'Privacy-by-Design' Is Crucial, but Not Easy or Cheap

4Info Put Itself through a Rigorous Data-Privacy Process

By Published on .

For many marketers, data privacy and security concerns still take a backseat to bright, shiny advancements in targeting.

That didn't stop ad-tech firm 4Info from self-imposing a rigorous process to ensure the data it gathers, shares and uses to aim mobile ads at consumers is protected and near-impossible to connect to an individual. In doing so, the company incorporated privacy-by-design, a practice oft-discussed in privacy circles yet new if not unknown to most marketers.

The cost alone is daunting: 4Info said it spends at least 30% more to store data in a way that helps prevent privacy infringements than it would cost if it stowed its data in a less-secure manner. That means spreading data points associated with a specific user ID across several servers located in multiple physical locations so it cannot be compiled easily into one user profile by outside systems or hackers.

The AdHaven Bullseye system, launched by 4Info in March 2013, connects information from advertisers' own customer databases with household, purchase and other demographic and psychographic data from partners including Acxiom and Nielsen Catalina Solutions. The idea is to aim mobile ads at people who are actual customers or have had interactions with advertisers, rather than simply targeting audiences based on the mobile apps they use. And, in turn, clients use the system to determine whether those mobile ads drove people to buy in their stores.

It took the firm around a year-and-a-half to develop its latest mobile ad targeting product, and a good chunk of that time was spent figuring out the privacy side of the equation. "Twenty percent of our time including that of engineers was spent either in meetings or in conversations with folks about privacy," said 4Info CEO Tim Jenkins. "It was hundreds and hundreds and hundreds of man hours."

In addition to incorporating privacy protections from a technical and engineering standpoint, the process involved lots of legal consultation and several meetings with data partners and key brand clients -- including a large CPG brand. "We went through a very early privacy review with one of the largest CPG brands," said Mr. Jenkins, who would not name the company. "It was literally a four-month review."

Sometimes project collaborators on the legal, client and engineering sides didn't see the need to be quite as stringent about ensuring consumer privacy as others on the 4Info team were, said Mr. Jenkins. "There were some very unfriendly calls."

Privacy is a new conversation
Indeed, privacy simply is not top of mind for many in the ad industry.

"I do work with a lot of pretty significant blue-chip clients and they're more enamored of how efficient highly targeted marketing can be," said Jessica Kernan, chief strategy officer, North America at RAPP. However, when asked whether the same clients express concerns about privacy when initially devising marketing efforts, she said, "I wish I could say that they are."

While privacy and security protections are more inherent for financial services, healthcare clients and some retailers working with RAPP, Ms. Kernan suggested that others such as CPG brands care more about "how can we get more one-to-one in our communications…. For people who are thinking about marketing communications it's a very new conversation."

"Advertisers want to push limits," said Kirsten McMullen, 4Info's chief privacy officer, who took up that role after serving as the firm's marketing director. "We run it by privacy counsel first."

Despite the fact that most marketers don't always think privacy-first, said Ms. Kernan, "I've found every marketer that I've communicated to about it to be very receptive and thoughtful and interested in thinking that way. … After all, marketers are also consumers."

When data silos are desired
The primary goal for 4Info and countless other ad-tech and data firms is to link together data points gleaned from an onslaught of continuously-updated consumer data in the split-seconds needed to send an ad to the advertiser's target. But 4Info wanted to do that in a way that doesn't involve one database with a list of names, device IDs and column after column filled with fields of data about each individual. If the data were stored "in one massive table," said Mr. Jenkins, "That's too easy to hack. ... Someone could potentially come in and cobble stuff together."

In order to operate, though, the system must stitch that data together to find the appropriate users to target when ad requests are made. "We have to query three different locations. Remember we still have to do that in under 150 milliseconds. That's a big tax on a company like ours," said Mr. Jenkins.

Though 4Info keeps some less-sensitive data, such as ad impression logs and ad campaign creative, in cloud storage, sensitive data sits on multiple servers in discrete locations.

Storage is one thing. The company also needed to make sure partners including mobile app publishers, networks and exchanges had strict opt-in policies enabling location-data collection, said Ms. McMullen. (In most cases, users must allow location-data collection to download mobile apps, otherwise they can't get the app at all.) The firm also includes the ad industry's self-regulatory opt-out AdChoices icon in all its ads, allowing people to opt-out from future targeting through the ads themselves.

History lessons
So why go through all the hassle? History taught 4Info a lesson, suggested Ms. McMullen. "Nobody wanted to be the first DoubleClick of mobile."

In 1999, DoubleClick bought catalog-data firm Abacus for $1.7 billion, and privacy advocates freaked out. They petitioned the Federal Trade Commission, prompting DoubleClick (acquired by Google for $3.1 billion in 2007) to announce it would not connect personal information from Abacus with online-browsing data. Connecting household addresses, mobile locations, in-store retail transactions and other offline data to target digital ads is increasingly popular among advertisers today.

Another impetus for 4Info: a Wall Street Journal series exposing the increasingly sophisticated capabilities of the consumer data-tracking and targeting industry. The "What Do They Know Series" was controversial among industry insiders, and gave public prominence to company names and practices that had been little known among everyday consumers.

The impact of the series on the ad industry, particularly those handling lots of consumer data for targeting, "was extremely fresh in 2011," said Ms. McMullen. "We didn't want to be fresh meat for that kind of investigation," she said. "We knew we were using some sensitive information in terms of location and device identifiers."

Companies that felt the sting of the WSJ series included RapLeaf, whose data-linking practices were highlighted by a 2011 WSJ article. RapLeaf changed the way it segmented audiences after the newspaper contacted the firm, reported the publication. LiveRamp, an offline-to-online data company spun out of RapLeaf in 2012, was acquired by data giant Acxiom for approximately $310 million in cash in May. Acxiom is one of the partners that feeds data into the Bullseye system, allowing 4Info to match mobile devices showing household locations to advertisers' proprietary customer data like purchase information.

Acxiom worked closely with 4Info while Bullseye was in development, subjecting the product plans to its own internal privacy assurance process. The data and marketing services firm put 4Info through a privacy review "even before" the partnership began, said Jennifer Glasgow, who has headed Acxiom's privacy efforts since 1991. "We typically get to know the privacy and product people pretty early in the relationship," she said. "We followed it all the way through implementation."

That review process entailed Acxiom's privacy team assessing 4Info's data-flow schematics, for example, to ensure data would not be integrated in such a way that would infringe on individuals' privacy. "The data flows are getting more complicated every year," said Ms. Glasgow.

Ms. Glasgow, herself a veteran in data privacy, suggested that the fact that 4Info has a privacy officer on staff is rare for a small firm -- in 4Info's case, only 37 employees. "I think [Ms. McMullen is] something of an exception [with 4Info] being a company of that size," she said.

Whiteboards and data diagrams
On the legal front, Ken Dreifach, a lawyer for ZwillGen came in, observing white-board diagrams showing how data gathered by 4Info would wind its way through the system. "The assignment was to simply build the most privacy-sensitive data flow and data technology, and that's what 4Info did and the company did it at significant expense," said Mr. Dreifach, who handles issues such as data and online advertising law, and still serves as an outside counsel for 4Info. He has worked with the mobile data firm for two years, and in the past worked for LiveRamp as general counsel.

Several meetings with Mr. Dreifach involved a review of how data would be de-identified and segregated to establish technological and legal controls preventing data from being merged in ways it shouldn't be.

"The sticky issue would have been if they said, 'We don't want to spend this much money on silo-ing and disaggregating data," he said.

Most ad tech firms gathering and storing lots of consumer data at risk of exposure through hacking or leaks don't have the budget, resources or wherewithal to put themselves through the privacy-by-design wringer, and it's unclear what it will take for the industry as a whole to consider data privacy and security in the early stages of product development.

"They all kind of need to advance together in order to resolve the privacy challenge," said Ms. Kernan.

Of course, more restrictive privacy legislation looms, but rather than limiting what marketers do with data, suggested Ms. Kernan, "Perhaps there is a requirement that companies have a privacy [officer] in their employ…. Those things drive change within the organization."

Most Popular