Personally Identifiable Information is radioactive.
If you're in the business of collecting information about people on the web, or of using that information to market products or services, PII is the industry standard -- the line you don't step over unless you want a full-fledged consumer revolt or the unwanted attention of the U.S. government.
Behavioral targeting networks and other such entities can immediately put the privacy concerns of media buyers to rest by uttering one simple sentence in an introductory meeting: "We don't collect any PII."
PII is the standard because that's where we netted out after the first dot-com boom. Had online advertising technology providers not spawned a consumer privacy backlash, the technology landscape might look completely different, with ad servers happily linking online users to offline data through PII.
But we did have a consumer backlash, and the PII standard emerged as a result.
But do we need to review that standard and see if it still delivers the desired effect? Online users prefer targeted advertising over endless Netflix pop-ups, but they typically don't like to be followed too closely. The PII standard is simply a surrogate for the comfort level consumers have with online profiling. That standard is a decade old.
When online users picture data collection and consumer profiling in their own minds, they tend to think of big centralized databases where everything they do anywhere on the internet is captured and hosted centrally, and then linked with credit card profiles and other such offline data. That's not really how it works, though. Thanks to the PII standard, profiling happens across a more distributed platform.
For the vast majority of display advertising targeting, marketers aren't even interested in PII. They're interested in whatever data indicate you're a likely prospect for the product. They don't care that you're Jane Smith from Omaha, but they do care that you bought high-end cosmetics on your last two trips to the mall.
How do marketers get access to the offline purchase data? More importantly, how do they marry it to your online identity without using PII? Usually, this involves the cooperation of several parties. The first might be an online retailer that links a credit card used in an ecommerce transaction with a third-party cookie. The second party is a data partner who owns that particular cookie and pulls in additional purchase history to augment the profile associated with that cookie, and then rents the profile to a marketer. The third is an online ad exchange, which will allow ad hoc purchasing of inventory against a particular cookie across inventory sold on the exchange.
In scenarios like this, nobody uses PII to link purchase data to online profiles. (Theoretically, at least…) But are consumers OK with the notion of marketers knowing intimate details like this, even if it's not linked to a name or other personally identifiable information?
Maybe. Maybe not. But I'm pretty sure most of the people out there don't know that ads can be targeted to them based on their offline purchase behavior and other offline data. They don't likely know that their name and address aren't the only data fields that can be used as pivot points within a data profile to append and aggregate all sorts of other information that hasn't been linked together before.
Perhaps the PII standard is outdated and we need to take a look at it again. I trust we don't want the U.S. government to make that decision for us.
Tom Hespos is the president of Underscore Marketing and blogs at Hespos.com.
