Data v Privacy: Protecting your consumers and their information online


While having all the data you could want (and often can handle) at your fingertips is a blessing, it can be viewed as otherwise by consumers. Many individuals are deeply concerned about their personal information and how it is used online. While the law currently lags behind technology in terms of how you can gather and use the personal information you have about your current and potential clients, many companies have taken proactive steps to show that they gather, store and employ data in a secure, private manner that requires explicit consent.

First, a few definitions. Most laws have requirements built around PII, otherwise known as Personally Identifiable Information. This information, for all intents and purposes, can be used to identify an individual specifically. Confusing? Let us demystify.

Data v PII

Past browsing data or email subject lines clicked on can help you reach a particular consumer, and even personalise your communications to a specific person. However, that information alone would not necessarily contribute to the identification of the individual to whom you are selling. Conversely, information such as gender, home address, telephone number or email is highly personal and when used together, can identify a specific person.

Some details

Correctly and accurately matching data and removing duplication to deliver the most reliable data intelligence, relies on the most appropriate technique for a given scenario, and at Mojn we employ highly sophisticated algorithms using those which fall broadly into two types:

Deterministic matching is a rules-based process to determine and relies on either comparing values within records (such as names) to determine a match, and these individual results are often weighted and given a ‘matching score’. Additionally, where values are present in both records but do not match, they create a ‘non-matching’ score, which combined deliver an overall match ’relevancy score’.

Probabilistic matching operates a little more like the human brain as opposed to the binary approach above, think fuzzy logic. In this case, multiple field values are compared between two records using statistical algorithms, in order to deduce the most reliable match. Again, weighting is used to deliver a score but here, rated in terms of how probable a match is, or a ‘confidence score’.

Laws about PII and consumer data

Many organisations are cashing in on the lack of legal infrastructure around data compliance. Companies such as eTrust have created their own assessment tools that track how companies collect and store private consumer data, but the assessments are a combination of international law and consumer-led requests. Companies that collect a combination of data and PII, such as MailChimp, are eTrust certified. You can learn about Mojn’s adherence and commitment to supporting the initiatives of greater transparency and control for users at

There are a few general laws regarding consumer privacy and email policy, but they are hopelessly outdated; the law can’t keep up with the times. The most recent in the UK is the 2003 Privacy and Electronic Communications Regulations (otherwise known as the EC Directive). However, this law only regulates how and if consumers can receive emails, and gives them options to opt out of unwanted emails. The law applies to any organisation that sends out marketing by telephone, fax, calling system, email, SMS MMS or other electronic communication methods. The law does provide coverage for both individuals and corporate subscribers (i.e., v, and the opt out provision is regulated for individuals. There are also requirements regarding how you disclose how information will be used and where it will be stored. Emails to corporate subscribers are more loosely regulated and can be sent without opt in if the email does not contain any personal information (i.e., an untargeted solicitation email).

Looking further back in time, the Data Protection Act of 1998 requires opt out consent in the case of emails involving non-sensitive personal data, and express consent for emails that involve data on sensitive information such as ethnicity, politics or medical conditions.

….and that’s it, if you can believe it. That’s about the extent of legal measures to protect a consumer’s personal data and how it can be used online.

Independent measures to protect data – and where marketers fit in

The Information Commissioners Office (ICO) is an independent authority set up to uphold information rights in the public interest and investigates infringements of this policy on behalf of consumers. Law Donut provides some interesting information on making sure your email database is legal. These are two UK-based independent organisations dedicated to helping consumers and businesses navigate the murky waters around data and privacy protection. Each has periodicals and in-depth information available for marketers and consumers to arm themselves with information about data and privacy protection.

For most marketers, the first step is reading up on the laws. After that, finding a way to make consumers feel comfortable giving you their PII, and knowing you’ll keep it secure, is crucial. The eTrust Certificate, or even a disclaimer about how data will be used in a very visible place, written in plain English, can help. Finally, using an encrypted, secure database is mission-critical. There’s nothing more embarrassing than data leaks and hacks, as companies such as American retailer Target or Barclays Bank can attest.

We’ll keep you up to date on Data v Privacy as laws and legislation arise – but there are very few viable laws on the horizon. Instead, keep your company ahead of the curve by protecting the interests of your consumers and using their data in a responsible manner. It’ll pay dividends in the longer-term.

If you have questions feel free to contact compliance[at]

Send emails that change everything