tag:econsultancy.com,2008:/topics/privacy-data-protection Latest Privacy & data protection content from Econsultancy 2016-09-05T14:47:57+01:00 tag:econsultancy.com,2008:BlogPost/68239 2016-09-05T14:47:57+01:00 2016-09-05T14:47:57+01:00 For IoT medical device firms, security issues are no longer just bad PR Patricio Robles <p>For obvious reasons, <a href="https://econsultancy.com/blog/68048-personal-data-and-privacy-in-the-digital-healthcare-age">privacy</a> and security concerns are of paramount importance when it comes to connected medical devices, and one medical device manufacturer, St. Jude Medical, is learning that potential problems with connected devices can be more than just a PR headache.</p> <p>On Thursday, investment firm Muddy Waters Capital <a href="http://www.muddywatersresearch.com/research/stj/mw-is-short-stj/">published</a> a research report claiming that a security flaw in St. Jude's Merlin@home device contained a security vulnerability that could potentially leave individuals with those implanted devices at risk to remote cyber attackers.</p> <p>In the report, Muddy Waters' Carson Block suggested that patients using potentially vulnerable devices should disable connectivity for their implanted devices and that St. Jude should issue a recall.</p> <p>Since nearly half of St. Jude's revenue comes from the allegedly affected devices, Block argued in his report that St. Jude could see its revenue plummet over the next two years, the length of time he believes it would take for the company to fix the problem and handle a recall.<br></p> <p><img src="https://assets.econsultancy.com/images/0007/8787/st_jude_medical.png" alt="" width="700" height="309"></p> <p>Not surprisingly, shares of St. Jude stock dropped, and trading in them was temporarily halted.</p> <p>The company's share price recovered after it issued a statement disputing Muddy Waters' claims, calling them "false and misleading," but the Food and Drug Administration (FDA) <a href="http://www.startribune.com/st-jude-medical-sharply-criticizes-short-seller-s-attack-on-its-cybersecurity/391437581/">confirmed Friday</a> that it will be looking into the matter with the Department of Homeland Security.</p> <h3>More than just a PR problem</h3> <p>One of Muddy Waters' claims, that St. Jude's implanted pacemakers could have their batteries drained by a remote attacker 50 feet away, is for obvious reasons concerning.</p> <p>St. Jude says that such claims are meritless, noting that its implanted devices only have a wireless range of seven feet after they are implanted. </p> <p>University of Michigan researchers who have tried to exploit the vulnerabilities claimed by Muddy Waters <a href="http://www.reuters.com/article/us-st-jude-medical-cyber-university-idUSKCN1152I0">said</a> the "evidence does not support [Muddy Waters'] conclusions."</p> <p>But Muddy Waters counters that in the name of responsible disclosure, it did not release all of the details of the vulnerabilities.</p> <p><em>Two of St. Jude's pacemaker products</em></p> <p><img src="https://assets.econsultancy.com/images/0007/8788/St_Jude_products.png" alt="" width="752" height="449"></p> <p>Needless to say, it's far too early to make a judgment here and, ultimately, the FDA's investigation will establish whether the claims leveled by Muddy Waters are legitimate.</p> <p>If they are, they could threaten the pending $25bn acquisition of St. Jude by Abbott Laboratories, so the stakes are high.</p> <p>Whatever the final outcome, the situation is a wake-up call to companies manufacturing connected medical devices.</p> <p>That's because, as <a href="http://www.bloomberg.com/news/articles/2016-08-25/in-an-unorthodox-move-hacking-firm-teams-up-with-short-sellers">detailed by</a> Bloomberg's Jordan Robertson and Michael Riley, the Muddy Waters vs. St. Jude battle "reveals a new front in hacking for profit."</p> <p>Muddy Waters didn't identify potential vulnerabilities in St. Jude's devices.</p> <p>They were discovered by MedSec, a cybersecurity startup, which approached the investment firm and proposed a partnership in which MedSec would give its evidence to Muddy Waters and share in the profits if Muddy Waters was able to drive St. Jude's share price down.</p> <p>As Robertson and Riley note, "bringing this kind of information to an investment firm is highly unorthodox."</p> <p>Typically, security researchers make money by bringing vulnerabilities to the attention of the companies responsible for them in exchange for monetary compensation and/or public recognition.</p> <p>Alternatively, unscrupulous researchers sell the vulnerabilities they find on the black market.</p> <p>MedSec's CEO, Justine Bone, said that:</p> <blockquote> <p>As far as we can tell, St. Jude Medical has done absolutely nothing to even meet minimum cybersecurity standards, in comparison to the other manufacturers we looked at that have made efforts.</p> </blockquote> <p>So she decided not to bring the issue to St. Jude's attention.</p> <blockquote> <p>We were worried that they would sweep this under the rug or we would find ourselves in some sort of a hush litigation situation where patients were unaware of the risks they were facing.</p> <p>We partnered with Muddy Waters because they have a great history of holding large corporations accountable.</p> </blockquote> <p>While MedSec's decision is sparking debate over the ethics of security researchers, the message to companies that are involved with connected devices involving health and medicine is clear: Privacy and security must be top of mind as they have the potential to cause real wounds, not just PR scrapes.</p> <p>Interests with sophisticated tools, big bank accounts and media megaphones are increasingly going to be looking for problems, and when they think they find them, they're going to look to inflict damage, even if it's in the name of accountability.</p> tag:econsultancy.com,2008:TrainingDate/3007 2016-08-10T17:38:53+01:00 2016-08-10T17:38:53+01:00 Google Analytics Advanced - Optimising your Site <p>Research by Econsultancy has shown that over 70% of companies now use Google Analytics systems to report online performance. However, frequently the tool hasn't been configured to tailor reports to make full use of its capabilities and drive business results.</p> <p>This practical small group workshop will help you get the most out of Google Analytics to improve your tracking, website and marketing campaign efficiency. Submit your own site during the workshop, and you'll have an opportunity to have it reviewed, with recommendations on "quick win" improvements for you to consider made by the expert trainer.</p> tag:econsultancy.com,2008:TrainingDate/3005 2016-08-10T17:36:31+01:00 2016-08-10T17:36:31+01:00 Google Analytics <p>Research by Econsultancy has shown that over 70% of companies now use Google Analytics systems to report online performance. However, frequently once the tool is in place there seems to be a "what next" moment.</p> <p>This practical, small group workshop will help you to get started with Google Analytics, offering you plenty of practical tips and shortcuts.</p> <p>You'll learn how to get useful information from the tool so you can begin optimising your site, online marketing and content.</p> <p>Your website will also be viewed by an industry expert, who will make recommendations as to the best starting points for your own analysis.</p> tag:econsultancy.com,2008:BlogPost/68108 2016-08-02T12:30:00+01:00 2016-08-02T12:30:00+01:00 Brexit and the Digital Single Market: Three ways forward Todd Ruback <h3>Brexit, data protection and the Digital Single Market</h3> <p>The people have collectively spoken and now policy makers need to forge a path forward that honours the will of the people, while also ensuring the UK’s access to the all important EU economic market – especially the digital market and this is no easy task.</p> <p>The UK’s decision to leave the European Union comes just on the heels of the passage of the EU’s General Data Protection Regulation (GDPR), a massive piece of legislation that aims to give control over personal data back to the individual through a series of new codified rights.</p> <p>The GDPR is a pan-European law that will add certainty for companies selling their wares to EU citizens.</p> <p>More importantly, it is the foundation of the <a href="http://ec.europa.eu/priorities/digital-single-market_en">Digital Single Market</a>, a strategic European initiative that aims to create fertile conditions for European-based innovation that will add billions of Euros to the overall economy, the UK included, while creating countless jobs.</p> <p><iframe src="https://www.youtube.com/embed/mTeqrJJPkfg?wmode=transparent" width="560" height="315"></iframe></p> <p><em>As well as increasing access to goods and services, the Digital Single Market will also improve networks and drive economic growth</em></p> <p>The UK’s pending exit from the EU puts it at risk of not participating in the Digital Single Market unless another option can be implemented.</p> <p>Here are three possible paths forward, none of them straightforward, but paths nonetheless.</p> <h3>Three paths forward</h3> <p><strong>1. UK adopts GDPR</strong></p> <p>The UK can adopt the GDPR as its own national data protection legislation, but then would still be left with the dystopian act of applying – upon a politically bended knee – to the EU to be granted “adequacy” status, which is legal jargon recognising that your data protection law offers the equivalent level of protection that the GDPR provides.</p> <p>If you receive “adequacy”, as countries like Canada and Argentina have been granted, then data can flow between the two economies freely.</p> <p>At issue is whether political egos will get in the way of applying for “adequacy” designation, and that is impossible to predict.</p> <p><strong>2. Be Switzerland </strong></p> <p>A second path forward would be for the UK to follow the Swiss model and negotiate a series of critical trade agreements with the EU that will allow the UK access to the EU digital market.</p> <p>While a series of one-off trade agreements may require a lot of heavy lifting and must be done quickly, it is important to remember that reciprocal access by the EU to the UK economy, the second largest in the EU after Germany, is important to the EU.</p> <p><strong>3. EEA Membership</strong></p> <p>A third path forward may be the simplest and could represent a balanced approach that would both honour the collective will of UK citizens, while still providing access to the EU Digital Single Market.</p> <p>Namely, the UK could apply to become part of the European Economic Area (EEA), a 1994 agreement that opens the EU market to non-member states under certain situations.</p> <p>Norway is the prime example, but there are technical considerations that I am not qualified to comment on that still must be met before a country can join the EEA, and like the first option, could result in an unbalanced relationship since membership is contingent upon meeting EU mandated and monitored requirements.</p> <h3>Riveting but serious </h3> <p>The UK political theatre playing out in front of us is riveting, especially for an American privacy wonk such as myself.</p> <p>But its entertainment value is far outweighed by the economic seriousness that portent if cool heads don’t negotiate a way forward.</p> <p>I know some of these cool heads, both in London and Brussels, and am confident that they will find that path forward that honours the democratic will of the referendum, while also fostering conditions for joint economic prosperity.</p> <p>It’s in everyone’s best interest.</p> <p><em>More on Brexit and the UK's digital economy:</em></p> <ul> <li> <a href="https://econsultancy.com/blog/68003-ecommerce-in-the-uk-post-brexit-positives-negatives-opportunities/">Ecommerce in the UK post-Brexit: Positives, negatives &amp; opportunities</a> </li> <li> <a href="https://econsultancy.com/blog/68001-how-will-brexit-impact-digital-businesses-and-marketers/">How will Brexit impact digital businesses and marketers?</a> </li> <li> <a href="https://econsultancy.com/blog/68099-three-ways-uk-retailers-can-utilise-the-post-brexit-gbp-drop-to-target-international-customers/">Three ways UK retailers can utilise the post-Brexit GBP drop to target international customers</a> </li> </ul> tag:econsultancy.com,2008:BlogPost/68048 2016-07-13T14:39:00+01:00 2016-07-13T14:39:00+01:00 Personal data and privacy in the digital healthcare age Lori Goldberg <p>In the past I’ve used NikeID, which communicates with a chip inside my sneakers to track my run data.</p> <p>Confession: I once attended a digital media conference and entered a contest to log the most steps on the conference floor. I tied my step-counting device to my ceiling fan and let it go all night.</p> <p>For some, there is concern that personal health data can be hacked, stolen, or exploited for marketing purposes without consent.  </p> <p>For those of us in the digital advertising sector, we have a responsibility to be clear about where our data comes from, consumer protection laws, as well as the benefits of advancing our health through data collection.</p> <p>Given this, below is a brief summary of how personal body data is being collected, protected, and used in the digital advertising sector today.</p> <h3>Current state of digital privacy</h3> <p>In terms of digital marketing, <a href="https://econsultancy.com/reports/healthcare-study-organizing-marketing-in-the-digital-age/">healthcare and pharmaceutical sectors</a> have long worked under state and federal laws to protect sensitive personal health information.</p> <p>For example, <a href="https://econsultancy.com/blog/67498-digital-media-vs-hipaa-violations-risking-your-reputation-in-healthcare/">HIPAA, the Health Insurance Portability and Accountability Act</a>, works to protect confidentiality of patients and control the flow and purpose of information used by insurers.</p> <p>Additional laws are in place that govern how and when healthcare providers can contact patients for the purpose of selling new drugs and treatments.</p> <p>These laws typically boil down to intent: is the marketer protecting the public from health risk, or are they trying to make money?</p> <p><img src="https://assets.econsultancy.com/images/0007/7028/fitbit.jpg" alt="" width="700" height="466"></p> <p>If there is a health risk to an identified class of patients, their personal information is more likely to be accessed.</p> <p>Additionally, Google and the Federal Drug Administration protect consumers with a thorough legal-medical review (LMR) process of each ad campaign.</p> <p>The privacy of your personal health information generated by apps and websites (also known as Patient Generated Data) is largely protected by HIPAA if the data is tied to a personal identifier, such as a user account associate.</p> <p>However, it is important to note that apps are developed around the world and enforcement of HIPAA policy is difficult unless complaints are filed.</p> <p>In fact, eHealth presents a new challenge for HIPAA. In 2015, the Office of the National Coordinator for Health Information Technology (ONC) and HIPAA began a two-year project to understand the sector and draft new policy on this matter.</p> <p>Until then, consumers should not quickly assume that app developers – particularly those outside the U.S. – are storing secure, HIPAA-compliant data.</p> <h3>Wearable tech</h3> <p>With the recent introduction of wearable technology and smartphone apps accessing our bodies, our personal body data is being trusted to technology companies and app developers who operate largely based on their own privacy terms and conditions.</p> <p>Companies such as Apple have vigorously protected consumer data, however many app providers are relatively anonymous to the general public.</p> <p>They are vulnerable to data breaches, hacks, and their own marketing principles.</p> <p>Apple’s HealthKit and Health apps collect health and fitness data including heart rate, calories burned, cholesterol, and blood sugar.</p> <p><img src="https://assets.econsultancy.com/images/0007/7029/fitbit_2.jpg" alt="" width="700" height="500"></p> <p>They also can connect with healthcare providers to share lab results, medications, and more. The insight provided makes a doctor more informed about the holistic status of one's health; however fears of data security persist.</p> <p>Many of the free apps available for download will earn revenue by selling your data, which could be associated with your account or user name identifier.</p> <p>According to the <a href="http://blogs.wsj.com/digits/2014/09/09/as-apple-moves-into-health-apps-what-happens-to-privacy/">Wall Street Journal</a>, “many of the roughly 40,000 health apps and wearable devices on the market today make money by selling user data to marketers and other companies.”</p> <h3>Epidemiological data</h3> <p>Epidemiological data is patient-anonymous data that allows the medical community as well as marketers to better track disease outbreak, rises in specific types of illnesses, and more.</p> <p>For example, <a href="http://thomsonreuters.com/en/products-services/pharma-life-sciences/pharma-business-development/incidence-and-prevalence-database.html">the Incidence &amp; Prevalence Database</a> covers over 4,500 diseases, procedures, symptoms and other health issues for incidence, prevalence, morbidity, mortality, comorbidity, treated or diagnosed rates, cost and much more.</p> <p>Forecasting tools such as this allow pharmaceutical advertisers to concentrate efforts in predicting illness patterns and making treatments marketed and available at the right time and place.</p> <h3>Personal genomics</h3> <p>Personal genomics through DNA sequencing provides your body’s genetic information for use in predictive forms of medicine.</p> <p>This could reveal genetic links to cancer, inherited predisposition to disease such as Alzheimer’s, or even help a doctor determine which medications will be most effective in treating your illness.</p> <p>DNA sequencing is available from popular online companies such as 23andMe, sequencing.com, and deCODE.me.</p> <p>Laws have been enacted in some U.S. states and by the federal government, such as the <a href="https://en.wikipedia.org/wiki/Genetic_Information_Nondiscrimination_Act">Genetic Information Nondiscrimination Act</a> (GINA) to protect citizens from being discriminated against based on their genetic profile.</p> <p>This information, if attained by an insurer or employer, may identify the person as a health risk or insurance risk.</p> <p>In summary, respected companies such as Apple will fight to keep personal health info safe, but the far reaches of its App Store reveal thousands of anonymous tech companies that are vulnerable to data breach and are perhaps willing to sell your information for profit in exchange for free apps.</p> <p>Google and the FDA work to regulate advertising claims among pharmaceutical companies and healthcare providers who partner with agencies schooled in LMR best practices.</p> <p>The upside of this data is in predictive medicine and personal insight into your health and fitness, which is a huge benefit for many people.</p> <p><em><strong>July is Data Month here at Econsultancy, so be sure to check out <a href="https://hello.econsultancy.com/datamonth/?utm_source=econsultancy&amp;utm_medium=blog&amp;utm_campaign=econblog">our latest reports and blog posts</a>.</strong></em></p> tag:econsultancy.com,2008:BlogPost/67988 2016-07-08T15:48:00+01:00 2016-07-08T15:48:00+01:00 Can search revolutionize healthcare & the diagnosis of diseases? Patricio Robles <p>When you don't feel so well, what do you do? Millions upon millions of people turn to their favorite seach engines looking for information.</p> <p>In fact, approximately 1% of Google searches are related to medical symptoms.</p> <p>Google has been paying attention and this week, the search giant <a href="https://search.googleblog.com/2016/06/im-feeling-yucky-searching-for-symptoms.html">announced</a> that it will start displaying lists of conditions related to symptoms described in searches.</p> <p>For example, a search for "swollen joints" will return a list of conditions commonly associated with this symptom, such as arthritis.</p> <p>For some searches, Google will "also give you an overview description along with information on self-treatment options and what might warrant a doctor’s visit."</p> <p>The company says that "by doing this, our goal is to help you to navigate and explore health conditions related to your symptoms, and quickly get to the point where you can do more in-depth research on the web or talk to a health professional."</p> <p><img src="https://assets.econsultancy.com/images/0007/6391/symptom-search3.png" alt="" width="304" height="617"></p> <p>The information Google displays is based on health conditions that appear in search results and filtered against data the company collected from doctors for its <a href="https://econsultancy.com/blog/66672-semantic-search-the-future-of-search-marketing/">Knowledge Graph</a>.</p> <p>Google says doctors from Harvard Medical School and Mayo Clinic provided feedback "for a representative sample of searches."</p> <h3>A two-way street</h3> <p>Naturally, Google is quick to point out that despite its efforts to ensure accuracy, the information it displays is not a substitute for professional medical advice.</p> <p>But if it can successfully help consumers separate the wheat from the chaff when they turn to the web with worry about a cough or a rash, Google has the potential to make an imprint on the way consumers use the internet to take care of their health.</p> <p>Search's biggest contribution to healthcare, however, might not be how it can help consumers but rather how it can help healthcare professionals better serve their patients.</p> <p>Google rival Microsoft has been exploring whether data from its search engine, Bing, <a href="http://blogs.microsoft.com/next/2016/06/07/how-web-search-data-might-help-diagnose-serious-illness-earlier/">could one day help physicans diagnose illness earlier</a>.</p> <p>In a paper published in the <em>Journal of Oncology Practice</em>, Microsoft researchers described how they took anonymized Bing search logs to identify searches associated with individuals who had likely been recently diagnosed with pancreatic cancer.</p> <p>They then looked at these individuals' prior searches in hopes that they might identify queries that could have helped provide an earlier diagnosis.</p> <p>The results were quite remarkable...</p> <blockquote> <p>We find that signals about patterns of queries in search logs can predict the future appearance of queries that are highly suggestive of a diagnosis of pancreatic adenocarcinoma.</p> <p>We show specifically that we can identify 5 to 15 percent of cases while preserving extremely low false positive rates of as low as 1 in 100,000.</p> </blockquote> <p>Because this particular form of pancreatic cancer is fast-spreading and deadly, the ability to detect it even weeks earlier could mean the difference between life and death for a patient.</p> <p>There are obviously numerous privacy and ethical considerations that would need to be addressed before this research could be applied in the real world, but the authors of the journal article do believe there is potential. </p> <p>As Microsoft's Mike Brunker explained:</p> <blockquote> <p>They hope the positive results from the feasibility study will excite the broader medical community and generate discussion about how such a screening methodology might be used.</p> <p>They suggest that it would likely involve analyzing anonymized data and having a method for people who opt in to receive some sort of notification about health risks, either directly or through their doctors, in the event algorithms detected a pattern of search queries that could signal a health concern.</p> </blockquote> <p>While it could take some time for such a vision to be realized, the idea that one's web search history could be capable of saving his or her life is an exciting one and might eventually lead to advances that enable doctors to better serve their patients.</p> <p><em>For more on this topic, see:</em></p> <ul> <li><em><a href="https://econsultancy.com/reports/healthcare-study-organizing-marketing-in-the-digital-age/">Healthcare Study: Organizing Marketing in the Digital Age</a>.</em></li> <li><em><a href="https://econsultancy.com/blog/67881-seven-big-challenges-facing-healthcare-marketers/">Seven big challenges facing healthcare marketers</a>.</em></li> </ul> tag:econsultancy.com,2008:BlogPost/67991 2016-06-23T17:05:49+01:00 2016-06-23T17:05:49+01:00 What is the role of marketing agencies in data management? Stefan Tornquist <h4>Q. It seems like the industry press is continually heralding the decline of media agencies, but they seem to be very much alive. What’s your take on the current landscape? </h4> <p>For a very long time, agencies have been dependent upon using low-cost labor for media planning and other low-value operational tasks.</p> <p>While there are many highly-skilled digital media practitioners - strategists and the like - agencies still work against “cost-plus” models that don’t necessarily map to the new realities in omnichannel marketing.</p> <p>Over the last several years as marketers have come to license technology - data management platforms (DMP) in particular - agencies have lost some ground to the managed services arms of ad tech companies, systems integrators, and management consultancies. </p> <h4>Q. How do agencies compete?</h4> <p>Agencies aren’t giving up the fight to win more technical and strategic work.</p> <p>Over the last several years, we have seen many smaller, data-led agencies pop up to support challenging work - and we have also seen holding companies up-level staff and build practice groups to accommodate marketers that are licensing DMP technology and starting to take <a href="https://econsultancy.com/blog/65677-a-super-accessible-beginner-s-guide-to-programmatic-buying-and-rtb/">programmatic buying</a> “in-house.”</p> <p>It’s a trend that is only accelerating as more and more marketer clients are hiring Chief Data Officers and fusing the media, analytics, and IT departments into “centers of excellence” and the like.</p> <p><img src="https://assets.econsultancy.com/images/0007/6426/analytics.jpg" alt="" width="750" height="442"></p> <p>Not only are agencies starting to build consultative practices, but it looks like traditional consultancies are starting to build out agency-like services as well.</p> <p>Not long ago you wouldn’t think of names like Accenture, McKinsey, Infinitive, and Boston Consulting Group when you think of digital media, but they are working closely with a lot of Fortune 500 marketers to do things like DMP and DSP (demand-side platform) evaluations, programmatic strategy, and even creative work.</p> <p>We are also seeing CRM-type agencies like Merkle and Epsilon acquire technologies and partner with big cloud companies as they start to work with more of a marketer’s first-party data.</p> <p>As services businesses, they would love to take share away from traditional agencies. </p> <h4>Q. Who is winning?</h4> <p>I think it’s early days in the battle for supremacy in data-driven marketing, but I think agencies that are nimble and willing to take some risk upfront are well positioned to be successful.</p> <p>They are the closest to the media budgets of marketers, and those with transparent business models are really strongly trusted partners when it comes to bringing new products to market.</p> <p>Also, as creative starts to touch data more, this gives them a huge advantage.</p> <p>You can be as efficient as possible in terms of reaching audiences through technology, but at the end of the day, creative is what drives brand building and ultimately sales. </p> <h4>Q. Why should agencies embrace DMPs? What is in it for them?</h4> <h4>It seems like yet another platform to operate, and agencies are already managing DSPs, search, direct buys, and things like creative optimization platforms.</h4> <p>Ultimately, agencies must align with the marketer’s strategy, and DMPs are starting to become the single source of “people data” that touch all sorts of execution channels, from email to social.</p> <p>That being said, DMP implementations can be really tough if an agency isn’t scoped (or paid) to do the additional work that the DMP requires.</p> <p>Think about it: A marketer licenses a DMP and plops a pretty complicated piece of software on an agency team’s desk and says, “get started!”</p> <p>That can be a recipe for disaster. Agencies need to be involved in scoping the personnel and work they will be required to do to support new technologies, and marketers are better off involving agencies early on in the process. </p> <h4>Q. So, what do agencies do with DMP technology? How can they succeed?</h4> <p>As you’ll read in the new guide, there are a variety of amazing use cases that come out of the box that agencies can use to immediately make an impact.</p> <p>Because the DMP can control for the delivery of messages against specific people across all channels, a really low-hanging fruit is frequency management.</p> <p>Doing it well can eliminate anywhere from, 10-40% of wasteful spending on media that reaches consumers too many times.</p> <p>Doing analytics around customer journeys is another use case - and one that attribution companies get paid handsomely for.</p> <p>With this newly discovered data at their fingertips, agencies can start proving value quickly, and build entire practice groups around media efficiency, analytics, data science - even leverage DMP tech to build specialized trading desks. There’s a lot to take advantage of. </p> <h4>Q. You interviewed a lot of senior people in the agency and marketer space. Are they optimistic about the future? </h4> <p>Definitely. It’s sort of a biased sample, since I interviewed a lot of practitioners that do data management on a daily basis.</p> <p>But I think ultimately everyone sees the need to get a lot better at digital marketing and views technology as the way out of what I consider to be the early and dark ages of addressable marketing.</p> <p>The pace of change is very rapid, and I think we are seeing that people who really lean into the big problems of the moment like cross-device identity, location-based attribution, and advanced analytics are future-proofing themselves. </p> <p><em>Go <a href="http://hello.econsultancy.com/the-role-of-the-agency-in-data-management/">here to download the full report</a>.</em></p> tag:econsultancy.com,2008:BlogPost/67911 2016-06-14T14:22:59+01:00 2016-06-14T14:22:59+01:00 How often your website needs a security audit & what you need to check Bart Mroz <p>In fact, President Obama recently stated that <a href="https://www.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know">hacking of U.S. businesses</a> is an increasing threat and provided information on how to better protect against attacks.</p> <p>Still, most companies conduct a security audit and backup only when they absolutely have to.</p> <p>Little do they know that hacking today is more present and sophisticated than ever, so website security testing is no longer an option, it is a necessity.</p> <p>The question of how often you should conduct a website security audit is vague.</p> <p>Ideally, you should download a security system that manages this for you and verifies your site’s safety automatically so that you do not have to worry about upkeep.</p> <p><em>Security</em></p> <p><img src="https://assets.econsultancy.com/images/0007/5873/security.jpg" alt="" width="558" height="458"></p> <p>Additionally, there are various security-related tasks you should keep in mind when taking preventive action to secure your website against malicious attacks.</p> <p>Here are a few ways to stay ahead:</p> <h3><strong>Regular scanning</strong></h3> <p>Check your website regularly and test all links to ensure identity thieves and hackers have not introduced malware into advertisements, graphics or other content provided by third parties.</p> <p>Unique pieces of malware were <a href="http://www.cnbc.com/2016/04/11/three-fourths-of-websites-are-at-risk-of-malware-study.html">up 36% last year</a> so you need to schedule monthly or even weekly scans.</p> <p>If a link has been compromised then your customers can be the target of bait links which lead to major problems that you do not want to be accountable for.</p> <h3><strong>Penetration testing</strong></h3> <p>If you store any type of valuable information such as customer contact information, transactional data or proprietary information, these are all high-value targets for hackers.</p> <p>Consider hiring cybersecurity consultants or ethical hackers to identify vulnerabilities in the code that basic software security programs alone cannot discover.</p> <p>Companies that did this in a study by WhiteHat Security saw a <a href="https://info.whitehatsec.com/rs/whitehatsecurity/images/2015-Stats-Report.pdf">decrease of 65% in vulnerabilities</a>. In today’s increasingly connected world, it is important to preemptively find weaknesses before hackers do.</p> <h3><strong>Integrating advanced security apps</strong></h3> <p>While you should never keep unnecessary customer data on the backend of your site, it is smart to utilize the right application scanning tools to help you identify vulnerabilities in your system.</p> <p>These should identify everything from <a href="https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29">Cross-Site Scripting (XSS)</a> to vulnerabilities inside debug code and leftover source code that could put your data and your customers’ confidential data at risk.</p> <p>There are advanced threat protection apps from security companies such as Symantec that you can use to check your website’s security; it runs through every aspect of your website without disrupting service so your users are still able to navigate smoothly.</p> <p>While running in the background, these programs periodically check to make sure that your site remains functional and intact.</p> <p>Some common security threats that your security app should be checking include:</p> <ul> <li>SQL Injection</li> <li>XSS (Cross-Site Scripting)</li> <li>File Disclosure</li> <li>Remote File Inclusion</li> <li>PHP/ASP Code Injection</li> <li>Directory Traversal</li> </ul> <h3><strong>Why go secure?</strong></h3> <p>Having a secure website can help you in many ways. Other than just giving you peace of mind, it will also make your customers feel much safer during their visits – which is especially true for ecommerce sites that are high risk. </p> <p>According to TNS Research, common customer concerns include:</p> <ul> <li>87% of online shoppers are concerned about credit card fraud</li> <li>85% of shoppers are concerned about identity theft</li> <li>83% are concerned about sharing personal information</li> <li>77% are concerned about spyware</li> </ul> <h3><strong>Don’t underestimate the dangers</strong></h3> <p>Many site owners believe that viruses usually hit personal computers so securing their websites is not a priority.</p> <p>However, having a site taken down by malicious activity can cost you thousands of dollars and large quantities of important data, not to mention lost sales and customer confidence.</p> <p>About <a href="http://www.scmagazine.com/whitehat-security-release-website-security-statistics-report/article/416402/">55% of retail sites</a> are “always vulnerable”, meaning that they are at serious risk of getting hacked by criminals. Maintaining normal and reasonable security is not expensive but getting hacked is.</p> <p>Regularly checking the security of your website with an audit is an essential part of operating a successful website that is safe from malicious threats.</p> <p>The dangers are interminable and the downfalls that can come from getting attacked can be very costly. If you haven’t already taken steps to increase your website’s security, now is the time.</p> <p>If done correctly, it will help protect both you and your customers from attacks.</p> <p>The time you save from preemptive measures is worth far more than the amount of time that you’ll invest to resolve a security threat when it occurs.</p> <p>Most importantly, you’ll be able to sleep well at night knowing that your website is as secure as can be.</p> tag:econsultancy.com,2008:BlogPost/67881 2016-05-26T13:42:32+01:00 2016-05-26T13:42:32+01:00 Seven big challenges facing healthcare marketers Patricio Robles <h3>1. Digital underinvestment</h3> <p>By some estimates, healthcare spending in the US is close to 20% of GDP, but healthcare marketers aren't funneling much of their marketing dollars into digital. </p> <p><a href="https://econsultancy.com/blog/67131-pharma-s-mobile-social-efforts-aren-t-as-healthy-as-they-should-be">According to</a> Deloitte Consulting, healthcare and pharma marketers spent just $1.4bn on digital ads, a figure that lags marketers in other industries.</p> <p><img src="https://assets.econsultancy.com/images/0006/8525/deloitte1.jpg" alt=""></p> <p>One of the consequences of this digital underinvestment is that this has created opportunities for third parties to become the go-to resources for consumers and physicians looking for healthcare information online.</p> <p>This is despite the fact that, in many cases, healthcare marketers' organizations have valuable, proprietary data and content.</p> <h3>2. Measurement &amp; metrics</h3> <p>While measurement is top-of-mind for most marketers, it hasn't been as important in healthcare because of the role marketing has played historically in healthcare organizations.</p> <p><a href="https://econsultancy.com/blog/67863-healthcare-marketers-making-progress-on-measurement-metrics/">That's changing</a>, and many organizations have adopted a number of sensible growth and brand-related metrics.</p> <p>But adoption of metrics related to stakeholder engagement and marketing communications, including patient satisfaction and paid media, are still undervalued, which can make it more difficult for healthcare marketers to "connect the dots."</p> <p><img src="https://assets.econsultancy.com/images/0007/5068/hccforating.png" alt=""></p> <h3>3. Market structure</h3> <p>Healthcare is not a typical market. In the US, few consumers pay directly for care and drugs; instead, third parties like insurers pay the bills and control where, when and how consumers access the healthcare system.</p> <p>For marketers, this presents a number of challenges. One of the biggest: even if you can persuade a consumer that your hospital provides the highest quality of care or that your drug is the most effective, the consumer might not be able to access your product or service.</p> <p>So in many cases, healthcare marketers find themselves playing a game of triangulation involving consumers and care providers, like hospital systems and physicians.</p> <p>For obvious reasons, this makes developing an effective marketing strategy a more complicated proposition.</p> <h3>4. The trust gap</h3> <p>The healthcare industry, and pharma in particular, doesn't have the best reputation thanks in part to <a href="https://econsultancy.com/blog/67590-can-targeted-social-ads-help-pharma-overcome-drug-pricing-controversy">controversies over subjects like drug pricing</a>.</p> <p>That has created a trust gap in which consumers as well as physicians are less likely to trust ads and information that come from healthcare marketers.</p> <p><img src="https://assets.econsultancy.com/images/0006/8526/deloitte2.jpg" alt="" width="635" height="467"></p> <p>To rectify this, healthcare marketers <a href="https://econsultancy.com/blog/67747-pharma-marketers-should-use-storytelling-to-improve-the-industry-s-reputation">will need to become more adroit at storytelling</a>.</p> <p>Unfortunately, as Alexandra von Plato, group president of North America for Publicis Healthcare Communications Group, has observed, "We neglect the origin story. Instead we run these dumb ads," referring to the ubiquitous and oft-parodied television ads promoting prescription drugs.</p> <h3>5. Lawmakers</h3> <p style="font-weight: normal;">Those <a href="https://econsultancy.com/blog/67227-ban-on-consumer-ads-could-make-pharma-s-digital-shortcomings-more-costly">"dumb ads" haven't made fans of physicians</a>, and the aforementioned drug pricing controversy has made pharma companies Enemy #1 for some lawmakers in the US.</p> <p style="font-weight: normal;">That could soon have a dramatic impact on healthcare marketers as lawmakers consider reigning in how healthcare marketers promote their wares to professionals and the public.</p> <p style="font-weight: normal;">Given how reliant pharma marketers in particular have become on television ads, and how underinvested they are in digital, greater restrictions on advertising could make life very difficult.</p> <h3>6. HIPAA</h3> <p>Consumer adoption of wearables is growing but healthcare marketers are struggling to take advantage of wearable opportunities.</p> <p><a href="https://econsultancy.com/blog/67074-is-the-healthcare-industry-prepared-for-wearables">There are a number of reasons for this</a>, but one might be HIPAA, the Health Insurance Portability and Accountability Act, which regulates the use of Protected Health Information (PHI).</p> <p>Healthcare organizations regulated by HIPAA <a href="http://www.healthcareitnews.com/news/are-wearables-violating-hipaa">must receive consent</a> from patients before their PHI is used for marketing purposes, and there are many grey areas, particularly as far as innovative technologies such as wearables are concerned.</p> <p>That means healthcare marketers realistically don't have the same flexibility as marketers in other industries that aren't subject to HIPAA.</p> <h3>7. Data</h3> <p>Out of necessity, healthcare organizations may be adept at dealing with issues related to data security.</p> <p>However, as a recent Econsultancy and Ogilvy CommonHealth report - <em><a href="https://econsultancy.com/reports/healthcare-study-organizing-marketing-in-the-digital-age/">Organizing Healthcare Marketing in the Digital Age</a> -</em> discovered, a majority are unprepared to deal with emerging data sources or to collect high volumes of data at speed.</p> <p>Furthermore, a surprising large number of organizations (44%) aren't even prepared to use their CRM data in marketing campaigns.</p> <p><img src="https://assets.econsultancy.com/images/0006/7696/Screen_Shot_2015-10-05_at_18.50.56.png" alt=""></p> <p>Because effective collection and use of data is increasingly integral to successful digital marketing, healthcare marketers' capabilities around data will need to improve.</p> tag:econsultancy.com,2008:BlogPost/67840 2016-05-23T14:29:29+01:00 2016-05-23T14:29:29+01:00 Highly targeted online ads don't work: Stanford researchers Patricio Robles <p>Eilene Zimmerman <a href="http://www.gsb.stanford.edu/insights/pedro-gardete-real-price-cheap-talk">explains</a>...</p> <blockquote> <p>In this case, the researchers were looking at cheap talk in retail, for example, an ad promising 'Lowest Prices in Town'.</p> <p>That can be credible when it’s used to draw in appropriate customers; in this case, those who are price sensitive.</p> </blockquote> <p>At the same time...</p> <blockquote> <p>They found that the most personalized ads were less effective because consumers worried they were being exploited.</p> <p>For example, says [Stanford Graduate School of Business professor Pedro Gardete], someone looking for a prom dress 'might get an ad from a retailer saying, "We have a wide selection of prom dresses! Click on this link!" The consumer clicks, and it turns out the retailer has dresses for all occasions but not specifically proms,' says Gardete.</p> <p>Those kinds of ads frustrate consumers and eventually become meaningless to them.</p> </blockquote> <p>Based on this, Gardete suggests that businesses might adopt a "less is more" approach in which less information is collected, information collection is more transparent, and targeting is used more sparingly. </p> <h3>Theory versus reality</h3> <p>While there's no doubt that a growing number of consumers are concerned about their privacy and how marketers are using information to track and target them, given the continued level of interest and investment in targeting tech and targeted ad offerings, does the researchers' model actually reflect reality?</p> <p>Obviously, a hypothetical retailer falsely promoting that it has a wide selection of prom dresses when it doesn't isn't likely to see good results, <strong>but this isn't how most experienced digital marketers are operating.</strong></p> <p>Instead, <a href="https://econsultancy.com/blog/64099-what-is-retargeting-and-why-do-you-need-it/">retargeting</a> (and <a href="https://econsultancy.com/blog/10194-the-roi-of-personalisation-infographic">personalisation</a>) are widely seen to drive ROI in the real world.</p> <p>As an example, AdRoll, a performance marketing platform provider, detailed <a href="https://www.adroll.com/sites/default/files/resources/pdf/case-study/AdRoll%20Case%20Study%20-%20Chubbies.pdf">in a case study</a> (PDF) how one apparel retailer used retargeting to deliver a 10.5x average ROI, 13% conversion lift and 33% lower CPA than average for other apparel retailers.</p> <p><a href="https://econsultancy.com/blog/64980-put-your-email-list-to-work-facebook-custom-audiences">Facebook Custom and Lookalike Audiences</a> have delivered similarly impressive results.</p> <p>Crowdfunding platform Tilt <a href="https://www.facebook.com/business/success/tilt">doubled</a> its conversion rate using Custom Audiences, and lowered its mobile cost per install by 30% using Lookalike Audiences.</p> <p>And Hospitality giant MGM <a href="https://www.facebook.com/business/success/mgm-resorts-international">realized</a> a greater than 5x return on spend using Custom Audiences.</p> <p>Needless to say, any specific marketer's mileage will vary, but on the whole, marketers are becoming more and more adept at targeting consumers online and doing so to good effect. </p> <p>That doesn't mean that marketers should rely on targeted ads exclusively, and the Stanford research is a reminder that targeted ads need to deliver what they promise to consumers.</p> <p>But targeted ads are here to stay because they work well enough of the time, even if <a href="https://econsultancy.com/blog/67830-young-users-aren-t-fans-of-targeted-social-ads-report/">many consumers say they don't like them</a>.</p>