Having worked as a marketing lawyer and as a Chief Data Officer, Sangster recognises that data processes shouldn’t be confined to the marketing department as they eventually touch every part of a business – making data privacy and security issues a company-wide discussion.
Smarter: What would you say is the biggest myth regarding customer data privacy?
Jodie Sangster: I think the biggest myth, particularly in Australia, is that we have very restrictive privacy laws. Actually, in the world of privacy, Australia kind of sits in that middle ground.
If you look at Europe, they've got very restrictive laws, enormous fines that go with it if you get it wrong, and a huge amount of consumer protection around the use of data. [In] Asia, they've got very [few] laws around what you can do with data and so the data practices are much more broad.
In Australia, we've got principles-based law. It allows you to do certain things with data that benefit both the business and the customer in quite a sensible way. But we've got this perception that the law is very restrictive and it makes businesses in Australia very wary about using data. So we often find that companies are holding back more than they need to in their data practices.
Smarter: Should companies approach customer data as a valuable asset or opportunity instead of as a liability or a compliance headache?
Jodie Sangster: Absolutely. At the moment it very much sits in the legal or compliance department within an organisation. Generally, they look at it as, "How do we need to restrict the use of the data?"
But if a company […] thought about ways that they can actually help a customer to trust their brand, that customer will be much more comfortable with the business using their data, will probably allow them [access to] more data, and with that, allow that company to be more customer centric and provide a better experience.
Smarter: Is there a common bad practice or mistake that businesses currently make?
I truly believe that brands that are transparent and clear about how they're going to use the data are the brands that consumers will trust. Once you trust a brand, you're much more likely to be happy with them using your data.
Smarter: Does this create a tension between the temptation to grab as much data as possible, obfuscated behind impenetrable privacy policies, versus being more open and allowing customers to be more involved in the
Jodie Sangster: Yes. We did a large piece of research on this about two years ago. We went out to 1,500 consumers to talk to them about how they felt about their data being used by organisations – particularly for marketing purposes. The very strong response that came back was number one, “Don't collect too much data up front because it makes me feel nervous”.
So only collect the data that you actually need, for the purpose you're going to use it. Over time, as the consumer starts to trust that business more, then ask for more data from me, and build up that relationship.
The second one was, “Please be clear with me about what you're going to do with that data”. If I know, I feel much more comfortable with giving you my information and with you using it in that way.
If they're going to use data in new and different ways, then continually inform me about what's happening with my data.
Smarter: What about when businesses share access and control of that data, such as when managing customer databases and transactions in third party tools like Hubspot, Salesforce or Xero? It can become quite a tangled web, can’t it?
Jodie Sangster: It does become a tangled web. When we did our piece of research, the one standout thing that consumers were really concerned about was that their data was going to be shared and that they haven't got visibility or transparency about the fact that it's going to be passed onto a third party.
So again, we have to be much more transparent about if we're going to share the data with a third party: Be clear about it, be clear about who it's going to be shared with and for what purpose, and give the consumer a choice as to whether or not that happens. That in itself will hopefully increase consumer trust.
Smarter: How would you advise a business to manage these risks?
Jodie Sangster: If the data is kept within Australia [and] if you pass it to a third party in Australia, the privacy of litigation is passed to that third party to keep the data safe, to only use it for the appropriate purposes, etc. But the minute that the data goes outside of Australia, into a different jurisdiction, all of the responsibility for the safety of that data sits with the party that collected it.
Particularly with some of those platforms you mentioned – Salesforce, Xero, and others – that data is actually being held on a server off shore. So you are taking on the responsibility that the third party platform provider is going to do the right thing with the data.
Now that sounds a little scary, but what we've got to bear in mind here is that, [for] those platforms, their whole business is making sure that the data remains safe, secure and that it's not accessed for unwarranted purposes, because if they can't guarantee that, they've got no business.
And read the terms and conditions as to what's going to happen with that data, so there's no shock at a later stage if something's happened with your data that you weren't expecting.
So, it's about choosing suppliers or third parties that have a good reputation and that you really believe are going to do the right thing with the data.
Smarter: Sometimes, consumers may have different attitudes towards what should be allowed, or what constitutes an ethical use of their data. Even if certain data practices are legally or technically okay, can they still be bad for a business because of how they’re perceived?
Jodie Sangster: Absolutely, and it happens. This is not just about legislation.
You mentioned the ethical use of data, and that's where we need to get to. The legislation provides a baseline. It is the foundation: the black and white; right and wrong; what I can do and what I can't do. But sitting above that as a company you have to understand your brand – how you want to be perceived by your customers.
Then you put in place your safeguards. “Our customers will be okay with us using the data in this way but I don't think we should go [beyond] this because that's not going to have the right effect on them.” So there's a massive piece in there around ethics and that is why I believe this doesn't just sit in a compliance department.
It’s why marketing should be so involved with this. Marketing should be the barometer of what a customer feels, how they're perceiving your brand, how they're interacting with you. If we put together compliance and marketing we will probably [achieve] the right outcome for the consumer.
Smarter: What would be your final one line piece of advice?
Jodie Sangster: Trusted brands are going to be the ones that win, as we move into a data-driven future. Now's the time to be looking at how you can become one of those.