Independent Data Auditing Is a Must

NEW! Listen to article

Data is more than just information. In the age of analytics-as-a-service, it's a valuable asset.

The Big Data and analytics market has a value of $274 billion globally. A significant part of that value comes from data providers that collect and package the data to sell it to other companies.

But gaining and maintaining the trust of the marketers and advertisers who need that data isn't always easy.

Independent audits can help reassure marketers that the data they're using in their campaigns is on-target, and that using it does not present any risks, financial or reputational,. Unfortunately, however, data providers don't always see the need for independent verification.

Let's take a closer look at what it means to be a data provider, why data providers should allow independent audits, and how to implement best-practices of data auditing.

Data Providers and Auditing

What exactly is a data provider? There's a good deal of variability in the industry. Some companies have built their business models exclusively around collecting client data from other companies and sorting it to create large-scale demographic analyses and to track major trends.

Other companies provide data but in a way that's ancillary to their primary focus.

For example, online shopping apps collect data on their clients' buying habits, interests, and demographics. The app owners can use that data internally to target their advertising efforts, but they also may sell certain information to other companies. Alternatively, many online retailers choose to become their own media networks, using their customer data to allow other companies to advertise through the retailer's website.

Basically, any company that sells data that it collects directly or that it sources from other partners to another company is a data provider. Data providers are an invaluable resource for all other companies to help fuel their advertising and marketing efforts.

There are many examples of why data providers should be audited. Take, for instance, a survey company that collects responses about consumers' interests and behaviors to compile various reports that are then shared publicly—often for a price—with various marketers and advertising firms. That data can vary widely in quality. Not everyone fills out a survey truthfully. Also, questions can be slanted toward a particular bias in an attempt to elicit a particular response. Or the data could be skewed by bots that fill out surveys, which can artificially affect the final results.

So, using survey data for marketing purposes can be tricky because the companies that purchase that data don't always know the source or quality of the data. All the buyer knows is that a certain percentage of respondents replied in a certain way. So for a purchaser to learn about how reliable the survey results are, there would need to be further verification.

That's where an auditor comes in. An auditor might help to verify reliability by asking questions about the survey methodology: for example, How many respondents were there? Was there a CAPTCHA or similar process to weed out bots? And so forth.

Another example of a data provider would be a company that collects online behavioral data and tracking data through cookies and other means. Controversy about cookies and user tracking has led to the development of privacy browser extensions, such as Ghostery, as well as legal requirements for cookie opt-outs to be readily available. So, a data auditor might be able to determine whether the opt-out process was compliant and whether the data collected through those cookies was also compliant with any regional or federal standards.

Those who buy the data need a reason to trust the data when they purchase it, and an independent audit can provide the peace of mind that they are looking for.

The auditor checks for the veracity of the data, the completeness and scope of the data, and any errors or duplicates. Also, auditors can perform source data verification, finding out where the data comes from to make sure the sources are reliable and consistent.

In a compliance audit, an auditor also checks to make sure the collection, storage, and sharing of data is compliant with various data protection standards, such as the General Data Protection Regulation (GDPR) and Systems and Organizations Controls 2 (SOC-2). Those standards stipulate, among other things, that individual users must be allowed to opt out of their personal data being collected or shared with third parties and that any data that is collected must be protected from unauthorized access.

An auditor can check to make sure a particular data provider allows opt-outs and protects data adequately.

Are Independent Audits Necessary?

Every data provider should recognize the value of data quality. The annual cost of poor data quality for US businesses alone is around $3.1 trillion—a consequence of wasted time hunting down leads that don't check out, misguided campaigns, and much more.

Consider your lead generation strategy alone. Every time your marketing team sends an email to an invalid email address or to a contact that is not actually the right profile for your solution, it's a waste of company time. Acting on incorrect or incomplete data can significantly hamper any company's marketing strategy and business decisions.

Failing to perform independent audits can also lead to some pretty significant legal headaches. Say a data provider collects information from someone in the EU through a particular website's browser cookies. Consumers in the EU are protected by GDPR, which means they're allowed to opt-out from having their data collected. So if the website didn't present a way for users to opt-out of those cookies, then the data provider had no legal right to collect that data, and you have no legal right to use it in your marketing.

Finally, independent audits establish trust between data providers and buyers. Although data providers can perform internal audits to ensure high data quality and legal compliance, an internal audit doesn't tell a data buyer a thing. The reason is simple: Data buyers understandably don't necessarily trust providers to be objective about auditing their own data. How can data buyers be sure that the data provider applied best-practices in auditing?

An independent audit is about objectively ensuring that those best-practices are taking place.

Best-Practices in Auditing

In some cases, organizations that buy data from third-party providers may request an independent audit of the quality and sources of the data sold to them. Or, providers may choose to arrange compliance audits so they can publicize that their services comply with GDPR and SOC-2.

There are three independent-audit best-practices to consider: transparency, thoroughness, and compliance.

1. Transparency

Transparency means data providers should make it clear what sources they're collecting data from and what methods and processes they're using to produce their solution. For example, the IAB Tech Lab Data Transparency Standard (DTS) provides a labeling system for data so the sources and data set characteristics are evident from the start.

Transparency should also answer the following questions:

Is the source an app on a phone, browser cookies, surveys, or something else?
How did the provider get user consent?
Were there any verification methods to ensure that, for example, the "user" wasn't just a bot automatically filling out forms?

Without transparency, marketers won't know whether it's legal for them to act on the data they've just bought or whether the data will help them target the right audience for their product.

2. Thoroughness

Providers also need to make sure that the audit is thorough. In a situation where a data buyer requests a third-party audit, the buyer and provider should meet to determine the scope of the audit. They should plan for how the data provider will give auditors everything they might need to determine whether the data is reliable and usable.

The buyers need to be able to know that they can base their marketing decisions on the data with minimal risk. An audit should be thorough enough to confirm that for every single data source.

3. Compliance

Independent audits should prioritize compliance. For example, SOC-2 is one of the most stringent data quality and security auditing standards today. So, potential buyers know that working with an SOC-2-verified provider will save them from facing regulatory headaches down the road.

* * *

Independent verification is a critical part of the data ecosystem. The practice allows providers to build transparency into their business model and also helps foster trust in the market. It's an indispensable step for data providers and data buyers alike.

More Resources on Data Providers and Data Auditing

ABM, Martech Trends, and the Importance of Data Hygiene: DiscoverOrg's Katie Bullard on Marketing Smarts [Podcast]

What Third-Party Cookies' Delayed Demise Means for Marketers

Enter your email address to continue reading

Data Providers Need to Allow Independent Audits. Here's Why.

Don't worry...it's free!

Sign in with your preferred account, below.

ABOUT THE AUTHOR

Timur Yarnall is the founder and CEO of Neutronian, a SaaS company that provides data quality and compliance verification services, including NQI Certification, a comprehensive data quality, compliance, and transparency certification,.

LinkedIn: Timur Cuceloglu Yarnall

Marketing Management Articles

You may like these other MarketingProfs articles related to Marketing Management: