For the past five or more years, we have been hearing that IoT will revolutionize digital marketing and how we connect with consumers. The claim by most industry experts has been that the very devices that allow us to receive personalized environments such as self-learning thermostats and predictable timing coffee machines will generate hordes of new data. And based on inordinate amounts of new data, companies can market more precisely, more predictably, with greater relevance and value. In this episode tap into the insights you’ll need for sound digital policies where IoT and personalization are concerned. By balancing out the risks and opportunities, you can make IoT and personalization work for your business!
Hello everyone, and welcome to another episode of The Power of Digital Policy!
For the past five or more years, we have heard that the Internet of Things, or IoT, will revolutionize digital marketing. The claim by most industry experts has been that the very devices that allow us to receive personalized environments such as self-learning thermostats and predictable timing coffee machines will generate hordes of new data. And based on inordinate amounts of new data, companies can market more precisely, more predictably, with greater relevance and value.
Has this hype really matured into reality? And what do organizations now need to be thinking about insofar as digital policies, IoT, and personalization is concerned.
Well first, off, I think we are getting close to the 2014-2016 predicted reality. I tend to think of myself as a lager when it comes to digitally connected devices. Still, at my house, there are two cars, two heating, and cooling units, and a geofencing alarm system hanging out on the home network. There are ample bumps with all of these products, and none of them truly perform perfectly as we would like them to. For example, the connected Volvo cars can’t self-schedule a maintenance appointment because we don’t subscribe to the Volvo internet plan. One of the heating and cooling systems has glitchy software and hasn’t been updated in the two years. All of those issues mean that none of the companies have the user experience quite right, and I doubt they are any better at collecting the personal data about our family. If they were to collect the data, they are still unlikely to be able to do much with it, based on what I have seen from email, postal mail, or any other type of targeting.
But then we also have the advanced devices, like the Apple Watch, which is insanely advanced compared to the heating and cooling company in terms of IoT capabilities, data collection, usable services, and even marketing.
The difference between companies in the IoT arena is immense, especially when it comes to the ability to collect data and use it for personalization, marketing, ongoing consumer engagement and brand loyalty. We can argue what makes one organization more mature than another, or how their digital strategy accounts for technology cadence. But to make IoT and personalization meaningful and the underlying data have integrity, we need to have sound digital policy in place. Here’s what I see as the key considerations whether you are just easing into the shallow end or are swimming in the deep end of the pool and want to doublecheck yourself. I’ve purposefully broken down the considerations into three areas: policy authors, drafting considerations, and lifecycle management considerations. Let’s take a look at each one of these.
As a side note, if you are also focused on internal IoT, it will still involve people in the business, especially if the projects are focused on automating machines on the manufacturing floor. After all, it is the folks in manufacturing and engineering that define the business processes and the rulesets that will be needed for the IoT, while IT ensures that the technology works. This means that cooperative partnerships between IT and end business units should be in place before any IoT work is started.
Once you are done with the foundational IoT considerations, it is time to really roll up your sleeves and discuss with the team key policies around maintenance, security, and reliability. Of course, your policies will depend on your industry and company tolerance for risk, but here are some fundamental truths:
Data ownership is a very complex area for IoT, so before you jump ahead, separate the IoT device policy discussion from the data and consider risks and opportunities in the context of both. Regulations like the HIPAA and the GDPR suggest that the data would belong to the individual. So how would that work when it comes to gaining consent for something that is implanted into a person, like a cancer treatment device inside of a person? Will your Terms of Service state that you can use all of the information for any purpose? Or will you need to get separate consent for each possible use of the data? Will you need to obtain renewed consent on a regular schedule?
And then there’s the device itself. Will personal data be stored on the device? If so, can it be erased or deleted remotely, or will it require a medical procedure? Medical device risks are alarming, but they can be mitigated. Early in the development process, brainstorm as many privacy scenarios as you can come up with, and develop a policy for each of them.
Most companies struggle to keep their disaster recovery plans updated, and IoT is no exception. Since IoT presents unique security challenges, this is one time that your disaster recovery and business continuity policies might need to extend from legacy into the digital arena. Consider what happens, for instance, if the IoT fails? Do you have the ability to manually override it and keep things running? This is especially important in IoT infrastructure monitoring and functions, and in areas like unmanned vehicles, drones and robots.
As you can tell, there is so much to consider in the IoT space, and the policy is but a small part of the planning you will need to do. I have a slew of resources on my site, and also encourage you to visit the IoT for All website, where you can read policy advice from me and others.
To help you further think through policy considerations and the value of IoT and personalization, I’ve invited Jon Melnick of Lux Research to share his insights. As personalization is sweeping nearly every industry, including IoT and wearables, healthcare, pharma, nutrition, CPGs, and more, Jon will help us break down the business case for personalization trends and tell us what it means for the growth (or decline) of consumer-focused companies.
Until next time, be well and do great policy work.