From every eCommerce store, micro site, to blogs there is a need/desire to capture customer identities. With this need there becomes challenges and legal considerations around the customer’s privacy. The challenges can also lead to opportunities for better customer engagement which will lead to more sales, views, and other targeted business metrics.
First let’s cover the elephant in the room, customer privacy. Let’s start in the European Union, EU, where customer privacy has been more progressive than in the United States. In 1995 the EU passed the Data Protection Directive which regulates the processing of personal data. As technology evolved and data leaks become more pervasive the need for stricter regulations were self evident. Now if you are collecting PII (Personally Identifiable Information) of EU citizens you must comply with GDPR, General Data Protection Regulation. The penalties can be harsh (up to 4% of gross revenue) if you are not in compliance. In France the authorities fined Google 50 million euros (£44m). What did they do? According to CNIL it said they levied the record fine for “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.
If you don’t conduct business in the EU there are still regulations in the US you must be aware of. First there’s HIPPA that covers patient medical records. If you’re in healthcare you better be well versed on this regulation as if you violate PHI (Patient Health Information) there are fines of $1.5 million annually and even jail time (10 years with willful neglect). If you’re in finance there’s GLBA (Gramm-Leach_Bliley Act), and if you process credit cards PCI DSS, Payment Card Industry Data Security Standards, rules you must follow.
It doesn’t end there either. The state of New York has PPPL, personal privacy protection law, and then there’s the California Consumer Privacy Act of 2018. For a full list of states with internet privacy laws visit the National Conference of State Legislatures site – here.
Admittedly all of this can be daunting and quite a challenge to stay ahead. For large organizations there are full time privacy teams to stay ahead of regulations. And some regulations call for Data Privacy Officers. This is changing every organization and putting a spotlight on digital privacy rights.
With these challenges comes opportunity. One of the ways to stay current on regulations is use to a CIAM, Customer Identity Access Management, solution. CIAM solutions can’t cover all the regulation requirements as it focus on the digital customer identity but helps with staying compliant in an ever evolving landscape. It’s important to note that not all CIAM solutions are identical and if you’re primary concern is compliance with regulations ensure you chose accordingly.
With CIAM you’ll be able to better service your customers. This is because of increased visibility/unification of customer data. For example if a customer is on your eCommerce site browsing for new running shoes then you’ll be able to provide more personalization that’ll lead to higher conversation rates. Couple this with customizable registration forms (ie maybe birth date input) you can personalize how you want to market to your customer base!
Consider the following customer life-cycle:
The first time a customer visits your site they typically browse around and search for what they are looking for. Rarely will they ever go straight towards signing up or purchasing. At this point in time the customer is unknown to the organization. By tracking the anonymous actions you’ll gain additional insights that will move the customer along their life cycle. As the customer is pondering the ability to personalize will increase the likelihood of the customer registering and signing up for an account. At this point the customer is moving into a converted state. As part of this conversion you should be able to customize the attributes being collected and preferences of the customer. The unification of all this customer data allows for greater customer retention and repeated users.
Also customers have high expectations for their experience with your site. They want single sign on capabilities and a desire to use trusted sources for access. When this is not provided we lose customer signing up, lose of sales, and lose of repeat purchases. For example customers want to use their social accounts to be able to access your site. Let’s say sign up / login with Facebook, Google, Twitter, etc credentials. When looking at CIAM solutions there’s a strong need for support of SSO capabilities rather its OAuth, OIDC, or SAML. This will provide your organization with greater flexibility to retain and grow your customer base.
CIAM solutions have a strong focus on security. Fraud is a constant challenge in an ever increasing digital presence. CIAM solutions provide capabilities such as access management. For example if the identity has never been seen it might be worth issuing a reCaptcha to ensure its not a bot. If the identity is known to have fraud associated with it maybe you’ll want to deny access or force MFA (Two Factor Authentication). You can couple this with IP, device, Geo-location, and other information for a full 360 degree view of the identity trying to gain access.
In short, CIAM is an evolving landscape that can help your business with greater customer insight and more complex regulatory environments.