Privacy considerations with online advertising
Advertisers understand consumers seldom make a purchase the first time they see an ad online. Therefore, they will often collect information from potential customers who view, click or interact with their ads on a publisher’s website. Consumers do expect a certain level of privacy protection, which is why you need to be really careful about how you collect and use it. Here are some privacy concerns to consider with ad serving.
Collection of dataCollecting data can be a tricky business because asking or collecting too much data can put some folks off, while not asking for enough can make it more difficult for you to appeal to those folks down the line for marketing or selling purposes. Generally speaking, you only want to collect what is legal and absolutely necessary for your marketing or business tasks. Anything personal or sensitive will need clear supporting reasons and explicit consent.
Disclosure and permissionWhen you collect data, there is an expectation that it will not be sold, shared or handed over to a third-party entity except when required by law. Situations may arise when requests are made for the information you have in your database. You need to be aware of what can legally be disclosed, and you also need to ensure than suitable permissions and legal requirements are met before you hand that information over.
Handling of dataCertain customer information falls under the heading of sensitive data, which is why strict rules need to be in place regarding how said data is handled. It really needs to be placed in a secure storage facility, preferably on servers with restrict accesses and are frequently backed up. Transfer protocols should be in place in the event that the data needs to be moved elsewhere. Access to the information should only be granted to authorized personnel and activity log should be recorded for auditing purposes.
Retention policyThere should be a clear policy in place about the retention period for all collected data. You are not expected to hold onto all collected data forever, as that would likely prove to be financially unfeasible. When the data that you have collected no longer serves a purpose for your business or for your customer, it should be deleted, assuming of course that doing so meets all regulatory requirements.
Data breach planningDespite the best planning, most online systems can be breached given enough resources and determination from the hackers. Therefore, it is important how you react when that happens. It is important that an emergency protocol be ready in the unlikely event that a breach occurs. It’s always best to plan for the worst-case scenario ahead of time, as failing to do so could put you in a very bad position. This plan should be in place as soon as data collection begins.