In today’s digital world, personal data has become a commodity. With the majority of advertising happening online, advertisers will pay top dollar for the ability to be able to target their audience with the most precise data possible. Technology made to assist marketers is making it easier and easier to amass large amounts of personal information, but the collection of personally identifiable information (PII) comes with significant risks that they should be aware of.
Just to establish a baseline, PII is defined as any information that can be used to identify an individual, such as their name, address, email address, phone number, social security number, or financial information. Even before the digital age, marketers have been collecting this kind of information, but only in the last couple of decades has it become a prominent issue.
While collecting PII can be tempting because it is of great benefit to marketers, it comes with associated risks that also make it a liability and its use a cause for concern.
1. Data Breaches
Probably the most notable risk that comes with storing PII is the possibility of a data breach. For 83 percent of companies it is not a question of if, but when a company’s platform will be hacked, compromising the personal information of their customers and causing a loss of their trust or even legal action.
Aside from any reputational damage, the financial impact of a data breach can be significant. According to IBM’s 2022 Cost of Data Breach report, the average cost of a data breach is $4.35 million globally and $9.44 million in the United States. For smaller businesses, the cost may be more than just financial, as they may not have the monetary resources to handle such a breach and be unable to bounce back.
2. Legal Consequences
The collection of PII is a topic of concern in regards to various laws and regulations, including the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. The purpose of these laws is to protect the consumer and their rights to control their personal information, as well as set guidelines to protect them from the potential risk of it falling into the wrong hands. Failure to comply with these regulations can result in significant legal consequences, including fines and lawsuits.
In August 2022, cosmetics giant Sephora was fined $1.2 million for failure to comply with CCPA. This penalty resulted from the company’s inability to respect parts of the regulations that aim to provide transparency about collection of a user’s data and respect their choices to opt out of the collection.
3. Loss of Trust
Perhaps more costly than any fine, collecting PII without proper consent can lead to a loss of trust among a company’s customers. Consumers are becoming more aware of their data privacy rights, and they expect companies to handle their personal information responsibly.
In a survey conducted by Pew Research Center, 79 percent of U.S. adults said they were very or somewhat concerned about how companies were using their data. If customers do not trust a marketer to handle their personal information responsibly, they are less likely to engage with that marketer’s brand or purchase their products.
4. Marketing Ineffectiveness
Finally, when marketers use personal information to target customers in a way that feels too personal or invasive, the consumer may feel uncomfortable and choose to block or opt out of advertising altogether. If the consumer chooses to block advertising then any money spent trying to reach them is rendered useless.
Even if the personalized ads don’t make the consumer uncomfortable, personal information can become outdated quickly. Customers may not appreciate receiving marketing messages based on outdated information and it can lead to wasted marketing resources and a poor return on investment for marketers.
While it may help to provide valuable insights into their customers’ habits, collecting personal information can be a double-edged sword whose benefit may not outweigh the significant risks. It is the responsibility of the marketer to be aware of these risks and take steps to mitigate them, such as implementing strong data security measures and making sure that they have proper consent from their customers before collecting any data. With strong data governance practices a marketer can be both confident in their data and make sure that they are maintaining their business in a way that prevents legal, financial or reputational repercussions.