1. © 2013, HSI
DATA GOVERNANCE
Peg Kuman, CIPM
Vice Chairman, Relevate
Gina Scala
Vice President Education, The DMA

2. © 2013, HSI
What is Data
Governance?

3. © 2013, HSI
Data Governance encompasses:
• Privacy
• Security
• Data Stewardship
• Data Provenance (Rights Management)

4. • Data Privacy
Management
implementing
processes, roles,
controls - all of which
treat information as an
asset that needs
protection.
Privacy

5. • Data Security
protecting your
data against
damage, loss,
danger, and
crime.
Security

6. © 2013, HSI
Data Stewardship
• The intentional collaboration of all the
data stakeholders to insure accurate,
safe, and responsible use of the data and
to insure the longer term sustainability
of both compliance behavior and
business strategy in a sea of changing
technology, laws, and regulations.

7. Data Provenance
• Data Provenance
–Ownership,
–Access,
–Use,
–Rights
Management

8. © 2013, HSI
Benefits of Marketing Data
Governance:
• Let’s you set the corporate tone for your brand
[Social media has robbed us of the ability to
spin the message]
• Engage all stakeholders
• Let’s your company and brand set the gold
standard for best practices and compliance
• Gets you to attribution ROI faster

9. © 2013, HSI
Data Governance Drivers:
• Scale
• Global
• Innovation
• Profit
• Regulation
• The Media

10. © 2013, HSI
Today and Tomorrow
• Part 1: The Big Data Landscape- Light speed-150 minutes of
where we came from and where we are going.
• Part 2: Sourcing, Users, Ownership- things you may not
know, questions you may not have asked, and how to
optimize data use.
• Part 3: Putting the Data to Work - Enhance, enrich, analyze
and model.
• Part 4: Tying It All Together- Use cases on attributions, and
digital successes.

11. © 2013, HSI
Peg’s Promise
• 4 revenue producing ideas that will drive new
growth by the end of Q1 2014
PROFIT
GROWTH
INNOVATION
ATTRIBUTION
INSIGHT

12. © 2013, HSI

13. A few insights from a
BIG fan of BIG DATA
Introducing
Christy UherFerguson
Director,
Communications
Strategy
at Teradata

14. © 2013, HSI
Big and Speed get Attention

15. © 2013, HSI Source: edCetra, 2012

16. © 2013, HSI Source: edCetra, 2012

17. © 2013, HSI Source: edCetra, 2012

18. © 2013, HSI Source: edCetra, 2012

19. © 2013, HSI Source: edCetra, 2012

20. © 2013, HSI Source: edCetra, 2012

21. © 2013, HSI Source: edCetra, 2012

22. THAT’S ENOUGH INFORMATION TO FILL
135.7 BILLION 64 GIG iPADS
Source: edCetra, 2012

23. © 2013, HSI
How did we get here?
• America leads the information revolution!
• USPS established by the Continental Congress in 1775
naming Ben Franklin as the first Post Master General.

24. © 2013, HSI
1744 - Addresses and Lists
• Oh, what to sell?
• In 1744 Benjamin Franklin published a catalog which sold
scientific and academic books by mail and even came
with the world's first mail-order guarantee:
"Those persons who live remote, by sending their orders
and money to B. Franklin may depend on the same justice
as if present.”

25. © 2013, HSI
1848 – HammacherSchlemmer
• In 1848 Alfred Hammacher created a
mail-order business, Hammacher
Schlemmer, in New York City, which sold
tools and hardware.

26. © 2013, HSI
1856 - Orvis
New England Fishing Catalog

27. 1872 – Montgomery Ward
• Aaron Montgomery
Ward is credited with
mass mailing the first
mail-order catalog in
1872 for Montgomery
Ward, his new mail
order business.
• His business grew and
soon his catalog was a
whopping 500+ pages
of shopping delight.

28. 1888 – Sears, Roebuck
• RW Sears sold
watches and jeweler
through self-mailers
in 1888.
• The first Sears and
Roebuck catalog was
in 1894.

29. © 2013, HSI
The Survivors and the Vanished
• All but MW have innovated their brands and
today have migrated to a gentle push to their
best customers…

30. © 2013, HSI

31. © 2013, HSI

32. © 2013, HSI

33. © 2013, HSI

34. © 2013, HSI
And today:

35. © 2013, HSI
Marketing Data…
is the key driver to revenue and profits
across ALL brands,
Both B2C and B2B

36. © 2013, HSI

37. Data Driven Marketing
Has Leverage
• 8.7% GDP
• $168 Billion Spend
• $2.05 Trillion Sales
• 9.2 Million Jobs

38. © 2013, HSI
Revolutionary Changes
“The growing ability to collect and analyze
massive sets of information, known as Big
Data, could lead to revolutionary changes
in business, political and social
enterprises.”
- Pew Internet and American Life Project

39. © 2013, HSI
Effective Government
“From election campaigning to setting
NASA's budget to prepping for the next big
natural disaster, the information derived
from analysis of large data sets is being
used to make governmentmore effective.”
-- The Atlantic

40. THIS CHANGE IS BEING
LOOKED AT BY:
THE MEDIA
REGULATORS
CONSUMERS
©2012 Heart Safety, Inc.

41. Threats Are Growing Every Day
• Congressis investigating data-driven marketers and fundraisers for
basic marketing practices.
• The Federal Trade Commission is telling tall tales about marketing
practices – that a consumer who buys a deep fryer online will be
denied health insurance...and looking to bring nonprofits under its
regulatory reach.
• Consumer activists are using scare tactics – saying that “consumers are
being pinned like insects to a pinboard” by marketers.
• The Pressis slanting the story – reporting that data-driven marketers
and fundraisers are worse than the FBI or the IRS…chipping away at the
trust consumers and donors place in your organizations.

42. © 2013, HSI
We are in a time of
DRASTIC CHANGE
“We are migrating from a PUSH marketing
world to a PULL marketing world, and as
that happens forces and factors will
create NEW INNOVATIVE opportunities
for marketers, and NEW, MORE
RESTRICTIVE points of view from
regulators.”
- Peg Kuman, 2013

43. PUSH
• Creating DEMAND -
where the marketer
controls the message
and the type of
response

44. PULL
• Creating demand where
the responder controls
the message and the
decision how and by
which means to
respond.
• With social media - PULL
allows you to influence the
decision makers…

45. © 2013, HSI
What age are we in?
40’s, 50’s,
60’s
Brand
Creation and
Expansion
Mass Advertising - National Coverage
Internet and e-Commerce
Digital-Social

46. © 2013, HSI
Where are we in terms of
usability?
Available
Usable

47. © 2013, HSI
How much OFFLINE data is there?
• Offline - we have over 100 years of knowledge & data.
• Finite…

48. © 2013, HSI
How much ONLINE data is there?
• Online & Emerging Channels - we have ~ 40 years of
knowledge and ~ 19 years of data.
• Infinite…

49. © 2013, HSI
So, The Rules of the Road for
Offline Data are …
• Are pretty well established
• Possess behaviors that are easy to monitor
• Complicated but, not complex

50. © 2013, HSI
But, then Online comes along…
•ARPANET
1969
•First
email
sent
1971
• BBS Bulletin
Board System
1978
•Usenet
goes
online
1979
•IRC (Internet
Relay Chat)
1988
• 1st Social Site -
Geocities
1994
• The
Globe
1995
•AOL
launches
IM
1997
•Sixdegrees.com
1997

51. © 2013, HSI
And THEN ‘social’ explodes…
• 2002 Friendster
-(3M users first 3 months)
• 2002 LinkedIn
• 2003 MySpace
• 2004 Facebook
• 2006 Twitter
• 2007 Tumblr
• 2009 Foursquare
• 2010 Instagram
• 2012 Pinterest
• More to come…

52. © 2013, HSI
Explosive Statistics
• One out of every seven minutes spent online is on Facebook
• 340 million tweets are sent each and every day
• Pinterest is the social network that skews most heavily
towards female users, whilst Google+ is predominately used
by men
• 300 million pictures are uploaded to Facebook every day via
Instagram
• 61 percent of LinkedIn members use it as their primary
professional networking site
Source: Infographic, .2013

53. © 2013, HSI
Estimated Monthly Unique Visitors
to SNS in August, 2013:
•1,000,000,000 - You Tube
• 750,000,000 – Facebook
• 250,000,000 – Twitter
• 110,000,000 – LinkedIn
• 85,500,000 – Pinterest
• 65,000,000 – Google +
Source:EbizMBA.com
Source: eBizMBA.8.8.2013

54. © 2013, HSI
Social Sites To Watch in 2013
• Pheed- pay as you go access to celebs
• Thumb - personal crowdsourcing
(thumbs up/down)
• Medium - by invitation only- creators
limited, everyone can view (Twitter)
• Chirpify - social conversation platform
for multi-channel campaigns--buying
power with 1 tweet [5% to the payee]

55. Translation:
• Control by PUSH is
GONE!
• Social KILLED it.
• We are learning
how to PULL the
buyer into the
conversation

57. © 2013, HSI
Our SOCIAL world is a
BIG Data world

58. We Live in BIG Data…
• One out of every seven minutes
spent online is on Facebook
• 340 million tweets are sent each and
every day
• Pinterest is the social network that
skews most heavily towards female
users, whilst Google+ is
predominately used by men
• 300 million pictures are uploaded to
Facebook every day via Instagram
• 61 percent of LinkedIn members use
it as their primary professional
networking site
Source: Infographic, 2013

59. © 2013, HSI
What Consumers Do:
Sources: Infographic Digital Buzz Blog,
• Instagram- By May of 2012, 56 photo’s
and a new user was being gained every
second
• 12,000 tweets per second during the
Super Bowl on February 3rd

60. © 2013, HSI
Dataportunity?
What will we do?
• Where are the opportunities?
• Where are the pitfalls?
• And where can you have the most
profitable impact?

61. Oreo dunked a
timely moment during
the Super Bowl’s
unexpected power
outage.
• Oreos tapped into a timely moment
at the Super Bowl during the
unexpected power outage.
• They understood what people are
likely to share.
• Leveraged excellent design
&copywriting.
• Posted across all channels to
increase distribution.
• The real boon was the amount of PR
that was created from a single
image
• This doesn’t just “happen”. Oreo
had
copywriters, designers, marketing
pros & lawyers all together in a war
room which enabled them to create
this slam dunk

62. © 2013, HSI

63. © 2013, HSI
Social Media Enables Targeted Marketing Responses at Individual
Touch Points along the Consumer Decision Journey
2. Respond
To consumers
comments
3. Amplify
Current positive
activity/tone
4. Lead
Changes in sentiment
or behavior
Consider Brand
Monitoring
Crisis
Management
Referrals and
recommendations
Brand content
awareness
Evaluate Product
launches
Buy Targeted deals,
offers
Experience Customer
Service
Fostering
Communities
Customer input
Advocate Brand Advocacy
Bond
1. Monitor
social channels for
trends, insights
Stepsintheconsumerdecisionjourney
Source: McKinsey Social Media Study, 2012

64. © 2013, HSI
Confluence of Multiple Media, Channels, and
Touches
• Pushes all of us into new opportunities
• Experimentation and Testing without
obligation…
• On, on-demand, all the time
• Scale is overwhelming
• Data Governance requires a new roadmap

65. © 2013, HSI
Cases in Point
• Let’s look at this confluence of multiple touch
points and influences…
• To set the stage - some good examples of
multi-channel touch
• How we profit and use the data…
• And where the data governance pieces begin
to fit.

66. © 2013, HSI
P O T T E R Y B A R N

67. © 2013, HSI
Pottery Barn
• 1949 - Began in Lower Manhattan
• 1986 - 21 PB stores bought by Williams-Sonoma, Inc.
• 1987 - First mailing of the Pottery Barn catalog
• 1995 - PB gift registry is launched
• 1999 - Launched Pottery Barn Kids
*Source: Pottery Barn MP Web story

68. © 2013, HSI
PB Multi-Channel Growth - Great PUSH

69. © 2013, HSI

70. © 2013, HSI

71. © 2013, HSI

72. © 2013, HSI

73. © 2013, HSI
PB Multi-Channel Growth
• 196 Stores nationwide
• 150 million+ catalogs a year
• Targeted Daily Online Web Offers
• 2012 William-Sonoma, Inc revenues exceeded $4.0
billion [$1.7B -42% PB]
• DTC Grew 14.5% driven by PB and WE.
*Source: 4/4/2013 Market Watch

74. © 2013, HSI
Let’s Look at Mobile

75. © 2013, HSI
Mobile is PUSH
• All 100% opt-in
• Mobile marketers call ‘PUSH’
a new channel for brands to
better socialize with their
BEST customers

76. © 2013, HSI
App Happy…
• iPhone has over 900K Apps
• Google claims 800K+ for
Android…
• Each App, collects data and
each app has a data-driven
solution…

77. 2013 Top Mobile Apps
• Google Maps
• Facebook
• YouTube
• Google+
• Weixin/WeChat
• Twitter
• Skype
Source: Mashable. 8/2013

78. © 2013, HSI
58 Mobile Minutes….

79. © 2013, HSI
Time and Privacy
• Smartphone owners spend more time today – 58
minutes, than in 2012- 39 minutes, and 2011- 37
minutes.
• A vast majority of SP users (70% in 2011 and 73% in
2012) expressed concern over personal data collection
and 55% wary of sharing information about their
location via smartphone apps.
Source: NielsenWire

80. © 2013, HSI
Mobile is getting bigger…

81. © 2013, HSI
M-Commerce
• The 2012 eMarketer report shows that the
growth in m-commerce sales will be as
follows:
+$11.6 Billion in 2012
+$17.2 Billion in 2013
+$23.7 Billion in 2014
+$31 Billion in 2015
Source: eMarketer 2012 Mobile Commerce Study

82. © 2013, HSI
And Bigger….
• Mobile web adoption is 8 times faster today than
web adoption in the late 1990’s/early 2000’s.
• Speed matters and influences our decisions, our
lives, and our ideas about what’s possible in the
world.
• We are currently on pace to outnumber ‘us’ with 3
times as many smart-phones activated every minute
as there are human births.

83. © 2013, HSI
By the end of 2013:
• Mobile commerce from iPhones =
5% of retail sales
• 56% of mobile users in the US now
use smart phones
• Mobile shopping up
• Social shopping in decline
Source: 1/13/2013 IBM Mobile Report, Pew 2013 Mobile Study,

84. © 2013, HSI
And by the end of 2013
There will be more mobile
devices on Earth than
people.
Source: Cisco, 2013

85. 9 out of 10 Mobile Searches Lead to
Action
and over half
lead to a
purchase
Source: Search Engine Land

86. But what happens to the data
and information that can be
scraped?
Mobile is 100% Opt-in

87. © 2013, HSI
HOW traditional
brands use media to build
“e” responders, accelerate
mobile and engage with
social

88. © 2013, HSI
Data ROI - Social
Nike/Facebook Video
Nike

89. © 2013, HSI
LBM- Location Based Marketing
• Opt-in Mobile
• Meat Pack- Hijack
LBM- shoes…..

92. • SMS, MMS
• Sweeps for $10K Scholarship
• Plus 5 $1K winners
• Buzz, Participation and excitement leading up
to last Friday’s launch….
• The first weekend numbers were: $82MM
Smart Puffs, Disney and Mobile

94. Marketers are embracing the
Mobile channel with
Innovation and Experimentation-
Driving Media and Regulators to
Amplify Their Review

95. © 2013, HSI
Geo—Navigational + Social
• WAZE : GOOGLE
• Company: Waze
• Website: waze.com
• Launch Date:2007
• Funding:
• $67M

96. © 2013, HSI
Google buys Waze- up to 50M users by June

97. © 2013, HSI
Q1 2013
• A rise in active engagement across all social platforms
with Twitter the fastest growing
• Local social platforms continue their decline around
the world with the exception of China and Russia
• Mobile is playing a massive role in driving real-time
active usage of social platforms in all markets
Source: Global Web Index, Stream Social Report Q1 2013

98. © 2013, HSI
Q1 2013
• Older internet users are also driving social platforms
growth globally
• Google+ remains the number 2 social platform in the
world with 359 million monthly active users, Facebook
is number 1
Source: Global Web Index, Stream Social Report Q1 2013

99. © 2013, HSI
• On Twitter the 55-64 year age bracket is the fastest
growing demographic with 79% growth rate since
2012.
• The fastest growing demographic on Facebook’s and
Google+’s networks are the 45 to 54 year age bracket
at 46% and 56% respectively.
Source: Global Web Index, Stream Social Report Q1 2013
Q1 2013

100. © 2013, HSI
As Audiences Get Older Trust is
a Key Factor

101. © 2013, HSI
Trusting Social Media
• Social media engagement requires trust, authenticity and transparency
Nielsen Global Trust in Advertising 2012

102. © 2013, HSI

103. 1. AMEX
2. HP
3. AMAZON
4. IBM
5. USPS
6. P&G
7. USAA
8. NATIONWIDE
9. eBAY
10. INTUIT
11. VERIZON
12. J&J/ FED EX
13. WEB MD
14. WEIGHT WATCHERS
15. US BANK
16. DISNEY
17. MICROSOFT/UNITED HC
18. VISA
19. AT&T
20. MOZILLA
Most Trusted Brands
Ponemon Research Institute Annual Privacy Study, 2012

104. © 2013, HSI
Why are they trusted?
• Privacy Features on Transactional Sites
• Substantial Security Protections were identified as a
trust asset by 60 percent of consumers.
• Accurate Data Collection and Use were cited by 53%
as a trust asset.
• Limits on the Collection of Personal Information and
Online Anonymity were cited as key trust assets.
Ponemon Research Institute Annual Privacy Study, 2012

105. © 2013, HSI
What Consumers Fear Most
• Losing Control of Personal Information. Only 35
percent of consumers feel they have control over
their personal information, down from 41% last
year and an overall drop from 56 percent in 2006.
• Identity theft. 61% percent of consumers said
fear of identity theft was a major factor in
brand trust diminishment, and 73 percent said
notice of a data breach was a factor.
• Abuse of Civil Liberties.
Ponemon Research Institute Annual Privacy Study, 2012

106. © 2013, HSI
Fear and Trust =
A formula for Regulatory and
Congressional Review– even
though the Government is the
number 1 least trusted
organization by consumers.

107. © 2013, HSI
And so: The FTC Tackles Mobile
• Should’s for Mobile Platforms
• Should’s for App Developers
• Should’s for Ad Networks and 3rd Parties
• Can’s for Trade Associations,
Researchers, Privacy Experts

108. © 2013, HSI
Mobile Platforms Should:
• Provide just-in-time disclosures to
consumers and obtain their
affirmative express consent before
allowing apps to access sensitive
content like geolocation;

109. © 2013, HSI
Mobile Platforms Should:
• Consider providing just-in-time
disclosures and obtaining
affirmative express consent for
other content that consumers would
find sensitive in many contexts, such
as contacts, photos, calendar
entries, or the recording of audio or
video content;

110. © 2013, HSI
Mobile Platforms Should:
• Consider developing a one-stop
“dashboard” approach to allow
consumers to review the types of
content accessed by the apps they
have downloaded;

111. © 2013, HSI
Mobile Platforms Should:
• Consider developing icons to depict the
transmission of user data;
• Promote app developer best
practices. For example, platforms can
require developers to make privacy
disclosures, reasonably enforce
these requirements, and educate app
developers;

112. © 2013, HSI
Mobile Platforms Should:
• Consider providing consumers with
clear disclosures about the extent to
which platforms review apps prior to
making them available for download in
the app stores and conduct compliance
checks after the apps have been placed
in the app stores; and

113. © 2013, HSI
Mobile Platforms Should:
• Consider offering a Do Not Track (DNT)
mechanism for smartphone users. A
mobile DNT mechanism, which a majority
of the Commission has endorsed, would
allow consumers to choose to prevent
tracking by ad networks or other third
parties as they navigate among apps on
their phones.

114. And Congress is Full of Ideas
In the 113th Congress, legislators
in both the House and Senate
rushed to “make their marks” on
the privacy and data security
debates by introducing bills
focusing on various issues…
- Data “Brokers”
- “Comprehensive” privacy
- “Do Not Track”
- Kids privacy
- Geo-locational privacy
- Data security/data breach

115. © 2013, HSI
Good, Big and Ugly
Whether you think Snowden is
a whistle-blower or a traitor, no
matter. But know that very
bad, ugly mean individuals and
organizations are trying to
disrupt the social order by
theft, hack and breach.

116. © 2013, HSI

117. © 2013, HSI
Data Loss Incidents 2003-
2013
Source: Open Security Foundation, DataLossDB
0
200
400
600
800
1000
1200
1400
1600
2003 2006 2010 2011 2012
2013=692
as of Sept.

118. Incidents By Loca on- 2003-2013
Government- 18%
Medical- 15%
Educa on- 15%
Businesses-52%
Source: Open Security Foundation, DataLossDB

119. Incidents By Type- 2012-2013 YTD
Hack- 56%
Fraud- 9%
Web- 5%
Stolen Laptop- 7%
Stolen Docs- 3%
Email- 2%
Virus- 2%
Stolen Drive- 2%
Unknown- 13%
Postal Mail- 3%
Source: Open Security Foundation, DataLossDB
Incidents By Type 2012-2013 YTD

120. Top Target Countries for Hackers

121. © 2013, HSI
Who Tracks This?
• The Open Security Foundation (OSF) is a 501(c)(3)
non-profit public organization founded and operated
by information security enthusiasts, formed to
empower all types of organizations by providing
knowledge and resources so that they may properly
detect, protect, and mitigate information security risks.
• The Foundation established the DataLoss
Database, a free and open resource for the collection
and dissemination of data loss incident-related
information.

122. © 2013, HSI
Customer View and Marketing
Fear, Theft, Breach, Bad behavior dial
up the need for consolidated Data
Governance that must include
Marketing Data.

123. © 2013, HSI
Criminal Data Breach Video
Anti Sec I

124. © 2013, HSI
Unintentional Data Loss Video
Toy Story 2

125. © 2013, HSI
DATA GOVERNANCE
Peg Kuman, CIPM
Vice Chairman, Relevate
Gina Scala
Vice President Education, The DMA

126. © 2013, HSI

127. © 2013, HSI
WHAT WE KNOW:
• Marketing use is still evolving…and will continue to do
so
• What works and why - we remain in the test, re-
test, and “Lemming” phase
• Everyone has access, everyone has data, it remains
unclear still what works and why - and importantly if
we (the marketers) do not define the rules of the
road, the regulators will.

128. © 2013, HSI
Sourcing, Typing and Classifying
Control
Minimize
Risk
Insight and
Growth

129. © 2013, HSI
Data is a collection of facts – such as
values or measurements - it can be:
 Numbers
 Words
 Measurements
 Observations
 Descriptions
 Actions

130. © 2013, HSI
Classifying Data-
• Data is either:
• Quantitative,
• Qualitative,
• Or a blend of both.
• Quantitative Data - DEFINES
• The HH has 2 children
• Qualitative Data - DESCRIBES
• The HH buys online

131. © 2013, HSI
What is Marketing Data?
• Marketing Data - is a collection of facts that when
looked at together becomes information that can be
acted upon to inform, sell, service…

132. © 2013, HSI
Where does it all come from?
Marketing data comes from –
• your prospects
• your customers
• your partners
• third party data providers
MARKETING DATA DEFINES YOUR AUDIENCE

133. © 2013, HSI
Where does it all come from?
Marketing data comes from all corners of your brand
- your marketing initiatives
- retail spaces
- websites
- social media
- customer service reps
- your sales team
- surveys

134. © 2013, HSI
Where does it all come from?
• Marketing data also comes in the form of:
• Brand mentions from Facebook and Twitter
• From collected social conversations around a
much more basic topic.
• From website analytics in the form of tracking
conversions, clicks, bounce rates, search
keywords and more…
Where else can
you think of?

135. © 2013, HSI
What does it look like?
• The customers and prospects information
may include:
• names
• email addresses
• physical addresses
• telephone numbers
• categorical interest
• and more…

136. © 2013, HSI
What does it look like?
• The customers and prospects information
may also include:
• attitudes
• sentiments
• opinions
• locations
• relationships
• click-throughs’ & browsing
• and more…

137. © 2013, HSI
Sourced Through:
• Customer transactions
• 3rd Party Data [demo’s, psycho's, firmo’s]
• 1st Party Data [demo’s, psycho's, firmo’s]
• Publicly Available Data
• Public Records Data
• Traded or Exchanged Data
• Scraped, Compiled, or Aggregated Data
• Modeled/Behavioral Data
• Online
• Offline

138. © 2013, HSI
Sources for Marketing Data
• Examples:
Customer Transactions
 Inquiry, Request for Info, Survey
 Order Placement/Purchase
 Application for:
• credit
• insurance
• loan
• mortgage
• college
• employment
• refund…

139. © 2013, HSI
First Party Data - The ‘Owner’
• In the Offline world -
• The company that owns the data -
customer files, customer
transactions, survey
responders, inquiries
• In the Online world -
• The entity that owns and controls the
domain

140. © 2013, HSI
Third Party Data
• In the Offline world -
• Data that is compiled, aggregated, assembled from
public or proprietary (1st Party) Sources about
consumers or businesses
• In the Online world -
• An entity that is not reasonably affiliated or not
affiliated at all with the consumers or businesses
• Company(ies) classified as a third party data collector
which collects data through Domains it does not own

141. © 2013, HSI
Third Party Data
• Be Informed:
• Know who the providers are, know their
privacy and information policies and
practices
• Know where their data comes from
• Know its accuracy
• Know its currency

142. © 2013, HSI
Online Third Party Data
• Third Party Data Collection
• Defined by Companies that collect either PII
or non-personally identifiable data about
individuals, usually without the individual's
knowledge, over a period time through a
Domain or network of Domains not owned
by that Company.

143. © 2013, HSI
Online Third Party Data
• Third Party Data Collection
• The Company uses a Domain to collect the
information that is different from the Domain(s)
upon where the data is being collected. The data
is collected using technologies such as HTTP
cookies, web beacons, tracking JavaScripts, or
Flash LSOs. [Local Shared Objects] This differs
from First Party collection of data where typically
the collection of data is restricted to a Domain
that is owned by the First Party.

144. © 2013, HSI
Online Third Party Data
» There are different types of Third Party Data Collectors
not all of which collect data for marketing purposes.
» Typically those that use data for marketing purposes
include:
• Advertisers
• Ad Exchanges
• Ad Networks
• Ad Platforms
• Data Aggregators/Exchanges
• Market Research companies, and the like

145. © 2013, HSI
Third Party Data
• Not all Third Party Data Collectors collect data for the
purposes of marketing but provide a fundamental
service for the functioning of websites.
» Some of these types of Third Party Data Collectors
include:
• Publishers,
• Service Providers,
• Web Analytics Providers, and
• Widget Providers.

146. © 2013, HSI
Types of Marketing Data
1. PII and Sensitive Data
2. Public
3. Private/IP
4. Anonymized

147. © 2013, HSI
1. PII - Personally Identifiable
Information
• PII is Personally Identifiable Information
• Information that can be used to distinguish
or trace someone’s identity.
• In other words: Any information that is linked
or linkable to a specified individual.
• Source OMB/2007

148. © 2013, HSI
DMA: PII
• Marketers should be sensitive to the
issue of consumer privacy and should
only
collect, combine, rent, sell, exchange, or
use marketing data.
• Marketing data should be used only for
marketing purposes.

149. © 2013, HSI
Examples of PII
Health Related PII-
 Illnesses or conditions
 Treatments for those illnesses or conditions, such as
prescription drugs, medical procedures, devices or
supplies
 Or Treatments received from doctors (or other
healthcare providers), at hospitals, at clinics, or at
other medical treatment facilities

150. © 2013, HSI
Sensitive or Intimate
Information
• Data and selection criteria that by reasonable
standards may be considered sensitive and/or
intimate should not be disclosed, be displayed, or
provide the basis for lists made available for
rental, sale or exchange when there is a reasonable
expectation by the consumer that the information
will be kept confidential.

151. © 2013, HSI
PII – Credit Card Numbers
• Credit card numbers, checking account
numbers, and debit account numbers are
considered to be personal information.
• Therefore these should not be
transferred, rented, sold, or exchanged when there
is a reasonable expectation by the consumer that
the information will be kept confidential….or
otherwise made public by direct marketers.

152. © 2013, HSI
PII – SS Numbers
• Social Security numbers are also considered
to be personal.
• Social Security numbers, however, are used
by direct marketers as part of the process of
extending credit to consumers or for
matching or verification purposes.

153. © 2013, HSI
Linked Information
• Information about an individual that
is linked or linkable to one of the PII
attributes
(e.g., date of birth, place of
birth, race, religion, weight, activities, geographical
indicators, employment information, medical
information, education information, financial
information).

154. © 2013, HSI
Even in Digital Marketing
• ALL information that can be
linked back to an individual is
considered PII

155. © 2013, HSI
Context
• Identifiability. Organizations should evaluate how easily PII
can be used to identify specific individuals. For example, a
SSN uniquely and directly identifies an individual, whereas a
telephone area code identifies a set of people.
• Quantity of PII. Organizations should consider how many
individuals can be identified from the PII. Breaches of 25
records and 25 million records may have different impacts.
The PII confidentiality impact level should only be raised and
not lowered based on this factor.

156. © 2013, HSI
Context
• Data Field Sensitivity. Organizations should
evaluate the sensitivity of each individual PII
data field.
• For example, an individual‘s SSN or financial
account number is generally more sensitive
than an individual‘s phone number or ZIP
Code. Organizations should also evaluate the
sensitivity of the PII data fields when
combined.

157. © 2013, HSI
Context of Use
• Context of Use. Organizations should evaluate the context of
use—the purpose for which the PII is
collected, stored, used, processed, disclosed, or disseminated.
The context of use may cause the same PII data elements to be
assigned different PII confidentiality impact levels based on their
use.
• For example, suppose that an organization has two lists that
contain the same PII data fields (e.g., name, address, phone
number). The first list is people who subscribe to a general-
interest newsletter produced by the organization, and the second
list is people who work undercover in law enforcement. If the
confidentiality of the lists is breached, the potential impacts to
the affected individuals and to the organization are significantly
different for each list.

158. © 2013, HSI
Non-PII
Context
PII
Can be linked
To an individual
Sensitive PII
SSN
Health Related Info
Account Information
DOB
Race
Religion
Cannot be
linked to an
individual

159. © 2013, HSI
PII Summary - Marketing
• Name linked to Address
• Email Address linked to N/A
• Name linked to Phone

160. © 2013, HSI
PII Summary- Sensitive
• Medical Records
• Biometric Information
• Place of Birth
• SSN
• Personnel Records
• Cite CA SC Decision

161. © 2013, HSI
Protecting PII
1. Required by Law
1. Prevents Identity Theft
2. Best Practice

162. © 2013, HSI
2. Public Data
• Data and information that is in the
public domain. Not private.
Examples:
• Public Directories
• Public Filings (Deeds, UCC)
• Census Data
• Government Subsidized Data

163. © 2013, HSI

164. © 2013, HSI
3. Private/IP- can be PII or
Non-PII
• Data that is private:
• Data not shared and unique to the company
based on non-shared information from
customers, clients, vendors.
• Data that is deemed company intellectual
property.

165. © 2013, HSI
Private/IP cont’d
Examples:
• Customer Transactional Data
• Contractual
• Customer/Share of Wallet
• Customer Provided Information
• Confluence of Company Data Points

166. © 2013, HSI
4. Anonymized Data
» Anonymous data is defined in numerous ways
depending on the data type, collection method and
use.
For example: Data that by virtue of the method of
collection can never reasonably be connected with the
person providing them.
Data that is anonymized using de-anonymizing data
identifiers such as dynamic cookies - used in the
aggregate for ad serving.

167. © 2013, HSI
4. Anonymized Data
» Using cookies to anonymize data:
• Cookies are machine specific and work in
a name/value pair.
• They are data, not a program and cannot
‘do’ anything.

168. © 2013, HSI
Cookie Shortfalls
• Cookies get erased
• People use multiple machines
• People often share a machine
• Cookies have a shelf-life

169. © 2013, HSI
Cookie Benefits
• Improved user experience
• Ad serving and re-marketing completely
anonymous
• No PII and no chance to re-engineer

170. © 2013, HSI
Unpacking AnonymizedData
• Can you truly anonymize data?
• PII conversion to cookies using IP and email addresses
• Eliminating any individual identifiable data (HIPPA)
• Encoding, Encrypting
• Re-identification
Thoughts?

171. © 2013, HSI
What’s After Cookies?
“The Web Cookie Is Dying. Here's The Creepier
Technology That Comes Next”
Source: Forbes.com 06/17/2013 Photo Credit: COPA

172. © 2013, HSI
Why Fingerprinting?

173. © 2013, HSI
It Eliminates Cookies Flaws
• Fingerprinting allows a web site to look at the
characteristics of a computer such as what
plugins and software you have installed, the
size of the screen, the time zone, fonts and
other features of any particular
machine. These form a unique signature just
like random skin patterns on a finger.

174. © 2013, HSI
And- Cookies don’t work on mobile

175. © 2013, HSI
Scale
• The Electronic Frontier Foundation has found
that 94% of browsers that use Flash or Java –
which enable key features in Internet browsing –
had unique identities.
• That’s a higher percentage than cookie matches-
which range from 40-60%...

176. © 2013, HSI
My browser has
21.67 bits of uniquity

177. © 2013, HSI
Panopticlick
https://panopticlick.eff.org

178. © 2013, HSI
The Marketing Data Eco System
Transactional
Data
Sensitive
Data
Marketing
Data
Credit Data
Summarized
Credit Data
Anonymized
Data
Modeled
Data
Analytics/
Insight

179. © 2013, HSI
Data Use is Complex!
• Where does it reside?
• How is it classified?
• How is it defined?
• Who uses it?
• Who needs access?
• How is it accessed, transmitted, shared, enhanced, and
destroyed (or not)?

180. © 2013, HSI
Connecting Use to Where
Data Resides
1. List all of the locations your data resides (that
you are aware of).
2. How is that data classified?
3. Who has access?
4. How do they access it?

181. © 2013, HSI
Data Use
Show of hands:
•How many of you have ever sent data via email?
•Unencrypted?
•Unzipped?
Photo Ref: http://www.maximumpc.com/article/news/aol_raise_your_hand_if_you_want_lose_your_job

182. © 2013, HSI
Data Use
Does Data Have a Life-cycle?
• Data comes from
inception, aggregation, compilation, licen
se…
• But does data ever retire, and when
should it, or should it ever, be destroyed?

183. © 2013, HSI
Life-cycle Determinants –
Keep forever or Kill
» Frequency of updates
» Changes in the data itself
• (deceased, moved, preference
changes, marital status)
» Compulsory

184. Controlling Data Use
–Physical Controls
–Virtual Controls
–Contractual
Controls
–Audit Rights
Who has access?
Who controls
access?

185. © 2013, HSI
Vulnerabilities
for Use and Misuse

186. © 2013, HSI
Removable Media
• How many times have you used a
thumb drive… and how do you control
among those who have data access?
• Is is part of policy and does every
employee have sign off?

187. © 2013, HSI
ACCESS
• What do your employees have?
• What do they know, what do they see?
• Contact Lists
• NDA’s, Contracts, Policies – Training
• Affidavit of Compliance
• Staff with remote access – controls and monitors

188. © 2013, HSI
How Do You Handle
Media Disposal?
End of life policies for data:
• Do your business contracts address
this?
• Does you consumer data policy inform
and address?
• Should you address at all?

189. © 2013, HSI
Wireless Networking
• Are you and your colleagues trained on
the basics? [i.e. turn off sharing, enable
firewalls etc.]
• Do you have and require a VPN?
• Do you restrict remote data access?

190. © 2013, HSI
Electronic Messaging
IM and SMS – limited use?
• Gchat
• Skype
• AIM
• Facebook
• Twitter

191. © 2013, HSI
Mobile Devices and
Acceptable Use
• Laptops, PDA’s, and Remote Access
• What should mobile users know?

192. © 2013, HSI
Best Practices for
Managing Use and Access
•Know your inventory:
•By Application
•By Location
•Know your users:
•Internal
•External

193. © 2013, HSI
Best Practices for
Managing Use and Access
• Communicate access rules to all
• Create Policies, Processes, and Procedures
• Communicate necessary policies to all
stakeholders, including
customers, vendors, partners, and employees
• Regularly review and update/change

194. © 2013, HSI
Data Provenance
• Who owns the data?

195. © 2013, HSI
So, Who owns the data?
•The primary source?
•The aggregator/compiler?
•The enhancer?
•The consumer?
Thoughts?

196. © 2013, HSI
Who owns the data & data agreements?
• Rental
• License
• Co-op’s
• Shared
• Exchanged
At what point in time does ownership change hands?
Thoughts?

197. © 2013, HSI
Defining Data Ownership is Difficult
• We share, friend, check in and tweet our every move.
• We log on, log in, and browse.
• We swipe loyalty cards and enter frequent flyer
numbers.
• We leave a trail of digital breadcrumbs in our wake.
• But, as we use the Internet for “free”, we have to
remember that if we’re not paying for
something, we’re not the customer. We are in fact, a
product. A data set.

198. © 2013, HSI
Why Data Ownership is Difficult
• Our laws have focused on physical ownership or assets
that couldn’t be easily duplicated.
• Technology, from copying devices to recording devices
have changed the thinking.
• BUT - it’s not just our ability to replicate that makes
data different - it is how it is used that defines its
value.

199. © 2013, HSI
It’s What We As Marketers Do With Data…
• The important question isn’t who owns the
data. Ultimately, we all do. A better question
is, who owns the means of analysis? Because
that’s how you get the right information in the
right place.
• The discussion shouldn’t be about who owns
data — it should focus on who can put the
data to work.

200. © 2013, HSI
We Are All Data Stewards
• Accurate, Safe, Responsible
Use of the Data
• We will view the impact of
monetizing the data asset on
DG

201. © 2013, HSI
DATA GOVERNANCE
Peg Kuman, CIPM
Vice Chairman, Relevate
Gina Scala
Vice President Education, The DMA

202. © 2013, HSI

203. © 2013, HSI
Circling Back
Putting the Data to Work:

204. © 2013, HSI
Cracking the Code-
A work in progress

205. © 2013, HSI
Getting to Attribution
ROIOffline
Data
Ecomm
Data
Digital
Data
Social
Data
Enhanced
Data
Behavioral
Data
Multi
Touch
Tracking

206. © 2013, HSI
Discovery
• What are you doing to drive response today?
• What will you be adding?
• How are you caching the responses?
• Are you tracking multi-channel touches?
• Are you tracking multi-channel response?
• Is it important?

207. © 2013, HSI
Where Does The Customer
Interface Occur?
• Social
• Digital
• On-line
• Off-line
• Where are the locators?
• Where are the problems? (POS, Call Center)

208. © 2013, HSI
Who is your customer?
• Transactional and Behavioral
• Building persona’s
• Implementing the Models
• Test and test and refine and test

209. What is Your Spending By Channel?
• Print
• Broadcast
• Direct Mail
• In Store / Face-to-Face
• E-mail
• Social
– Blog
– Tweets
– Likes
• Digital
– E-commerce
– Display
• Search
• Mobile
– SMS
– Web
– Commerce

210. What is Your Spending By…
• SKU? • Segment?

211. © 2013, HSI
Tracking Frequency of Response
• To understand how channel performs
• To identify channel preferences
• To figure out best campaign frequency
• To understand a segment’s patterns

212. © 2013, HSI

213. © 2013, HSI

214. © 2013, HSI

215. © 2013, HSI

216. © 2013, HSI

217. © 2013, HSI

218. © 2013, HSI

219. © 2013, HSI

220. © 2013, HSI

221. © 2013, HSI

222. © 2013, HSI

223. © 2013, HSI

224. © 2013, HSI
Finding the Bright Lines
• Unknowns
• Market Oppy- opportunity segments, channels
• Staged approach
• Keep what’s working while you build insight

225. © 2013, HSI
Big Data / Changing Structure
Analytics
Attribution
Marketing
Intelligence
and Insight

226. © 2013, HSI
Structure Changes When
Looking at the Data Ecosystem
Holistically-
• Shared
• Not Shared
• Anonymized

227. © 2013, HSI
Death by Silo

228. © 2013, HSI
Old Data Governance

229. © 2013, HSI
Old Data Governance

230. © 2013, HSI
New Data Governance
• Positioning and integrating allbusiness
functionsinto your data governance mix
throughout your organization- and
across all of your brands
• Focus on collaboration

231. © 2013, HSI
New Data Governance

232. © 2013, HSI
DATA GOVERNANCE
Peg Kuman, CIPM
Vice Chairman, Relevate
Gina Scala
Vice President Education, The DMA

233. © 2013, HSI

234. © 2013, HSI
Business Cases –
Success and Failure:
• Case Study: Global Differences
• Case Study: Gold Standard of Consent
• Case Study: Dysfunctional Family

235. The Stakeholders
• InfoSec
• Sales/Biz Dev
• Marketing
• C-Suite
• IT/Technology and Infrastructure
• HR
• Vendors/Partners
• Customers
• KYC
• Who else can you
think of?

236. © 2013, HSI
Why We Need Best Practice:
Data as The Regulators See It:
Pizza Pie Order

237. © 2013, HSI
Best Practices
Marketing Data Governance

238. © 2013, HSI
Key Safe Harbor Principles
1. Notice
2. Choice and Opt-out
3. Onward Transfer
4. Access
5. Security
6. Data Integrity
7. Advocacy/Enforcement
* Adapted from the DOC US/Swiss Safe Harbor Framework

239. © 2013, HSI
Notice – Defined
Providing notification to your customers
and prospects how you collect and use
information about them.
This should include points of contact
internally, and third party disclosures
and limits of use, or not.

240. © 2013, HSI
Examples of Notice
Google, Facebook, Apple and most major
brands tell the customer that their use of
data is to help them help you focus on
your user experience….

241. © 2013, HSI
Choice and Opt-Out
Give consumers the opportunity to
choose whether their PI will be disclosed
to a third party for a different use than
which it was intended, and for sensitive
information give an affirmative (explicit)
opt-out.

242. © 2013, HSI
Disney
• Provides for Categorical Opt-Out.
• They clearly state how information is used and provide
clear language on personal control and choice including
quick links.
• http://corporate.disney.go.com/corporate/pp.html#DIMG%20Q
uestion%205

243. © 2013, HSI
Onward Transfer
The act of notifying the individual
customer prior to disclosing PI to a third
party and allowing the individual the
choice to opt-out.

244. Onward Transfer Examples
• If it is necessary to
respond to a
subpoena, court
order, or legal
process, or to exercise
your rights to defend
against legal claims.

245. © 2013, HSI
Access
• Allowing the individual consumer the ability
to access their PI and allow the individual to
correct, amend, or delete inaccurate
information – except where the burden or
expense of providing access would be
disproportionate to the privacy risks of the
individual, or where the rights of persons
other than the individual would be violated.
• This is a controversial hot button topic!

246. © 2013, HSI
Data Security
• Taking reasonable steps to protect your data
and information from loss, misuse and
unauthorized
access, disclosure, alteration, and
destruction. That you have in place
physical, electronic, and managerial
procedures to do same. And, note that you
cannot guarantee the security of information
on or transmitted via the internet.

247. © 2013, HSI
Data Integrity
• When processing PII, it should be done
in a way that is compatible with, and
relevant to the purpose for which it was
collected or authorized by the
individual consumer. You should take
steps to insure that all PI is
accurate, complete, current, and
reliable for its intended use.

248. © 2013, HSI
Data Integrity Examples
• Business Rules for Standardization
• Clean and Updated
• Capture Customer Driven Changes
[COA’s, Nixies, POS corrections]
• Siloed PI/Marketing Data

249. Advocacy/Enforcement
Employ a self-assessment
approach to assure
compliance with your
privacy policy and
periodically verify that the
policy is
accurate, comprehensive,
prominently
displayed, complete, and
accessible.

250. © 2013, HSI
What It Takes
The process is ongoing and should be ever-changing as you innovate and add new
data capabilities, new data, new devices, new services, and even new brands.
Balance, Budget, and Buy-in.
Data Provenance
Data Stewardship
Security
Privacy
Ideal MDG

251. © 2013, HSI
In Closing
Marketing Data, big or small, is just a piece to a
much larger puzzle. Striking a balance between
marketing innovation and best practices will
afford our businesses the opportunity to
experiment, create, and grow freely and
without fear of regulation.
~Peg Kuman, 2013

252. © 2013, HSI

253. Want More Info?
Contact Us!
• Peg Kuman:
pkuman@relevategroup
.com
• Gina Scala:
gscala@the-dma.org
Join Us!
www.dmadatagovernance.org
Data Matters: Governance &
Best Practice
December 12-13th - New York
March 31- April 1 – Chicago