Attitudinal data: This data measures consumer satisfaction, purchase criteria, product desirability, etc.
Customer data can be collected mainly in three ways:
Through direct interactions:
Personal data is requested directly from prospects, through contact forms. This technique is particularly used when you:
- Create an account on a website;
- Request to receive commercial information;
- Place an order for products or services;
- Participate in a contest, promotion or survey;
- Leave a review or comment.
Automated technologies or interactions:
When you interact with a website, data may be collected automatically via your equipment, actions and browsing habits. This personal data is collected using cookies, web servers and other similar technologies.
For example, cookies are text files containing certain information about the user that are stored by the user’s browser on the user’s hard drive. They are present to facilitate your navigation and to personalize the content displayed. They have a limited lifespan and their existence is conditioned by your acceptance.
Third parties or publicly accessible sources:
Data may also be collected from various third parties and public sources, such as:
- Analytics providers, such as Google ;
- Advertising networks (such as Google AdWords);
- Search information providers;
- Technical, payment and delivery service providers;
- Publicly available sources, such as the Commercial and Corporate Register and the Electoral Register.
𝔸𝕣𝕖 𝕪𝕠𝕦 𝕝𝕠𝕠𝕜𝕚𝕟𝕘 𝕗𝕠𝕣 𝕒𝕟 𝕀𝕋 𝕡𝕒𝕣𝕥𝕟𝕖𝕣? 𝔹𝕠𝕔𝕒𝕤𝕒𝕪’𝕤 𝕖𝕩𝕡𝕖𝕣𝕥 𝕥𝕖𝕒𝕞𝕤 𝕒𝕣𝕖 𝕙𝕖𝕣𝕖 𝕥𝕠 𝕤𝕦𝕡𝕡𝕠𝕣𝕥 𝕪𝕠𝕦 𝕚𝕟 𝕪𝕠𝕦𝕣 𝕕𝕚𝕘𝕚𝕥𝕒𝕝 𝕡𝕣𝕠𝕛𝕖𝕔𝕥𝕤. ℂ𝕠𝕟𝕥𝕒𝕔𝕥 𝕦𝕤 𝕥𝕠 𝕜𝕟𝕠𝕨 𝕥𝕙𝕖 𝕤𝕔𝕠𝕡𝕖 𝕠𝕗 𝕠𝕦𝕣 𝕤𝕖𝕣𝕧𝕚𝕔𝕖𝕤.
How is your personal data stored?
Once retrieved, your data is stored in the huge data centers of these companies. In itself, an isolated piece of data is only worth a few cents. On the other hand, several data on the same prospect, are worth gold 💎 in marketing. When this data is analyzed and cross-referenced, it forms a digital ecosystem that can be used to classify different consumer profiles.
The largest databases are held by GAFAMs.
These companies have the largest collection of user data in the world. They are also in a unique position to evaluate this data through algorithms and determine what information is presented to users of their services. In addition, these companies have relatively large financial resources.
Indeed, we all have at least one Google, Amazon, Facebook, Instagram, WhatsApp, LinkedIn, etc. account.
And the scope of GAFAMs goes much further. The healthcare sector, for example, is highly prized by them. In the United States, Google is launching in 2018, Google Cloud Healthcare, an app aimed at gathering several types of 🧑🏼⚕️ health data, including medical records or X-ray images.
This data is then used for analysis, including for artificial intelligence machine learning. In France, between November 2018 and July 2019, Microsoft, Amazon, and Google took turns obtaining “Certification as a health data host.”
What are the security risks of collected personal data?
As you can see, there are a lot of benefits to collecting data, but with those benefits also come specific responsibilities.
The General Data Protection Regulation (GDPR) sets out guidelines for companies to follow when collecting and protecting data. For example, these guidelines call for:
- not to keep data longer than necessary,
- ensure that data is secure, and,
- most importantly, responding to access requests.
Under data regulations, companies are required to provide a copy of the personal data that the organization has collected on individuals (whether they are consumers, employers, or simply people who have visited your website).
All individuals also have the right to see a copy of the data that an organization holds about them and, if they wish, to request its deletion. This is called the “right to be forgotten“.
Organizations must have mechanisms in place not only to protect personal information from compromise, but also to identify, analyze and delete it.
There are also additional requirements for consent from consumers, which must be “freely given, specific, informed and unambiguous”. Consent must be an active and affirmative choice, so that it can ensure, for example, that all employee, customer and business partner data is fully consented to and evidenced.
Achieving Cyber Essentials or ISO/IEC 27001 certification, a government-approved cyber security standard, is recommended to demonstrate good practices. So is conducting a regular pentest to identify and help resolve more complex vulnerabilities related to technology, people and processes.