Answers to 7 FAQs on Data Privacy, Security & Identity Best Practices
Last updated May 19, 2021Consider adding an opening header & paragraph which asks and answers the question “What is Consent Management?” or “What is a Consent Management Platform?”
A Customer Data Platform (CDP) isn’t just about data. It helps organizations harmonize data and orchestrate beautiful customer journeys. This means every piece of data you collect about your customers and prospects—even the most sensitive information—contributes towards a single source of truth, which you can use for better targeting, segmentation, and customer CX. But how do you handle all of the privacy, security, and identity issues that come with the use of customer data? In a recent webinar, we answered some of the most frequently asked questions about privacy, consent management, identity matching, and dealing with multiple cookies.
You can watch the quick FAQ session or read more about the following here:
- The benefits of a CDP from an identity point of view
- Managing user consent with a CDP
- Multiple cookies for the same user
- Optimizing match rates using a CDP
- Identity and programmatic advertising
- Choosing the right CDP for your organization
1. Do DMPs handle consent management? No, but Treasure Data CDP can!
Enterprises have multiple sources of personally identifiable information (PII), such as website registration tools, mobile applications, CRM, point of sale (POS) systems, call centers, and more.
Many enterprises use DMPs, but these are not built to handle PII data. They are only intended to handle anonymized third-party data, so they lack the security measures needed to properly manage PII. Treasure Data Enterprise Customer Data Platform (CDP), for example, allows PII to be safely stored and leveraged for audience segmentation and activation across all customer channels of communication.
Consent is always required for PII collection and its use for any marketing purposes. Specifically for regulations like GDPR, explicit opt-in is required for each customer interaction. To be considered compliant, you cannot use opt-out or implied consent.
2. How does a CDP handle user consent?
A consent management platform is not always needed to collect consent from the many sources where it is required. Consent could be collected directly on a website, through mobile apps, via call centers, physical documents, and more.
A few CDPs—like Treasure Data—can store consent centrally and use it to ensure compliance across all connected downstream systems. Additionally, a consent management tool like OneTrust or Gigya can also be used and integrated directly to the CDP.
Keep in mind that only some CDPs let you capture and manage consent directly; not all of them do. When considering CDPs, you should ask if the CDP can store and use data in real time. Also ask if the solution can store fine-grained consent information with additional metadata, such as the timestamp and channel where it was collected.
Also, a mechanism to collect consent and allow a user to manage or remove consent (like a webform or a mobile application) is necessary, and that information should be captured, managed and stored by the CDP. This is where a consent management platform could potentially simplify consent management and make the process more secure. In this case, the consent management platform becomes the record of truth specific to consent.
3. How important is ‘one row record’ to distinguish between a CDP and DMP?
A record in your CDP remains persistent, and records in Treasure Data can be based on customer attributes or behaviors that can be appended to a user profile. This data can be used at any time to build audiences, or be passed to different activation channels.
A DMP, on the other hand, captures anonymous digital activity that is linked to an anonymous user session, and will not persist in the system due to time storage limitations. If you want to build a unified customer view, a DMP record is therefore less valuable than a CDP record.
4. Does a CDP automatically do identity matching? How would you go about improving match rates?
Yes, some CDPs can match identities in order to create a single record for a unified customer profile. And a few CDPs, like Treasure Data, can do both deterministic and probabilistic identity matching. The deterministic algorithm matches records based on a defined attribute or set of attributes, and will help you merge identities from multiple sources into a single customer record.
Probabilistic matching uses algorithms to match records, so the more data you are able to store in the CDP to use for probabilistic matching, the higher the match rate will be. When evaluating CDPs, ensure the CDP you choose can use first-party cookies as well as other system identifiers for matching, without any limitations.
5. How do you deal with multiple cookies for the same user?
Most good CDPs will allow multiple identifiers to be stored against a user record, so you can link all records with multiple cookie IDs to the same user record.
As soon as a user identifies themselves, Treasure Data will match the cookie to the user record and wire up the anonymous session to the known user. A customer identifying themselves could be as simple as entering an email address, logging in, clicking on a link from an email—or any other way to determine who the user is. If a user doesn’t identify themselves, then the user will be treated as an anonymous user.
6. How do you approach user matching if you use web analytics systems like Google Analytics and data warehouse systems like BigQuery and currently store a matching table in the data warehouse? Does a CDP do this automatically?
Matching can be done automatically in Treasure Data, via AI and machine learning (ML). Effectively, you are sending events into Treasure Data, and the events have an identifier—for example, a cookie to link them all together. Some events will include information to match the record with a user, such as a user ID, email address or something similar. Treasure Data then links the cookie ID with the user record in the platform itself.
That user record will also contain information that matches to other systems (IP address, email address for your ESP, DMP IDs, user IDs to match with a Customer Identity Platform and so on). Specific to Google Analytics, you can also pass the Google Analytics ID (GAID) along with the cookie ID, or other identifiers, using the Treasure Data JavaScript SDK. That will automatically link the two identifiers and will store the GAIDs against the user record for matching. A different approach is to build a matching table in Treasure Data to match the GAIDs with internal IDs, and remove the step of using BigQuery in this example.
7. How should you start evaluating CDPs?
Deterministic identity matching results in a much higher match rate than using probabilistic matching, because you can be 100% certain that the identifiers are from the same user. With probabilistic matching, some guess work is involved. Therefore, when evaluating CDPs that may be best suited for your business, you need to look at all of your different source systems and ensure the CDP can match all IDs, across all systems.
For example, this could be an email address, IP address, name, phone number, birthdate, system identifiers, cookies, or any other attribute. You want to be certain that the CDP you choose can store these IDs, and match them correctly for identity resolution. Otherwise, you won’t have a true single view of each customer.
Treasure Data enterprise CDP can help you manage and take control of your data privacy, security, and consent management challenges such as PII, GDPR, and CCPA. To learn more about how a CDP can be foundational to privacy consent management, read the CDP Institute’s white paper, Powering Privacy Compliance with a Customer Data Platform.
To learn more about how CDPs different from other martch software, please see these articles on the Difference between CDP vs. DMP and CRM vs. CDP.