Melissa asks, as part of the IBM #WinWithAI Summit: “How can enterprises be proactive about data privacy and regulation?”
Want to know why we’re having conversations about data privacy and regulation? It’s because marketing has no governance. It’s the Wild West, with CMOs buying every technology available and no one conducting the orchestra. Marketers need to adopt proven IT standards of governance.
Can’t see anything? Watch it on YouTube here.
Listen to the audio here:
FTC Disclosure: I am an IBM Champion and am compensated by IBM to support and promote IBM events such as the Win With AI Summit.
- Got a question for You Ask, I’ll Answer? Submit it here!
- Subscribe to my weekly newsletter for more useful marketing tips.
- Find older episodes of You Ask, I Answer on my YouTube channel.
- Need help with your company’s data and analytics? Let me know!
What follows is an AI-generated transcript. The transcript may contain errors and is not a substitute for watching the video.
In today’s episode, Melissa asks, as part of the win with AI summit, the IBM summit that I’m attending in New York in September, have a link in the show notes. Full disclosure, IBM is compensating me to attend. She asks, How can enterprises be proactive about privacy and regulation, data privacy and regulation? Well,
why are we asking this question? We’re asking this question, especially within a marketing context, because marketing is the Wild West, right? marketing technology right now is the Wild West has no governance, no oversight, the CMO is buying all sorts crazy stuff, then the the VP of Marketing goes and buy some stuff in the marketing director goes and buys them stuff. And you have all these different technologies. And there’s no regulation, there’s no internal regulation of what’s happening with the deployment of technology. Even though since 2016, the CMO has spent more on it technology, the CIO yet
this nobody’s nobody’s conducting the orchestra. So
what should enterprises be doing? Well, here’s the thing, it figured out a really long time ago that governance is important, even if it is onerous, even if it is not fun. Even if it is it slows down business operations. But because it for decades has been perceived, primarily as a cost center, a lot of the governance around it is designed to make it as efficient as possible to make it compliant as possible with regulations and to help the enterprise grow appropriately within the bounds of regulatory requirements. So what marketers should be doing what anybody who’s working with data should be doing is a hearing to one of the many, many different standards that are available for data privacy,
and for governance of our he overall. And this is for marketers, not for the IT people, marketers need to adopt the same open standards that it people have. The one that I think is the best fit is the ISO 38 500
framework, I saw 38 500
dash 2015, and we actually bring this up here. This is
this framework is designed to help companies be compliant. And if you want a copy of this as a PDF, I’ll put a link in the show notes. It’s available on Trust Insights calm, but the ISO 38 500 framework, but governance of it for the organization covers six functional areas. Six, six concept, responsibility, strategy, acquisition, performance, conformance, and humanity. And each of these areas has rules, has guidelines, has things set out to help a company manage those areas? So under responsibility, this is corporate responsibility. This is business strategy, what is the business going to do? What are the businesses goals, what outcomes are we are we do we care about as a business, that’s the first part. And if that’s not defined, then of course, your your marketing technology is going to be a zoo, and your AI is going to be a zoo. Second is marketing technology strategy or AI strategy, if you will, the infrastructure, the architecture that the the the reason you’re doing stuff, the processes by which you select technologies to buy again, if it’s the Wild West and organization, you don’t have marketing technology strategy, you don’t have somebody saying, This is what we do. This is not what we do, we need tools in this category. We don’t need tools in this category. The tools that we do need have to fit certain requirements. The third is the acquisition. This is the balance sheet. And this is so important, because this is something that companies don’t do in marketing, which is what value does marketing bring? What costs to the marketing? What are the the cost of all the software services, which are typically operating expenses, not capital expenses? What is the capital? What hardware and things what assets Do you have, and especially in marketing technology, and, and really in AI, and data science? What is the value of the IP you’re creating? Remember that one the most important things about artificial intelligence is that you’re creating models, those models have intrinsic economic value, as long as they’re functioning correctly. That is something that has to be accounted for and has a real dollar value. And if you don’t have a balance sheet for your marketing technology and your AI, you are not going to be able to account for the full value of what it is you’re creating. Remember, data isn’t asset models are an asset. The fourth bucket is operations, what do you do? How do you how do you manage your marketing technology, especially security? So going back to the question of data privacy and regulation, how will you managing the security of your marketing technology, most marketers no fence are not active, exactly it wizards to begin with. And so there is a substantial risk of people doing things like leaving PII, personally identifiable information. unencrypted in tables, for example, that’s just a terrible practice buying technologies without vetting them for their compliance to to known standards like ISO 2701 or six sigma, being able to say I guess this this is a a lean and efficient operation operational tool or vendor or things like that. The fifth bucket is risk and compliance This is governance conformance risk management audit, you get to go through things like socks and Kobe and DSS in order to determine that you are complying with regulations. This is the part that everybody hates in governance, but is this is the insurance policy that covers your butt in case something goes wrong, if something goes wrong, you can say, we adhere to all these different compliance standards, all these different security standards, stuff happens. But if you made all reasonable efforts to comply with security regulations with best practices, then you can say, Yes, we made, you know, our best good faith efforts, we’ve complying with everything we possibly can, and things still went sideways, because that happens in life. But if you don’t have that paper trail, you are at significant risk as a marketer, as a marketer, with marketing technology. And the sixth area is change management. This is how do you get people to do more, to be more to be more capable, and to be able to accomplish more with the stuff that you’re giving them. So you’re buying all these marketing technology tools, you’re buying all the AI tools and software and vendors is making a difference and will not have the people don’t use it, not if you don’t have processes in place to, to help people to use it. And so that’s these these six areas. This is how you, you become proactive about data privacy and regulation. You measure on things like business metrics, balanced scorecard, Zach man framework, PCI DSS, Six Sigma capability, Maturity Model, all these different metrics that it again had, it has been working with this stuff for decades. And so if we can bring it into marketing into the CMOS office, into the CMT owes office, if you have one of those people in your organization, this will help you become a better run organization, a better run marketing organization and to use your marketing technology in a more compliant, more intelligent way. If you don’t have this or some other governance framework in place. That is how you become proactive at data privacy. That’s how you become proactive about regulation, you adopt an open standards, and then when things do go sideways, you can say, Yes, we are working we’re at we’re working towards compliance and all these different areas, this areas where you know, something went wrong. And so we’re going to double down on fixing, for example, our adherence to PCI. Okay, that’s something that you can point to, and an auditor and a lawyer and all the people who are involved in things like lawsuits could say, Okay, got it. Or if you’re still struggling, for example, with the implementation or the management of GDPR, even though the date for the deadline of enforcement has passed, there are still a ton of companies who are not in compliance and a working towards compliance was reading through earnings calls recently. And everyone’s saying, Oh, yeah, we’re now just starting to understand the effects of GDPR. Cool. Where was that in your mark tech strategy and your business strategy? How did that impact your balance sheet? How did that impact your operations, everyone focused on the risk and compliance which is appropriate. But now we have to look at the other five areas of this ISO 3500 framework to see the impact of a regulation like GDPR on the business. So great question, complex question. And you’re going to need help doing this, you probably going to need to hire a consulting firm of some kind. If your enterprises big enough, you want to look at something like IBM. IBM has a whole bunch of teams that can do stuff like this, that they’ll send thousands of consultants and you know, eat all your cafeteria food, whatever, but it’s how you can reach those states of compliance. But this is what you need to do. As always, please subscribe to the YouTube channel in the newsletter and I’ll talk to you soon. Take care
you want help with your company’s data and analytics
visit Trust Insights
calm today and let us know how
we can help you
Want to read more like this from Christopher Penn? Get updates here:
Get your copy of Marketing Blue Belt!