Mike Britton, Chief Information Security Officer for Alliance Data, joined the Fortune 500 company 12 years ago. He has more than 20 years of experience in Information Security, Audit and Compliance roles for companies that include IBM, MCI and VF Corporation.
Mitchell Merowitz is responsible for the corporate reputation, global privacy practices, legal, regulatory and legislative affairs of LoyaltyOne. As Senior Vice President, Corporate and Legal Affairs & Chief Privacy Officer for LoyaltyOne, Mitchell also oversees the company’s database governance and international consumer privacy and data protection policies.
Noga Rosenthal is Chief Privacy Officer, Noga oversees all privacy-related activities for Epsilon and Conversant, including global development, implementation, maintenance of and adherence to the organization’s policies and procedures covering the privacy of, and access to, online and offline consumer data. Her responsibilities include ensuring compliance with various self-regulatory regimes as well as domestic state and federal laws and regulations and those of foreign jurisdictions.
Rob Boutell, Chief Information Security Officer of Alliance Data’s card services business, is responsible for the information security strategy and program of the Columbus-based business. His nearly 20 years of information technology experience includes an emphasis on cybersecurity, risk management and compliance. Rob holds a B.S. in management information systems and finance from Miami University.
Q: “Respecting Privacy, Safeguarding Data and Enabling Trust” are the key themes for Data Privacy Day. What do these themes mean for you in your roles at Alliance Data, Epsilon and LoyaltyOne?
Mike Britton, Alliance Data: Alliance Data is a data-driven company, and to enable our clients to connect with their customers we need to be able collect, steward and protect data that in some instances is sensitive personal data. If our clients can’t trust us to protect their data, we go out of business. Unfortunately there isn’t a magical technology solution where you push a button and that automatically happens. We rely upon our associates and partners to understand the duties and obligations to protecting data, and regularly educate and assess them on how well they perform those duties.
Mitchell Merowitz, LoyaltyOne: Respecting privacy, safeguarding data and enabling trust have long been pillars in our approach to managing and maintaining our relationships with both partners and consumers. Making sure these pillars remain strong at the bedrock of an evolving marketplace is top of mind and key to my role within LoyaltyOne.
Triggered in part these past few years by a massive wave of new technology that continues to reshape the global retail industry, consumers have, and will continue to demand a greater say in how businesses collect and use personal, transactional and modeled information about them. This isn’t a development for one person, nor one group to address on its own.
By working together—business, technology, marketing and customer experience associates across LoyaltyOne— we’re able to test, learn, and when necessary, recalibrate how we best use data to meet the objectives of our businesses and business’ partners, and respect the evolving interests and expectations of clients and consumers moving forward.
Noga Rosenthal, Epsilon: Respecting consumer privacy and safeguarding data is central to everyone’s role at Epsilon and its digital media arm Conversant. My role is to ensure our privacy program advances as laws and regulations change. It’s also a crucial part of my job to continue to evolve and customize our privacy training for Epsilon’s and Conversant’s associates, in order to help them better understand their roles in keeping Epsilon and Conversant compliant with ever changing laws and regulations as our services and technology evolve, and the implications from emerging online platforms. In 2017, for instance, we hosted over 50 privacy trainings for Epsilon and Conversant to help educate associates on these topics.
Rob Boutell, Alliance Data’s card services business: As the provider of tailored marketing and loyalty solutions with branded credit programs for many of the world’s most loved brands, data privacy is part of our values and our commitment to be a responsible corporate partner.
Q: What privacy-related trends do you expect to see in 2018?
Rosenthal: From an industry perspective, General Data Protection Regulation (GDPR) and how consumers react will significantly affect organizations worldwide that collect and/or process personal data of individuals working, visiting or residing in the European Union. Epsilon and Conversant are leading industry efforts around comprehending how GDPR applies to its businesses. Working closely with industry groups, such as the Direct Marketing Association in the UK and the Interactive Advertising Bureau EU, Epsilon is helping to shape and create guidance materials to present to the local Data Protection Authorities and industry as a whole that will help address open questions around certain GDPR requirements.
Britton: I agree with Noga. For 2018, it’s all about GDPR. I equate the current environment to the build up to Y2K back in 1999. I’m hoping that it will be as anti-climactic. The trend I see is the assumption and requirement of privacy by design and default and the trend of trying to desensitize the information. Data localization laws are trending globally and threaten the free flow of data necessary to drive commerce.
Boutell: I also agree that GDPR is probably the biggest privacy-related topic for 2018. With our business focused on retail, I think the evolution of the consumer and the retail transformation is also a trend we need to consider. Today, consumers want brands to reach them in a manner that is timely, thoughtful and relevant. Customer insights and analytics from consumer data are what drive today’s loyalty and marketing programs. Leveraging these insights and analytics present great opportunities for brands, but also require the need to be responsible and committed to securing consumer data.
Merowitz: Increasing geopolitical differences in policy, jurisdictional regulators’ decisions, Court decisions and their global implications on both individuals and organizations, and most importantly, individuals’ evolving expectations to have a greater say about data, will further strain business’ ability to approach and manage data without the interests of the individual at the center of decision-making processes.