Data collection, privacy, and security is serious business and has become a top concern for both ABM platform vendors and buyers. From major data breaches to the all-too-common lost, stolen, or otherwise misuse of personal data, consumers have demanded protection of their personal data. B2B marketing and sales teams are increasingly leveraging Big Data and AI to collect and analyze buyer intent with the goal of efficiently and effectively executing an account-based strategy at scale. Alongside this trend is a cloud of confusion and fear surrounding the privacy and security of the data being collected and used.
Instead of throwing out big, scary headlines about who is compliant and who is throwing caution, and your data to the wind, let’s look at the questions you should be asking your ABM platform provider about data collection, privacy, and security and how 6sense is handling this sensitive issue.
Is the collection of “intent data” (identifying potential B2B buyers’ engagement with content, ads or specific websites) in conflict with the General Data Protection Regulation (GDPR) in Europe and California Consumer Privacy Act (CCPA) in the US?
No, as long as the relevant rules, such as those focused on the rights of individuals, access, consent and transparency, are followed. The GDPR and CCPA require organizations to collect and process personal data (and under both the GDPR and the CCPA an IP address is considered personal data) under strict conditions, as well as protect that data from misuse and exploitation, but don’t prohibit the collection, use, and processing of such data.
Do you provide high quality, third-party intent data as part of your offering, and if so, do you confirm the collection of the visitor data complies with applicable privacy laws?
Yes, 6sense provides high-value intent data that is curated for our customers through our AI Platform. We source our intent data from vendors that have direct relationships with publishers similar to those that other co-ops source from, and that implement strict policies for opt-in and consent. Commentators have indicated this is one of the favored approaches for organizations that want to follow the rules. As a value-add to our customers, we also have direct relationships with stand-alone publishers to collect relevant first-party intent data specifically for a customer. We do not utilize EU-based data from AddThis and we do not utilize any form of bidstream for our intent data and therefore the online debates about EU intent data from these sources do not impact our services.
What security practices do you have in place to protect our data and comply with applicable laws?
At 6sense, we take the protection of customer data, all personal data we process, and compliance with the GDPR and similar data protection laws very seriously and have implemented rigorous security policies that have been validated by independent, third party auditors. To provide customers with an independent assessment of our systems and security we undergo regular SOC 2, Type 2 audits that meet the AICPA Trust Services Principles and Criteria (an internationally recognized third party-audit and attestation process most relevant to our customers’ multi-faceted security needs) and implement security practices compliant with ISO 27001/27002 standards. Our first-in-class hosted data centers also maintain the highest accreditations, including: ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 2 and SOC 3, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5), to provide combined coverage of our applications, systems and data centers. Our security team works closely with our auditors to continuously monitor developments and implement appropriate security protections.
How do you handle staying up to date with GDPR requirements?
Like any area that impacts our business, and especially our customers, we devote significant resources through our privacy team and executive leadership to ensure we have robust and up-to-date privacy processes in place in compliance with applicable laws. Our in-house privacy team is supported by best-in-class external privacy counsel that helps us monitor regulatory changes that impact the GDPR and other privacy laws, including the CCPA.
B2B marketers need to be aware of regulations and laws put in place to ensure individual data privacy. As you implement your account based strategy, in addition to ensuring that you are getting a high-quality product that will provide real value, you will also want to confirm that your provider is placing as high a value on its privacy and security processes in connection with the services it provides to you. We know that our customers take compliance with the GDPR (and CCPA) seriously and we are happy to support and partner with them.