As more and more retailers look to personalise their offerings, data is increasingly becoming the backbone of business operations. From customer details to purchase history, this information is gold for businesses in just about every category and can have a tremendous impact on the bottom line.
But with all this data comes a heightened level of risk. Bunnings discovered as much earlier this year when its customers were caught up in an international data breach.
Who would have thought the home of lowest prices and sausage sizzles could fall victim to such a thing? Unfortunately, it is becoming a reality for many businesses. In the US last year, for example, the overall number of data compromises was up more than 68 per cent from 2020.
It goes without saying that companies dealing with customer information should do their utmost to prevent others from gaining access to it. But hackers are getting much more sophisticated and the likelihood of a breach is growing for us all.
I’ll leave the advice on data protection to the experts in that field. Instead, let’s talk about the marketing and communications challenge it presents.
Personalisation and data protection
In recent years, personalisation has become the holy grail of marketing. Any brand that has gone on the journey will tell you that data-fuelled personalisation converts more sales than generic marketing efforts alone. At the top of the sales funnel, you want to target defined but broad audiences, but once you’re in someone’s consideration set, or better still, they are a returning customer, giving them offers based on data you have about them is bloody powerful.
However, when it comes to the data you collect and what you do with it, it’s not a free-for-all. There are laws in place to ensure it is handled carefully and there are more coming.
Last year, the government announced two proposed privacy reforms that are set to change the way businesses collect and use data: the Online Privacy Bill and a Discussion Paper that’s part of the Attorney-General’s Department’s review of the Privacy Act. The way Australian businesses handle data is about to follow in the footsteps of the UK and US, where legislation such as General Data Protection Regulation (GDPR) has come into effect. Those laws have had massive implications for businesses, with Amazon being fined £636 million last year for breaching GDPR rules.
It’s because of this and other changes to the marketing landscape that we’ve been banging on about brands shoring up their data assets. Data breaches are yet another reason to focus on first-party data rather than third-party data, because you don’t always know where the data is coming from when you pay someone else to use it.
With breaches on the rise, there’s a strong likelihood consumers’ corresponding reticence to pony up data will affect the ability of retailers to offer personalised services and messaging. Some customers understand that there is risk in parting with personal info, and some are naive or just ignorant. It is the brand’s job to establish trust with consumers to show them they are doing everything in their power to protect this information.
What to do after a breach
Brands like Bunnings invest countless dollars into building their brands through advertising, marketing, and PR. When a data breach occurs, how they respond puts all that hard work and investment in jeopardy. With businesses increasingly focused on environmental, social, and governance issues, how you act must align with the stated values of your business.
From a practical standpoint, a data breach at some point is practically inevitable, so it pays to prepare now and have a plan ready to action. Think about what your response to customers will be. How will you let them know what has happened and how they should manage the risk to their personal information?
You’ll also need to have a statement prepared for the media. As is always the case with matters of this nature, it’s better to get ahead of the story and manage it than for it to be leaked. The danger is that you will lose control of the story.
Be honest, be transparent, and whatever you do, do not try to sweep this under the rug. For starters, businesses governed by Australian privacy law are legally obligated to let people know their data has been compromised. But also, the damage to your brand’s reputation won’t be worth it when the story eventually surfaces. And it will.
From a wider marketing perspective, it’s unlikely you need to turn off any ad campaigns but it pays to review any creative that’s live, or about to go live, to ensure it takes the situation into account.
If it can happen to Bunnings, it can happen to any of us and the key takeaway here is to be prepared. God knows retailers have enough on their plates right now without flying by the seat of their pants through a data breach.
