More and more publishers are starting to realise the power of data and actively starting to think about how they can best make use of it in order to add additional value to their clients or potentially generate new revenue streams.
But if you’re starting to take data seriously there are some rules that need to be given due consideration. And to my mind the golden rule that needs to be adhered to at all times is: do not use or collect personally identifiable information.
But what is Personally Identifiable Information?
The truth is the exact definition of Personally Identifiable Information (PII) varies country-to-country, which isn’t very helpful. But the essence of any personal data legislation is aimed at protecting individuals from becoming uniquely identified. This means full names, exact addresses, telephone numbers and social security numbers are off limits. Anything that could allow you to arrive at a specific doorstep and introduce yourself to its owner by name is wrong.
If you can reenact, “Doctor Livingstone, I presume?” then it would be safe to assume that you’ve collected too much information.
Why are there regional variations of PII?
At the time of writing Australia, Brazil, Canada, Europe, Hungry, Sweden, Singapore, UK and the US (as well as its individual states) all have their own PII legislation. The reason for this is that most legislation represents the local population’s appetite for privacy and protection. This could explain why India doesn’t currently have any specific data protection and privacy acts!
The type of data that can be collected also varies and reflects cultural nuances. For instance, collecting data and targeting ethnic groups is acceptable in Malaysia but would never be appropriate in Europe. Just as targeting the pink dollar in Australia isn’t right in Indonesia.
You should be sure that you – and your data partners – always meet the highest standards of collection in each country. Time spent researching local PII legislation to ensure that you are sensitive to advertiser’s targeting profiles is definitely time well spent.
How do I find out what the local PII rules are?
A good place to start for an overview is the Web of Trust. Personally Identifiable Information legislation has only been discussed and applied to data collected online for the last five years. It’s evolving all the time so it’s best to check with the governing body under which you operate for full terms, or reach out to your local branch of IAB to find out more about specific countries.
How do I check if my third party data supplier is compliant?
It is your responsibility to use compliant third party data, not your provider to provide it. In much the same way that an accountant might file your tax return, but you need to actually pay the bill. There are no loop holes – the onus is very much you. And the ramifications can be very serious, from potential fines from the ICO through to loss of consumer trust that sees your sales nose dive.
But how do you check? Common sense is probably your best gauge, if it seems too cheap to be true, there could be something fishy going on. The best way to do due diligence on a third party provider is to use our checklist
Should I be worried about PII? Should it stop me considering retargeting or website customisations?
No, definitely not! PII legislation is not something to be afraid of. Most of the time it reflects common sense and you’ll rarely find yourself in a situation when you could be breaking the law. If you’re aiming to target a large, anonymous group that share a similar interest or financial profile it’s very unlikely you’ll have a problem.
It’s worth remembering that not all data is equal, and just because it’s compliant and you’ve collected it, it doesn’t mean you should use it.