Archive for Data Governance

First the GDPR, Now California’s Consumer Privacy Bill: Your Ultimate Association Data Privacy Checklist

While many associations are still working to comply with GDPR, the State of California passed a new Consumer Privacy Bill that will have a significant impact on numerous organizations around the world.  Here is what associations need to know:

REQUIREMENTS

Associations that need to comply with the new regulations are required to give California consumers an effective way to control their personal information by ensuring the following rights:

  1. The right of Californians to know what personal information is being collected about them.
  2. The right of Californians to know whether their personal information is sold or disclosed and to whom.
  3. The right of Californians to say no to the sale of personal information.
  4. The right of Californians to access their personal information.
  5. The right of Californians to equal service and price, even if they exercise their privacy rights

STARTING POINT

The first step to managing data privacy is to document what personal data you have and what processing you are doing with it. All subsequent steps are dependent on this information being accurate.

In order to mitigate the risks related to data privacy compliance whether it be GDPR, California Privacy, or future state/country specific requirements, this list will be helpful:

DATA PRIVACY MANAGEMENT CHECKLIST

 Documentation:

  • Identify special categories of data processed
  • Document processing activities
  • Determine legal basis for processing (Like you did for GDPR)
  • Eliminate data that is not required or has no legal basis
  • Ensure consent has been documented for processing using “consent” as the legal basis

 Organizational Steps:

  • Form a team to manage privacy risks
  • Assign data stewards for personal data
  • Define internal data privacy policies
  • Advise/educate staff and board
  • Assign responsibility for security and breach detection

Inform and enable data subjects:

  • Update privacy notice and inform data subjects of how to execute their rights
  • Provide data subjects with a method to contact you
  • Provide data subjects with a method to object to processing
  • Provide data subjects with a method to view / control their data
  • Define process to receive and process data subject requests

Manage 3rd Parties:

  • Identify 3rd parties with who you send personal data
  • Ensure 3rd parties are compliant
  • Establish data processing agreements with 3rd parties

COMPLIANCE

Associations who meet the following conditions need to comply:

  1. Annual gross revenue over $25 Million
  2. Buy, sell, share, or processes personal data on over 50,000 California residents
  3. Derive 50%+ of annual revenue from selling personal information

The deadline for compliance is January 2020. Click here for more resources on Data Governance

Who Says Associations Can’t Continue Direct Marketing with GDPR?

The EU’s General Data Protection Regulations (GDPR) came into effect this summer and associations are concerned about which marketing materials they can and cannot send to members, prospects, and exhibitors.

There are two key things to keep in mind when considering the processing of personal data for marketing purposes:

  1. First, associations do not always need consent to send information if it can be proven that it is a “Legitimate Interest” or is required to deliver “Contracted” services, and second, the GDPR states in recital 47 that direct marketing can be considered a “Legitimate Interest”.
  2. According to the GDPR, a legal basis for processing (using) personal data must exist. While most organizations are focused on “Consent”, the GDPR text provides several categories for legal basis.  For marketing meetings and services to members and prospects, “Contracted” obligation and “Legitimate Interest” are key.

Associations can start by asking questions like:

  • What benefits were members expecting when they agreed to become a paid member of this association?
  • Did members join so they can market their products at the annual meeting or do they join because they want access to the wealth of information gained through membership?
  • What communications may be directly linked to the fulfillment of these expectations?
  • What is the impact on the recipient if this information is sent to them?

Answers should be documented to demonstrate the methodical approach for selecting “Contracted” obligation as the legal basis for processing personal data, and sending information to members and interested parties.

The GDPR recognizes that direct marketing may be necessary for growth by stating in recital 47 that it may be used as a “Legitimate Interest.” This does not, however, mean it is a free for all.  In order to use “Legitimate Interest” as a legal basis, it is necessary to validate that the benefit to the association outweighs any possible risk to recipient.

When using “Contracted” and “Legitimate Interest” as a legal basis, negative impacts should be minimized and recipients should be provided with the ability to opt out of future communications. So who says associations can’t continue direct marketing and remain GDPR compliant? The key is following a process to identify the legal basis and documenting this action for future reference.

For more on GDPR Compliance, click here.

Serve Your Association Customers Better Through Customer Journey Analytics

We recently hosted our quarterly Association Analytics Network meeting on October 3, 2017 at the American Society of Association Executives (ASAE) where we discussed how to best serve your association customers. We also shared new ideas and best practices in the area of customer journey analytics.

Joining us for lunch, networking, and thought-provoking discussions were some of our clients and invited guests. Here’s a high-level summary of topics we covered during this enjoyable afternoon meeting.

The Customer Journey

A customer journey is a set of interactions a customer has with a brand. It begins when they become aware of your service. Touchpoints are all of the ways the customer interacts with your brand via different channels. They are specific interactions from a customer-centric view and can be numerous depending upon the channel. For example, online advertising, social media, direct emails, press releases, and event evaluations are all examples of touchpoints. However, a holistic view of the journey needs to be considered. Focusing on only a few touchpoints decreases the importance of others.

Brand experiences happen over time. Therefore, it’s important to carefully manage each point of interaction, as the customer journey crosses multiple channels and business functions. Understanding your customer’s journey begins with customer journey analytics.

Data Augmentation

Understanding your customers allows you to serve them better. Data augmentation adds information from both internal and external sources, improving your base data. Knowing how to use the data you collect is important. How to augment your data is a process in itself.

First identify gaps in your current data—such as demographic and psychographic information. Then identify where to obtain missing and supplemental data. Sources can include internal surveys and free data like a recent census information found at Census.gov. Additionally, you can purchase data from sources such as Acxiom, Merkle, Thomon Reuters Eikon, and FICO. This type of data is often useful for marketing purposes. Lastly, defining how the data will be used ensures it is collected properly and is usable.

Data Priorities

During this year’s ASAE Annual Meeting in Toronto, we conducted a live poll of our audience during our session about Business Analytics Projects and Initiatives and what we discovered was surprising. Although these findings are from polling the attendees of one session—based on over a decade of experience we find these statistics to be representative of what we find at most associations.

Here are the 6 surprise findings that can help your association become data guided.

  • Data isn’t easily available in one centralized location.
  • Business staff doesn’t have the tools to easily access data.
  • We don’t use visualization tools to understand our data.
  • We don’t use data to effectively segment and target marketing.
  • Data is recognized as an asset and analytics is seen as critical to success.
  • Data analytics has the support of the CEO and board.

Data Governance

Having a sustainable data governance program will position your association for success.

In simplified terms, you want to:

Data Governance is essentially people, policy, procedures, and a plan of action. To implement, you will need to form a team, define the process, identify priorities, create a policy, and then develop a plan. Data must be recognized as an enterprise asset used to achieve strategic and operational goals.

When getting started with data governance for associations it’s essential to maintain and leverage one of your association’s most valuable assets – your data. Your customers and your association will be served well with the initiation and execution of a data governance program.

If you’d like to learn more about creating amazing association customers and receive an invite to our next quarterly Association Analytics Network meeting—sign-up for our monthly email newsletter.

Data Governance: Know Your Data

An easy way to think about the complex field of data governance is the following simple triad:

  1. Know the data
  2. Protect the data
  3. Maximize the data value

Before an association can effectively govern its data, it needs to understand what data it has. This is important because it is very difficult to protect our data and to manage the value if we don’t have a clear view of what data we own, what it means, and the scope of any related risks.
The first step of “know your data“, can be split into three key activities:

  1. Create a business glossary
  2. Create a data catalog
  3. Create a data dictionary

Compiling this information will not only help track and communicate what data assets we have, it will enable us to prioritize security and quality efforts to focus on what really needs to be managed.

Business Glossary

The intent of the business glossary is to track and communicate the official terms and definitions commonly used by our association.  Having this information consolidated and easily accessible will reduce confusion related to conflicting terminology and help create a common business language.
The business glossary can be as simple as a shared document listing the business terms and their related definitions or much more sophisticated with information related to acronyms, synonyms, hierarchies and categories.

Data Catalog

The objective of the data catalog is to provide a consolidated view of the data sets which exist in the association.  “Data set” in this context refers to business concepts like: Member, Employee, Registration, Sale, Download, or other similar entities / activities related to the operations of the association.
A data catalog can be a simple document that lists the data sets that exist in the association with a brief description.

Data Dictionary

The purpose of a data dictionary within the realm of data governance is to track and communicate the technical information related to the data items which are elements of data sets.  These are individual data fields in a report or table.
The data dictionary should document the definition, origin, usage and format of the data as well as the business rules which are applied. More sophisticated dictionaries include:

  • Stewardship assignment
  • Relationships to data catalog and business glossary
  • Security classification
  • Quality classification
  • Quality metrics

We can include many details in a data dictionary, however; we want to make sure it is sustainable. We want to create something we can keep up to date in the future.
Compiling all the information for the business glossary, data catalog and data dictionary can be a significant task; and we find it is helpful to first break the work into smaller manageable chunks and then continually expand the breadth and depth of the information collected. By focusing our efforts on the data that is being published in current reports and new reports as they are being published, we can limit the initial scope to what is most important. We also recommend targeting data sets where there is a privacy risk as early as possible.

What Happens When You Have No Data Governance?

Association Analytics® CEO Debbie King recently co-presented a webinar on predictive analytics with Abila’s Carlos Restrepo. During the webinar, Debbie and Carlos asked the audience of association professionals if they had an effective data governance program. Of the 67 replies, only 12% said their association has a data governance program.

PollResults-DataGovernance

According to this informal poll, only 12% of associations have a data governance program.


 

Consequences of No Data Governance Program

Data governance is a holistic approach to the way you manage, collect, use, and store data. A good data governance program includes a cross-functional team, a defined set of procedures, and a plan to execute and monitor those procedures.
There are consequences to not having data governance.
In the absence of a data governance program, the decisions made about key data systems are made by association staff who “own” the system. When there are different owners for systems (which is very common), the result is inconsistencies in data availability, collection, usability, integrity, and security.

Example of the Consequences

Imagine an association with an Association Management System (AMS) and an event registration system. Each system is managed by a different department and there is no overarching governance. Since there is no shared understanding of what data should be collected, the events team might collect mailing addresses information, but permit addresses in a different format than what is in the AMS. This instantly causes data quality problems. It also can negatively impact user experience if there is no integration or procedures to update the AMS. Members may believe that by updating their address in one system, it will update in all others.
If your association doesn’t have a data governance program, this scenario may be all too familiar.

Short-Term and Long-Term Impact

Without data governance, there is an inconsistent application of validation and business rules which leads to inefficiencies and data quality issues. There are long-term impacts as well. Ultimately, poor quality data can lead to a decrease in the trust level of the data in the system, which in turn can lead to the abandonment of the system by business users.
Association Analytics® works with associations to develop sensible data governance policies. For assistance with your data governance, contact us at info@associationanalytics.com.