IT and Marketing Leaders Must Meet Increasing Customer Expectations for Data Protection and Privacy in Ever-Evolving Legal Landscape, Says Info-Tech Research Group

Published: Mar. 31, 2023 at 1:36 PM EDT

Protecting customers' data privacy is more important than ever, and organizations that don't give privacy the attention it deserves run the risk of losing the trust and respect of their customers.

TORONTO, March 31, 2023 /PRNewswire/ - Organizations are facing increasingly stringent and ever-changing legal obligations regarding the protection of customer rights and privacy, particularly in respect to marketing activities. While employing a privacy-first approach to data protection offers ample benefits and seems simple in theory, the consequences of getting it wrong are extremely detrimental. In response, Info-Tech Research Group has published its newest security resource, Privacy by Design for Digital Marketing. The research was created to help IT and marketing leaders design privacy-centric digital marketing operations that strike the best balance between meeting regulatory obligations and minimizing operational disruption.

The data privacy landscape continues to undergo significant shifts. Ever-evolving regulations,...
The data privacy landscape continues to undergo significant shifts. Ever-evolving regulations, combined with customers’ data privacy concerns and protection expectations, mean that marketers need to approach digital marketing operations intentionally and with a focus on three key areas as outlined above. (CNW Group/Info-Tech Research Group)(PRNewswire)

In the new resource, the firm outlines the situation in which marketers find themselves, where they have substantial return on investment (ROI) pressure to collect as much customer information as possible while also adhering to legal requirements to justify that data collection and usage in delivering value to the customer. Ethical marketing involves not losing or selling customer data, collecting only necessary information for a given purpose, and giving people control over their personal data sharing.

Digital marketing is a broad category of channels, technologies, services, and practices, with new technologies such as artificial intelligence (AI), marketing automation, and predictive analytics being regularly introduced into the marketing space. Technologies used and the way they are deployed in online advertising and marketing have the potential to be highly privacy intrusive, increasing the need for intentional data protection efforts.

"In the consumer world, transparency, trust, and control of personal data is key to expanding the customer base," says Alan Tang, principal research director of Security & Privacy at Info-Tech Research Group. "Embedding privacy-by-design principles into the digital marketing lifecycle and processes will enable business growth while simultaneously managing data protection risks. It's also important to remember that organizations should only collect adequate, relevant, and limited personal information that is necessary for business purposes."

Info-Tech Research Group has pinpointed 10 principles of focus for IT and marketing leaders in the implementation of privacy-first marketing strategies, as outlined below:

  1. Data hygiene for sharing – De-identification, pseudonymization, and anonymization methods and processes must be documented, ensuring that the methods are being used and can be verified.
  2. Vendor risk management – Many organizations know they need to secure their supply chain but struggle to find the right level of due diligence. An end-to-end third-party privacy risk management process should be established to protect the shared data.
  3. Transparency – An organization's privacy notice explains its commitment to the data subject. IT and marketing leaders must ensure it is accessible at the beginning of all data collection activities.
  4. Direct marketing user choice and control – The consent for direct marketing and data processing should be obvious, prominent, and not bundled with other terms and conditions.
  5. Cookie settings – It is important for IT and marketing leaders to identify essential and non-essential cookies for consumers and to ensure the organization is following cookie compliance regulations.
  6. Email campaigns – Understanding the target audience and the current and existing business relationship with that audience is critical for conducting an ethical email campaign. It is also crucial in complying with privacy and data protection laws.
  7. Data retention – Those responsible for ensuring data privacy must establish a single source of truth for their data. Unnecessary personal data will cause additional challenges in the event of a breach.
  8. Purpose limitation – Organizations and their IT and marketing teams should only collect personal information as required for business endeavors. That information must be relevant and limited to what is necessary to support those business endeavors.
  9. Security protection – A best-of-breed approach to implementing appropriate risk-based technical and organizational measures to ensure the ongoing confidentiality, integrity, and availability of personal data ensures holistic coverage of an organization's information security program.
  10. DSAR handling – Data subject access requests (DSARs) are a written or electronic request for personal information made by a data subject to an organization that stores information about the individual. How often the organization can successfully fulfill DSARs will soon become key differentiators and must be prioritized by IT and marketing leaders.

The IT research and advisory firm also suggests documenting organizational readiness and identifying mitigating controls via its Privacy Readiness Assessment Tool.

To access the complete research on data protection and privacy, IT and marketing leaders can download Privacy by Design for Digital Marketing.

For more information about Info-Tech Research Group or to view the latest research, visit and connect via LinkedIn and Twitter.

About Info-Tech Research Group

Info-Tech Research Group is one of the world's leading information technology research and advisory firms, proudly serving over 30,000 IT professionals. The company produces unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. For more than 25 years, Info-Tech has partnered closely with IT teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

Media professionals can register for unrestricted access to research across IT, HR, and software and over 200 IT and industry analysts through the Media Insiders program. To gain access contact

Info-Tech Research Group Logo (CNW Group/Info-Tech Research Group)
Info-Tech Research Group Logo (CNW Group/Info-Tech Research Group)(PRNewswire)

View original content to download multimedia:

SOURCE Info-Tech Research Group

The above press release was provided courtesy of PRNewswire. The views, opinions and statements in the press release are not endorsed by Gray Media Group nor do they necessarily state or reflect those of Gray Media Group, Inc.