A Look at the Privacy Consultants of Acxiom
By Jedidiah Bracy, CIPP/US, CIPP/E
Now that Big Data is lodged in the everyday parlance of businesspeople everywhere, and with growing consumer awareness of Big Data’s power, companies are regularly faced with the tall task of using data to contribute to a robust bottom line while executing strong privacy practices and maintaining positive brand recognition. But what if data IS your business? Regulators, including the FTC, are keying into the data collection and use practices of so-called “data brokers” and consumers are growing more knowledgeable of how their personal information is used, bought and sold.
In few vertical markets are privacy sensitivity and privacy professionals more intimately linked with company success.
One such company is Acxiom. Based in Little Rock, AR, the company posted a $59.4 million profit, with revenue of $1.1 billion in its most recent fiscal disclosure. According to one report, the firm has amassed a database containing information on approximately 500 million active consumers across the globe.
An Acxiom whitepaper, Searching for Balance in the Use of Personal Data: The Yin-Yang of 21st Century Commerce, outlines their belief in finding a balance between data use and consumer privacy. “We do know this,” Acxiom states in the paper, “data is not good or evil, moral or immoral—it is increasingly a product, a facilitator, of our modern way of life, and its importance to both individuals and organizations is intensifying.”
In fact, Financial Times recently reported that Acxiom plans to unveil a transparency service allowing consumers to access data collected about them. Acxiom Chief Marketing and Strategy Officer Tim Suther said, “We live in an era when transparency is important…We’re listening to that and trying to be even more transparent with people in understanding what companies like Acxiom do with information.”
Acxiom’s infusion of privacy into its marketing campaign is clear, too, when it warns businesses using personal information for marketing not to be creepy. “Here’s the litmus test: Are your actions for the individual (not creepy) or to the individual (creepy),” it states.
That’s no accident. Among the many things Acxiom’s privacy team check during its product development lifecycle is the marketing literature for its products. “We look at things like tone and how we market to businesses,” says Acxiom Chief Privacy Officer Jennifer Barrett Glasgow, CIPP/US. She notes that her team often will point out the consumer would perceive something. “Let’s be sure we mention things that consumers might be concerned about and businesses who are our clients need to know,” she says.
The Privacy Consultants
Glasgow, winner of the 2011 IAPP Vanguard Award, says, in addition to helping the marketing team, her team is heavily involved in the early stages of product development. They help the engineers and developers brainstorm ideas around building in privacy considerations from the earliest stages of product development. “We view ourselves as the consultants to help convey the understanding of the opportunities and risks our products and services need to take into account,” she says.
Before a new product goes into development, the privacy team—comprising “10 dedicated full-time to privacy and another 12 who are part time with other responsibilities”—conducts a formal review and then again prior to production. She says her team continues to help revise products as they progress through their lifecycle and will often conduct annual or biannual product privacy assessments—not quite an audit, she points out, but similar.
Leading a privacy team in such a dynamic and rapidly growing organization requires a lot of focus and attention from Glasgow and her team. She says there’s lots of privacy training, but points out that awareness can be even more important than the training. “We can’t train for all situations,” she says, “we would much rather be consultants throughout the development than just trainers.”
She says awareness throughout the organization is realized when the CEO talks about privacy or writes about it in the company newsletter. When the executives talk privacy, organization-wide awareness improves. Then, when the privacy team comes in, “people pay attention.”
The privacy team also recognizes strong employee privacy practices with a small award featuring the Acxiom logo and the motto, “Just because you can do it, doesn’t mean you should.” She adds that the organization has celebrated Data Privacy Day in January with an online privacy scavenger hunt where employees could win as much as $2,500.
Acxiom’s workforce is growing and is made up of young tech specialists. Glasgow says a growing percent of the organization is made up of “young, smart kids” who specialize in technology. “They come from the pure tech side of the equation, so they’ve never thought about technology that involves data” with privacy in mind. During their orientations the new tech specialists often say things like, “I didn’t have any idea.”
Recent scrutiny by the media and the Federal Trade Commission has reinforced the privacy principles Glasgow and her team have been preaching for a long time. She said she’s less worried about the scrutiny and more concerned about ensuring that employees and clients are aware of the privacy risks and concerns of consumers.
One of her goals is to remind the marketing people, that while they have a vested interest and a “very strong desire” to market to their clients, they have two other audiences they must build trust with: one is the regulator and the other is the consumer. “Success is dependent on all three trusting Acxiom,” she says, “we’ve got to make sure we all understand that.”
Though she wasn’t prepared to confirm that Financial Times report that Acxiom is imminently releasing a consumer accessing service to our marketing data, she did say they’re “always looking to increase transparency. We have offered access to our risk data for some time now.” One concern with a consumer access service is security and identity verification of the requestor. In Europe, Acxiom does provide consumer access to marketing data, but it’s conducted offline, and is a tedious and “very labor intensive process.”
Glasgow notes she is lucky to have a background in computer science and mathematics. In a world with rapidly developing technology, she points out that regulators are now bringing in more tech-savvy people to their teams. “Our team is also having to constantly learn” more about evolving technology. She predicts that we may start seeing more of a hybrid privacy professional, “one that has less of a legal background and more of a technical one.”
Perhaps this potential hybrid professional will be among those shepherding the yin and yang of business interests with consumer protection in mind.
Read more by Jedidiah Bracy:
ICO Fine “Confirms” Emergence of Private-Sector Enforcement Trend
Broad Spectrum Voicing Opinions on Proposed Data Protection Framework
Westin’s Privacy Scholarship, Research Influenced a Generation
HHS Issues Final HIPAA Omnibus Rule