What constitutes the ‘right’ approach to using third-party data?

Third-party data is a perpetually controversial topic. The market for data is in a state of constant flux, and is likely to change significantly in Europe over the course of the coming two years, as archaic EU regulations are updated to better meet the needs of the modern consumer and tackle widespread privacy issues.

In terms of this latter point – many businesses might be excused for misinterpreting what regulators actually define as ‘third-party’ data (see the Information Commissioner’s Office’s 41,000 word document on definitions, for proof of this). But putting this aside, there’s no denying that a whole industry of data misuse has built up as a byproduct of the business need for more insight about customers. But consumers are becoming more savvy – to the point that trust in personal data use is eroding and almost half of people are “suspicious about how companies are using our data”.  

According to recent research from Royal Mail Data Services, 49.6% of senior data, marketing and analytics practitioners state they use data provided by third parties. This is understandable given that, used correctly, third-party data is able to enrich the buyer-seller experience for both business and, crucially, the consumer too.

But with such a delicate balance needed to ensure best practice, how should businesses approach third-party data whilst ensuring they don’t become part of the unscrupulous user group?

“People are receptive to communication when it is relevant and timely,” says Jim Conning, managing director for Royal Mail Data Services, one of the UK’s core third-party data providers.

“For instance, people aren’t likely to be annoyed if they’re booking a flight and someone emails them about hotels, or if they’re moving house and a DIY chain offered them 10% off their next order. Gaining information from a third party results in better performance and less wastage for a campaign.   

“But you need to look at your first-party data – your customer base, and who you’re going to be providing a service to. Then pick third-party data providers that allow you to understand when your customers 1) are changing or 2) are in a position where it’s good for you to engage. Then you need to choose the channels in which you want to engage. Some customers don’t like to interact digitally. Some like mail, some don’t. This is information to glean from testing and then changing your system.”

Picking data providers

The process of picking a third-party data provider is outlined in Royal Mail Data Services and MyCustomer.com’s latest report, Third-party data in 2016: The marketer’s guide, with the fundamental requirement (in the UK), at present, being to ensure any supplier chosen is onside of guidelines published by the ICO and set out by the Data Protection Act 1998.

For marketers, the points about direct marketing through calls, SMS, email and post are particularly relevant given the amount of spend via these channels. But failing to establish whether a provider meets the ICO’s requirements around these channels can carry fines of up to £500,000 for a business, with the legality of being able to push fines on businesses set to become even more stringent as a result of the impending EU General Data Protection Regulation (GDPR).

“Right now it would seem like the ICO is going after the people who market, but they have the capability to go after the data providers as well,” says Conning.

“Using Royal Mail as an example - we safeguard our clients, we have a data protection and compliance director who sits in our legal team. He makes sure Royal Mail as a whole stays onside with the latest movements in legislation. We’ve met with the ICO to talk through our current practices as well as some of the things we’re thinking of doing. We then apply any rules across our data to make sure that our information is correct and permissioned, and that if a consumer wants to change their permission status, we can change it immediately.”

Picking a provider shouldn’t even come into consideration without ensuring they are able to match similar, fundamental requirements; and how the data is permissioned is perhaps the first requirement to tick off on the list.    

Maintaining quality

In Royal Mail’s case, their third-party data offers a unique perspective on a customer’s current home situation, given that, as a 500 year-old organisation, it is the direct link to address details for everyone in the UK.

The misuse of data is hampering the right use of data. If you have properly permissioned data and the process that allows people to easily opt-out, then you shouldn’t have to worry about legislation or how you’re using third-party data

Any time an individual or business moves, the Royal Mail is the first data provider to hear about it. Combining this sort of rich and up-to-date information with other public records such as open information held at the Driver and Vehicle Licensing Agency, Land Registry or the Electoral Roll improves your understanding of a customer, but it also ensures some level of data quality above and beyond what many companies hold.

And given the Royal Mail receives at least a million customer redirections a year and 10,000 contact and address changes a day, you can get an idea of how quickly your information about a customer can become inaccurate. A recent Demand Gen Report revealed that more than 62% of organisations still rely on prospect data that is 20-40% incomplete or inaccurate. And with almost 85% of businesses said they are operating CRM and/or sales force automation databases with between 10-40% bad records, it’s clear that maintaining data quality is becoming an increasingly necessary part of staying on the right side of the third-party debate.

Juanita McGowen, a marketing analyst and expert on data quality believes third-party data users should check how the data provider builds and maintains its information, asking whether people have to register or ‘opt-in’ to be included in their lists. It’s also important to understand how frequently information is updated and what rights you have to use it. Some companies sell data for multiple uses, whilst others may grant a single-use licence.

McGowen also suggests involving other departments in your business to ask the following, initial questions around the quality of third-party data:

• How reliable do your colleagues think the data is, and why?
• Has the data been reviewed and maintained since it was collected?
• How much (and what kind of) data do you really need to carry out marketing activity?
• Has an audit been run recently to check for duplicate information and consistency?

“It’s all about maintaining quality – otherwise you’re wasting money or annoying customers,” Conning adds. “Get your data as accurate as you can. Then build a system that allows you to keep your data as accurate as you can.

“It’s a phase through from data quality to what type of business you are, who your customers are and what it is you provide that they might want. What opportunities does this create to drive more business?

“It’s less about system and more about service. What are you looking to provide? Do you have high transaction numbers? You can set daily, weekly, monthly updates based on these answers. You then have inputs areas to make sure the data going into your business is as accurate as it can be.”   

Ethical practice

The dangers of getting third-party data use wrong can be severe. Even some of the globe’s biggest companies have been brought into question for the process in which they have sold third-party data on, with security firm AVG’s selling of search and browser history data to advertisers through a subtle change in its privacy policy just one recent example.

And consumers are becoming less and less tolerant. You only have to look at the way Facebook's Free Basics concept was derailed in India to realise that, in the process of research to purchase third-party data, only the most ethical and quality practice is acceptable.

“For me, the stigma is around low quality data,” adds Conning. “The misuse of data is hampering the right use of data. If you have properly permissioned data and the process that allows people to easily opt-out, then you shouldn’t have to worry about legislation or how you’re using third-party data. But you have to have the correct way to get that data, the right process of managing it and easy modes for opting-out.

And this comes with a warning: “It’s our responsibility to keep data up-to-date and permissioned correctly. Ultimately though, it’s not the third-party provider doing the mailing. It’s the responsibility of the company doing the mailing to ensure data is correctly permissioned and not used for unethical reasons.”

Download the MyCustomer and Royal Mail Data Services report: Third-party data in 2016: The marketer’s guide