The Data Balance: Protecting Member Privacy while Personalizing Engagement

Nearly all websites collect data. A growing number of association websites use cookies to track their site visitors to create a more personalized user experience. While most sites use these cookies to collect important user data, some users are still uncomfortable with the collection of their personal information and desire to opt out of certain data being gathered. Some sites will allow their visitors to turn off performance cookies and marketing cookies, though cookies deemed necessary for the website to function are usually required to stay on. Users can set their browsers to block or alert them about these cookies, but this may cause parts of the site to not function properly. Also, these cookies do not store any personally identifiable information. Still, data mining remains a controversy with some businesses and organizations.

Cookies are mainly used in two different ways—for performance/statistical purposes and for marketing. Statistics or performance cookies are used to collect information about how visitors use a website. Information garnered, such as what links a user clicks, cannot be used to specifically identify users as it is aggregated and anonymized. As a result, the sole function of statistics cookies is to collect data to enhance user experience and improve the website’s performance.

Used to track the online activities of users, marketing cookies assist advertisers in creating more relevant advertising or to limit how often a user sees an ad. These cookies can share that information with other organizations or advertisers, are persistent cookies, and almost always performed by a third-party. It is these third-party cookies, however, that give most web users reason to pause before they go any further when browsing the web. According to the European Union (EU)’s General Data Protection Regulation (GDPR), the privacy risks associated with cookies are generally centered around third-party, persistent, marketing cookies which can contain significant amounts of information about users’ online activity, preferences, and location. Adding another level of complexity, the chain of responsibility regarding who can access a cookies’ data can be complicated and increase the potential for misuse. This has caused many companies such as Google and Apple to end their use of third-party cookies.

In a recent post in The Scholarly Kitchen, Minhaj Rais, Senior Manager of Strategy & Corporate Development at CACTUS, writes “Big data and AI have begun to play an increasingly important role in our lives, and while bias and prejudice inherent in AI-driven systems are being called out, there is a strong need for emphasizing the importance of designing AI systems that work without having to infringe on user privacy.” Organizations must therefore explore alternatives that can work without depending on mining personally identifiable information. This may pose a challenge when using certain applications causing organizations to employ unique ways of retaining pertinent user information while also respecting user privacy. This may seem like a daunting task, but there are a few approaches organizations can use to provide personalized user engagement without violating their privacy.

Develop a Data Mining Strategy

The best place to begin planning how your organization will handle its data mining is by creating procedures that specify what data is collected and how user privacy and security will be maintained. Re-thinking your approach to data privacy and security is one of the key takeaways in the YourMembership® blog post “4 ways to balance data privacy with personalization for greater member loyalty” by blog contributor Meghan Furtado. Start by developing a data governance strategy that has policies on what type of data your organization collects, how long the data is kept, and how it will be used. Finding the right technology vendor is also key to keeping your users’ information safe and protected, and it’s important that you make sure the technology company you go with uses industry best practices to prevent unauthorized access to data. Multi-factor authentication, for instance, increases data security while tokenization enhances the security of customer credit card and electronic payments for recurring transactions. Additionally, any technology vendor should provide transparency into security and performance status; data recovery to safeguard your users’ data from data storage errors, catastrophic failures, etc., and compliance certifications to validate security.

Limit Access to Member Data

Small organizations and associations often use an “all hands-on deck” approach when it comes to staff responsibilities and tasks, with staff members performing different duties than their job descriptions typically entail. When it comes to maintaining sensitive membership information, however, staff access should be limited, and only necessary staff should have access to important member data. Create a small team to be the gatekeepers of member data and allow only this team to have access to and control of this data. This team should also work closely with data vendors, as well as departments dealing with membership and member/customer service in case members have questions or issues with the collection of their information. Be sure to have protocols in place for staff with access to sensitive data should information be compromised or any staff with member data access resign or be terminated.

Keep Site Users Informed

Open, honest communication is crucial to maintaining the confidence of your members, customers, and clients, and being transparent about the information your organization is collecting is part of sustaining this trust. As a result, when users visit your site, you should have detailed communications that provide the specifics about the data being collected, how it is being used, and what, if any, of the cookies can be turned off. “Make sure your members know you have data privacy and security standards and precautions in place,” says Furtado. “Explain how the information you collect will be used for a better and more personalized experience, and your members in turn are more likely to trust you. That trust will then translate into a better member experience and, ultimately, greater member loyalty.” In addition, if any of the data collected on the site is compromised or your site encounters a privacy breach, it is essential that your organization communicates this to all website users and the organization’s members and customers.

Providing your members and customers with a personalized experience when they visit your website is critical to providing the optimal experience in user engagement and making your users feel valued. Part of making your users feel valued requires trust and having a solid data mining policy with nearly impenetrable security and privacy measures can only enhance this trust.