Breach blocks: Why HK marketers need to build up their data literacy

Hong Kong’s marketing industry has identified the importance of data, but actually understanding how to use it is critical to success. Simon Yuen talks with marketers and IT experts on getting to grips with data literacy.

The need to know

While many a piece has been written on the importance of data, marketers are still trying to get their heads around using data to drive their businesses.

In the pre-internet age of traditional marketing – when direct mail, product samples, cold-calling, TV and publication ads ruled – marketers made decisions based on experience feedback as the ruling form of data. In modern marketing, though feedback remains important, other more impartial forms of raw data play a greater role as customer demand for customisation only increases.

“We need data to develop world-class products since we can understand people’s behaviour through it. A super close relationship with data helps us deliver the best products,” says Calvin French-Owen, co-founder and CTO of customer data infrastructure company Segment.

Calvin French-Owen

And, as the floodgates of information open for marketers, they now have to know what types of data they actually require for their needs.

“Marketers need to know what hard data and soft data are,” says Edmond Lai, chief digital officer of the Hong Kong Productivity Council.

“Email addresses, phone numbers, occupations and the amount of spending are some of the typical examples of hard data, while behavioural data is a prominent example of soft data.”

By combining both hard and soft data, marketers can find target audiences easier, enabling swift amendments to their marketing strategies. Conversion rates, download numbers, and the cost-per-click can all be figured out with deft use of data.

Yet, when it comes to data, the adage of having “too much of a good thing” often rings true. Though tempting, it is not a wise decision to collect mountains of data, when collecting a minimal, but relevant – and manageable – pool of data is good enough.

“For example, if I invited customers to join my chain restaurant’s loyalty programme, I would only need to know the month of his or her birthday because it’s a great opportunity to offer them a coupon,” says Ravel Lai, chief digital officer of Dah Chong Hong Holdings.

He says marketers need to know more about the nature of the data they have collected, and put it into context. Mindlessly hoarding data just because it’s there may only distract marketers from seeing the whole picture.

Ravel Lai

The need to learn

However, a data-driven marketing approach is no easy task, and one of the biggest challenges of using data in the industry is the potentially crippling lack of knowledge among marketers.

“Marketers may not be proficient in statistics, data modelling, and data cleansing, while they may also not know how to aggregate data. That’s why many brands are looking for data scientists and data analysts to gather and analyse a drop in the ocean,” Edmond Lai says.

Edmond Lai

While no platform can gather infinite data, if brands cannot collectively handle the data they have in a single platform, it increases the difficulty in using and exercising said data.

To better collect data, brands are also being advised to conduct social listening and competitor monitoring to get more insights from customers and the industry.

“But you need to know the goal of getting data. At Skyscanner, we aim to solve customers’ problems related to travel, and we work with companies sharing the same values with us,” says Fang Fang, growth marketing lead of APAC of Skyscanner.

Fang Fang

The higher the level of data literacy an organisation has, the better its effectiveness at marketing. But raising that knowledge bar is proving problematic.

“Limited budget is the major problem when hiring data scientists, but we are still looking for ways to enhance the level of data literacy,” Edmond Lai explains.

“Generally, the level of data literacy among marketers has increased significantly in recent years.”

Digital marketing and digital analysis are utterly reliant on each other. For marketers at agencies that are unable to fund courses, the prospect of stepping up to self-learn or pay their own way is becoming an unfortunate necessity to equip themselves with the tools to compete.

And while it is extremely difficult to hire a data scientist with the requisite experience, marketers also have the option of enlisting consultancy firms to gather insights into the industry and their customers.

But the major challenge of the day is the unwillingness of customers to disclose their personal information. A never-ending stream of high-profile privacy-related news coverages and data breaches has led to a heightened awareness of data protection. A reaction, that though understandable, poses new difficulties for marketers who need to understand consumer behaviour.

The need to safeguard

Protecting data is a chief concern – or at least it should be – for every marketer worth their salt. Data security revolves around a process of protecting accounts, databases, and files on a network by using a set of controls, applications, and other techniques.

This is followed by identifying the relative importance of the collections of data, their level of sensitivity, noting regulatory compliance requirements, and then applying appropriate protections to secure those resources.

“We need data to develop world-class products since we can understand people’s behaviour through it.”

Data security consists of three aspects: confidentiality, integrity, and availability. Confidentiality ensures that data is only accessed by authorised individuals, while integrity is equivalent to being reliable and accurate. Availability ensures data is available and accessible to satisfy business needs.

As brands retain oceans of customer data, the importance of protecting that data cannot be underestimated. A single leak could spark a firestorm of a PR crisis. One year on and Hong Kong still remembers the prominent example of flag carrier Cathay Pacific.

In October 2018, Cathay Pacific revealed the data of 9.4 million passengers had been accessed illegally. The kicker being the breach had been detected months earlier in March and confirmed as early as May the same year.

The incident sparked a public outcry as about 245,000 Hong Kong identity cardholders and 55,000 passport holders in the city had been affected. The extent of the breach’s notoriety was so severe that it was commonplace to hear conversations of people comparing what data of theirs had been reported as compromised in the apologetic emails they received from Cathay.

Chairman John Slosar promised to improve IT security and training and stated that law enforcement authorities would be brought in earlier in the future.

earlier in the future. Though a data leak could damage a company’s reputation significantly, protecting data is not as difficult as one might think, since fatal mistakes often stem from simple negligence.

For example, employees may store data or sensitive files on an open platform which can be accessed by an entire network of users. Other than the obvious advice of paying closer attention, utilising security software that classifies and moves sensitive data to secure locations on a system is both an easier and safer solution to this problem.

More draconian, but effective methods include strictly limiting users’ access. To be blunt, not everyone in an organisation needs to see customers’ personal information.

To better protect data, it should not be overexposed to employees or other users. If they can’t access the data, they can’t be compromised, so stopping access to data beyond their needs simply makes sense.

Brands can also limit the use of outside computers and other equipment to avoid some of the more nefarious back door methods of entry.

Just as excessive data collection can be unwieldy, the more data that a brand collects, the higher the risk of it being leaked or hacked. Collecting excessive data is equivalent to wasting time and resources to handle it, so brands are advised to collect only data that is necessary.

Requesting unnecessary data from customers has another downside of note – that they become even more skittish about why brands need all the information in the first place, and how safely it will be stored. That, again reasonable fear, can drive them away.

A small, yet useful step is to enable customers to opt-out of submitting personal information. Other measures to enhance customer confidence include destroying data after brands have used it. This not only reduces the risk of hacking, but it also – if publicised – reinforces customer confidence about privacy measures and transparency.

But really, it is regular training for staff that is the most essential step for protecting data. Through comprehensive security programmes and policies, everyone in a company can understand the importance of data protection and adhere to the guidelines.

That doesn’t mean putting the onus on staff and letting organisations off the hook. They should adopt encryption technologies and update frequently – and regularly – to avoid attack from hackers. Installing the latest security software, browsers, and operating systems are the best ways to keep hackers and online threats at bay.

Because, at the end of the day, you don’t want your brand being the next one people chat about having lost their data with over a pint.

Read More News