Ask the Expert Series: Data Collection, Privacy, and Security with Viral Bajaria, CTO & Co-Founder

This is one in a series of blog posts that will tap into our own ABM experts to guide you through the questions you should be asking when considering ABM technology.

Data collection, privacy, and security is serious business and has become a top concern for both ABM platform vendors and buyers. From major data breaches to the all-too-common lost, stolen, or otherwise misuse of personal data, consumers have demanded protection of their personal data. B2B marketing and sales teams are increasingly leveraging Big Data and AI to collect and analyze buyer intent with the goal of efficiently and effectively executing an account-based strategy at scale.  Alongside this trend is a cloud of confusion and fear surrounding the privacy and security of the data being collected and used.

Instead of throwing out big, scary headlines about who is compliant and who is throwing caution, and your data to the wind, let’s look at the questions you should be asking your ABM platform provider about data collection, privacy, and security and how 6sense is handling this sensitive issue.

  1. Is the collection of “intent data” (identifying potential B2B buyers’ engagement with content, ads or specific websites) in conflict with the General Data Protection Regulation (GDPR) in Europe and California Consumer Privacy Act (CCPA) in the US?  

No, as long as the relevant rules, such as those focused on the rights of individuals, access, consent and transparency, are followed. The GDPR and CCPA require organizations to collect and process personal data (and under both the GDPR and the CCPA an IP address is considered personal data) under strict conditions, as well as protect that data from misuse and exploitation, but don’t prohibit the collection, use, and processing of such data.

  1. Do you provide high quality, third-party intent data as part of your offering, and if so, do you confirm the collection of the visitor data complies with applicable privacy laws?

Yes, 6sense provides high-value intent data that is curated for our customers through our AI Platform. We source our intent data from vendors that have direct relationships with publishers similar to those that other co-ops source from, and that implement strict policies for opt-in and consent.  Commentators have indicated this is one of the favored approaches for organizations that want to follow the rules.  As a value-add to our customers, we also have direct relationships with stand-alone publishers to collect relevant first-party intent data specifically for a customer. We do not utilize EU-based data from AddThis and we do not utilize any form of bidstream for our intent data and therefore the online debates about EU intent data from these sources do not impact our services.

  1. What security practices do you have in place to protect our data and comply with applicable laws?

At 6sense, we take the protection of customer data, all personal data we process, and compliance with the GDPR and similar data protection laws very seriously and have implemented rigorous security policies that have been validated by independent, third party auditors.  To provide customers with an independent assessment of our systems and security we undergo regular  SOC 2, Type 2 audits that meet the AICPA Trust Services Principles and Criteria (an internationally recognized third party-audit and attestation process most relevant to our customers’ multi-faceted security needs) and implement security practices compliant with ISO 27001/27002 standards. Our first-in-class hosted data centers also maintain the highest accreditations, including: ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 2 and SOC 3, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5), to provide combined coverage of our applications, systems and data centers. Our security team works closely with our auditors to continuously monitor developments and implement appropriate security protections.

  1. What types of privacy practices should I look for in a vendor? Can I see your privacy policy?

As a processor of our customers’ data, 6sense has implemented policies and procedures reflecting the commitments required of processors under the GDPR, including those addressing consent, data subject rights, incident response, data protection impact assessments, and vendor management. We have our customer’s interests top of mind at all times, and process personal data only on instructions from the data controller (our customer), support the customer’s efforts in their obligations to respond to data subjects’ requests in compliance with GDPR, and impose these same rigorous obligations on our vendors, including through our vendor DPAs and security and privacy reviews. We are advocates of privacy by design and secure lifecycle management of information, end-to-end. A company’s commitment to privacy is a key indicator of its commitment to its customers and for 6sense, it is top of the list. The latest version of our privacy policy can be viewed here.

  1. How do you handle staying up to date with GDPR requirements?

Like any area that impacts our business, and especially our customers, we devote significant resources through our privacy team and executive leadership to ensure we have robust and up-to-date privacy processes in place in compliance with applicable laws. Our in-house privacy team is supported by best-in-class external privacy counsel that helps us monitor regulatory changes that impact the GDPR and other privacy laws, including the CCPA.

B2B marketers need to be aware of regulations and laws put in place to ensure individual data privacy. As you implement your account based strategy, in addition to ensuring that you are getting a high-quality product that will provide real value, you will also want to confirm that your provider is placing as high a value on its privacy and security processes in connection with the services it provides to you. We know that our customers take compliance with the GDPR (and CCPA) seriously and we are happy to support and partner with them.

Next Up: Account Selection with Jeff Siegel, Director of Strategy

About Viral Bajaria
At 6sense, Viral leads the development of 6sense’s innovative analytics and predictive platform. Everyday Viral wakes up with a passion to make data-driven analytics available to business of all sizes. Prior to 6sense, Viral built the big data platform at Hulu that processed over 2.5 billion events per day.

He was an early adopter of Hadoop (late 2008), and built and managed a cluster that stored and processed over a PB of data. Viral was instrumental in building the infrastructure that powered reporting, financial and recommendations systems across web and mobile devices. In his spare time, Viral enjoys contributing to open-source projects.

Previous Article
Aprimo Makes a Comeback with a Focused ABM Strategy
Aprimo Makes a Comeback with a Focused ABM Strategy

Figuring out your ABM strategy, getting your team on board, and implementing your MarTech stack can be a da...

Next Blog
How Cumulus Networks Turns Enablement Into Impact with 6sense
How Cumulus Networks Turns Enablement Into Impact with 6sense

We recently sat down with 6sense power user Ari Capogeannis, to learn about the different ways the Cumulus ...