Going Privacy-First: How To Balance Data Use With Ethical Concerns and Privacy Laws in Customer Acquisition

One thing’s clear: the future of data prioritizes privacy. Join us as we dive head-first into ethics-driven lead generation in a shifting legal landscape.

As state legislatures continue to prioritize data protections in a digitally-driven era, new laws emerge out of the legal woodwork year after year.

The result? A jungle gym of requirements, stipulations, and caveats differing across state lines that businesses must heed to avoid legal ramifications or–arguably worse–the alienation of their customer base.

Everyone’s got data privacy on their minds. Consumers, businesses, and governmental bodies are all pondering private information–whether that’s how to safeguard it, build parameters around it, or leverage it for marketing and personalization purposes. 

Does “privacy-first customer acquisition” sound like a challenge? Or worse, an oxymoron? We promise it’s not as complicated as it seems.

We’re here to provide tips on how to embrace privacy-first data usage–not only to comply with growing legal requirements, but to build trust with customers while embracing personalization and actively gaining new customers. 

What is a privacy-first approach?

It’s a statistical fact, and a no-brainer as well: consumers prefer to do business with businesses that mind their privacy and do their best to protect it. 

Companies that gather data on their customers, partner with providers for data enhancement, and otherwise engage in data utilization for marketing purposes have to take a few things into consideration if they want to mind the privacy of their audience:

1. Ensuring prospective customers understand how their data is used
2. Allowing customers to opt-out of nonessential data collection or sharing
3. Minimizing the amount of data used outside of transparent marketing activities
4. Leveraging first- and zero-party data above all other data sources
5. Anonymizing and encrypting customer data
6. Performing data hygiene to keep information clean and reliable
7. Protecting against data breaches as much as possible

Going privacy-first means ensuring you (and your data partners!) comply with data privacy laws and best practices.

How are data privacy laws and regulations evolving?

Most data professionals are already familiar with the GDPR, Europe’s comprehensive consumer data privacy protections, and the CCPA, California’s equivalent and the longest-standing set of privacy laws in the US, introduced in 2018. While those may serve as the most comprehensive data regulations to date, more states are adding privacy protections each year. In 2024, seven new states passed data protection laws, bringing the total number up to 19. 

While many state laws are modeled on Washington’s never-passed set of regulations, some have strayed from the model and introduced new concepts to US data regulations this year. Maryland, for example, likely passed the most consumer-friendly set of privacy regulations to date–and also introduced a wild card to US data professionals: the concept of data minimization. 

While some companies may find the many differing rules unmanageable, savvy companies have been thinking ahead. Because of the many different rules across state lines, companies that want to ease their headaches should consider a wide-ranging and strict personal privacy framework to ease their compliance burden. 

In other words, they should adhere to a standard of best practices that encompasses–and perhaps surpasses–current privacy law.

How is awareness and concern for data privacy and security growing among consumers?

Consumer concern over how companies use their data has been on the rise for years, especially as the sheer amount of data that exists grows and new technologies–like AI–usher in new questions surrounding data privacy and protection.

Not to mention the rise of data breaches, more brands asking for personal data to complete purchases, the incremental rise of “smart” items and devices (cars, lightbulbs, etc.), targeted ads seeming to get increasingly more accurate, AI models being trained on record amounts of data, and many companies choosing not to disclose how they use data. 

According to the Pew Research Center, 81% of Americans are concerned about how companies use the data they collect about them. Yet even though consumers are concerned about their data use, over 60% of consumers don’t know or are misinformed about how their data is being used, and who has access to it, according to PCH Consumer Insights. 

Most consumers care deeply about their data privacy, yet are unsure how to protect it, or feel as if there is nothing they can do–becoming resigned to the fact that their data is being used in ways they can’t control, are not informed about, and do not understand.

However, consumers are also significantly less likely to do business with a company that doesn’t respect their privacy. According to a McKinsey report, 87% of respondents said they wouldn’t do business with a company if they had concerns about their security practices, and 71% said they would stop doing business with a company if it gave away their sensitive data without permission. 

Protecting data is a three-fold mission: for policymakers, individuals, and companies, too. Companies would be wise to listen to their customer base. 

How are government and consumer factors shaping the way businesses can collect, use, and share customer data?

Consumers are rightfully concerned and won’t do business with companies that engage in bad data privacy practices. Governmental bodies protect consumer privacy as well, bringing lawsuits and leveling hefty fines on companies that don’t comply with evolving privacy laws.

As for businesses? Engaging in good data hygiene, transparent data policies, and moving away from third-party cookies not only helps avoid legal problems, but it builds trust, fosters loyalty, and puts you leagues ahead of other businesses floundering in their outdated data practices.

The importance of being transparent about data collection practices and obtaining explicit consent from users

Companies that do the work of articulating how data is used, protected, and benefits the consumer will win more customers and keep the ones they have. 

McKinsey found that companies that are good at personalization generate more revenue than companies that are not–and customers often want personalization in marketing communications. In fact, they may be irritated if companies don’t provide it.

What does that mean? Customers are often willing to supply first-party and zero-party data–as long as they consent to it, and companies are fully transparent and clear about how they use it. When security is baked into how a company handles data, customers are more likely not to mind it.

Just because the option to opt out of data collection exists doesn’t mean customers will inevitably always take it. When a company’s relationship with a customer is based upon a foundation of trust and a company has a good image around privacy protections, that inevitably leads to more business–not less.

The importance of implementing robust security measures to protect customer data from breaches

Data breaches are one of the top problems affecting consumer trust in companies. And each year, the number of data breaches rises. And rises.

According to the Identity Theft Resource Center, there were 1,802 data breaches in the US alone in 2022, impacting over 422 million individuals. That’s more than the total US population. In 2023, data breaches rose to a record 3,205–up 78% from 2022, and 72% from 2021.

Consumers are likely to take their business elsewhere when a company is affected by one or multiple breaches.

A surefire way to gain consumer trust? Protect against data breaches. With increasing numbers of data breaches also comes unprecedented spending on cybersecurity, which is expected to grow to nearly $215 billion by 2024. Conducting risk assessments, following FTC guidance, engaging in good data hygiene, and having a secure plan in place in case of a breach can all help assure users of their data security.

What’s the value of building a strong first-party data strategy?

First-party data is the end-all and be-all of good data practice. That’s increasingly true as third-party data becomes less reliable due to regulations, browser restrictions, and user expectations. Unlike third-party data, first-party data comes directly from the consumer in relation to the company.

When you use first-party data along with data enhancement technologies and good data onboarding practices, you ensure consumer trust–and additionally, you protect your leads. 

First-party data is not only better, more accurate, and more actionable than third-party data–it’s more reliable, and more ethical.

Why use privacy-enhancing technologies like anonymization, encryption, and differential privacy?

When you gather data, protecting customers’ PII should always be top of mind. When it comes to marketing purposes, there are ways to anonymize and encrypt data that not only meets with privacy best practices and law, but also protects against data breaches. Data encryption is especially important during data onboarding–for example, when going from a customer database to a CRM.

Data anonymization and aggregation are techniques used to protect individual privacy while still allowing companies to use data for marketing and other purposes. Data anonymization involves removing personally identifiable information (PII) from data sets. Data aggregation involves combining data from many individuals so that it is no longer possible to identify any single individual.

Strista, for example, creates large audience segments based on shared interests or preferences without revealing PII. We also engage in data anonymization and aggregation. 

Stirista’s data strategy involves collecting both online and offline data sets. To protect consumer privacy, we corroborate data from hundreds of sources, including original sources, observed campaign metadata, and authoritative partner sources. We maintain a rigorous data hygiene process, time, date, and source stamping every record within our repository.

Not only does this protect against potential data breaches, but it protects the consumer’s private information–complying with legal guidelines in the process.

What are the ethical implications of using AI and machine learning for customer acquisition and personalization?

Most people assume AI models are trained on data they just randomly scrape from the internet. When it comes to AI model training, this is sort of true: machine learning engines use publicly available data to build their LLMs.

When it comes to customer acquisition and personalization, AI falls prey to the same issues affecting other aspects of data utilization: lack of transparency, unclear policies, and the need for consent.

However, AI also brings in new issues related to bias and discrimination (due to societal biases present in training data), a common perception of AI models as “black boxes” (AI decisions are often difficult or impossible to decipher), and poor data leading to flawed insights.

Businesses that use AI must watch out for even more risks concerning their data and practices–prioritizing ethical AI practices is an additional step that must be taken if businesses want to ensure customer trust and brand reputation. 

Wrapping up

As we’ve discussed, governments, companies, and individuals all play a part in protecting data. It’s something consumers are concerned about, policymakers are legislating about, and something that would be in the best interest of businesses, too. 

There are still ways for businesses to comply with data privacy regulations while still leveraging identity data to perform customer acquisition. Just being transparent about data practices is the first step. Relying on first-party data is the next one. Finally, using data anonymization and encryption techniques further protects data and ensures companies are reliable and safe from data breaches.

At Stirista, we understand the critical importance of data privacy and security. We’re committed to helping businesses navigate the complex landscape of regulations like GDPR, CCPA, and others.

Here’s how we do it:

• Data Collection and Processing: We prioritize responsible data collection practices, ensuring transparency and obtaining explicit consent where required. We implement robust data processing procedures to minimize the risk of data breaches and unauthorized access.  
• Data Security: We employ industry-leading security measures to protect customer data, including encryption, access controls, and regular security audits. We maintain a secure infrastructure to safeguard sensitive information.  
• Data Subject Rights: We empower individuals with control over their personal data. We provide clear mechanisms for data access, correction, and deletion, ensuring compliance with individual rights under various privacy regulations.  
• Compliance Framework: We maintain a comprehensive compliance framework that aligns with evolving data privacy regulations. Our team stays abreast of the latest legal and regulatory developments to ensure our practices remain compliant.
• Customer Education: We actively educate our clients on data privacy best practices and help them understand their obligations under applicable regulations. We provide resources and support to assist them in building a robust data privacy program.

By adhering to these principles, we strive to build trust with our clients and their customers, while enabling businesses to leverage data responsibly and ethically.