As the world rapidly embraces advanced technologies and the digital landscape continues to evolve, the importance of safeguarding data and preserving privacy has become paramount. With an impressive background and wealth of experience, Karie Burt, the esteemed Chief Data and Privacy Officer at Anteriad has emerged as a prominent figure in the field, advocating for responsible data practices and ensuring compliance with privacy regulations. In this interview, we delve into the challenges faced by organizations in this ever-changing data-driven era, explore the agitation caused by privacy concerns, and discover the innovative solutions Karie and her team at Anteriad have implemented to address these pressing issues.
Scroll down to read the full interview!
Karie, can you describe your background and how you became interested in data privacy and security?
My background has always been data and audience related, from starting out in local newspapers to working for some of the biggest names in UK Publishing and media. In the early days of the internet, I drove Emap’s first customer database. From there, I was recruited to launch the New York office for mardevdm, a B2B data-driven marketing organization, (part of Reed Elsevier) where I became even more engaged in the importance of data privacy and security. Since those early days, I have evolved with the emergence of new technologies. The marriage of Data & Privacy is a natural, co-dependent but healthy relationship. You simply can’t have one without the other.
What are the biggest data privacy challenges that you currently face in your role as Chief Data and Privacy Officer at Anteriad?
The biggest challenge right now is the plethora of legislation. At Anteriad, it is our mission to be leaders in data stewardship and ensure we protect and uphold Data Subjects’ rights. A Federal Privacy Law vs. the torrent of individual states who have legislation enacted or proposed is challenging to navigate, and so we’ve dedicated expert resources to make sure we’re adhering to this wide variety of requirements. Key principles apply when we are looking at protecting Data Subject’s rights.
At the same time, it’s important to improve the situation to reduce complexity and therefore reduce the risk for businesses. To see what businesses are up against, take a look at the IAPP Privacy Legislation Tracker which shows the details of the state’s privacy legislation traffic. Specifically, we need a Federal Privacy Act to be passed and written with business in mind. The so-called B2B ‘carve-out’ has lobbying velocity and Tech and Marketing support, so I am remaining optimistic. (see attached map, not the chart)
How does Anteriad approach data privacy and security, and what measures are in place to protect customer data?
Our approach is from the ground up, organic, holistic, and all-encompassing! You can pick any on-trend phrase you like, but the point is that we have created a privacy-centric organization that has enabled us to have checks and balances and processes in place in every business function. Privacy and compliance flow through our whole organization. No dept. or function is off-limits, in order for me to have access to all areas or a ‘backstage pass’, buy-in from leadership is critical. At Anteriad we embrace privacy and use it as a business driver and differentiator. The client’s positive feedback and more importantly their trust, have validated this approach.
How does Anteriad balance the need for data collection and analysis with customer privacy concerns?
Transparency is key here, we are transparent, and responsive and respect an individual’s right to privacy. Companies must disclose what data they collect/store and transfer and explain why! Also, we ensure it is super easy to contact and request information. No one likes an unattended email box.
We are also thoughtful about our data collection and use. For example, we don’t collect unnecessary or superfluous data. We also counsel our clients to forget ‘nice to have’ data and think of what is necessary only to perform their business functions. It’s best practice to stay away from processing sensitive pii unless you are in a sector that is dependent on it and then ensure you follow all guidelines such as HIPAA for Healthcare. But even sensitive data that is not technically pii should be very carefully managed or avoided, as different entities have different interpretations and it’s best to be safe.
Can you walk us through the process of identifying and mitigating potential data privacy risks at Anteriad?
We have a rigorous internal process which is a process we borrowed from GDPR – in short it’s a DPIA. Data Protection Impact Assessment. It’s a litmus test and series of questions and standards we apply when we are introducing new data sets, launching products, and services, and auditing existing vendors, databases, and processes.
As a data-driven organization, it’s important to ask hard questions, be agnostic in our approach and review everything. I liken it to cleaning the house and going in those dark, dusty closets that no one touches. That’s where you could find risk, out-of-compliance data, or outdated processes that “have always been done like that.” Leave no stone unturned and question everything!
How do you ensure that Anteriad complies with relevant data privacy regulations, such as GDPR and CCPA?
We not only audit ourselves to ensure we’re adhering to the highest standards, but we also work with third-party verification organizations like Neutronian. We are Neutronian certified and this year placed in the top 1% of the data-driven organizations that they reviewed in terms of our data quality.
It’s important to get ahead of regulations and build processes and software that natively supports regulation. As an expanding global company, we started preparing pre-GDPR, to ensure we were ready, it was then we embraced the legislation as pushing for positive change and adopted it as our corporate standard. CCPA was ushered in off the back of GDPR, core principles are the same so the work we did as an organization stood us in good stead. Never be complacent though, change is always afoot, the privacy landscape is fast-moving and regulators are not shy.
Can you share a specific example of how Anteriad has improved its data privacy practices in recent years?
One of the best outcomes of GDPR for us was that it made us reassess our data partners and as a result, we significantly reduced our vendor footprint to include the very best quality, transparent partners. We work with a smaller amount of trusted providers that share our data privacy ethos and apply the same values for their own data collection and DSAR request principles. This approach also led to an improvement in response-based metrics for our clients, without sacrificing scale! We stopped diluting our databases with data of questionable pedigree and upped the quality.
How do you ensure that all employees at Anteriad are trained and educated on data privacy best practices?
We have mandatory training for the whole company at regular intervals. One lesson we learned was to use a Training Platform that allows you to time the course so people can’t click and quit! We work hard to make the content engaging and relatable and provide ‘refresher quizzes.’ We also have a whistleblower policy that helps employees call out any concerns. We strive for best practices when it comes to our data privacy practices.
How does Anteriad approach data privacy and security for its international customers and clients?
Adopting GDPR as our global standard has been welcomed by our clients, and we are set up to operate at a global scale in compliance with GDPR and other standards. Many of our enterprise clients do the same as us, they may be headquartered in the US but operate globally and realized that GDPR set the bar high. This strategy has paid off but we are never complacent.
How do you work with other departments, such as legal and IT, to ensure that data privacy is a top priority throughout the organization?
We look at our whole business through a privacy lens. Everyone understands that it is in our business’s best interest to assure our customers, employees, and proprietary data is safe. There are no exemptions. The importance of having a Privacy Leader in the C Suite underpins how strategic this role has become. Our CEO has always supported our Privacy and compliance roadmap and endorsement has been critical.
What advice would you give to other companies that are looking to improve their data privacy and security practices?
Look in every corner, ask questions, and use a template approach to ‘stress test’ workflows. Know when to seek legal advice and support even if it’s as a sounding board. Join the IAPP, they have some great content and educational programs. Don’t outsource everything. We keep and develop as much Intellectual Property in-house as we can. Meet with your peers, I am a member of several privacy groups which include our ‘competitors.’ Everyone shares and works together to improve standards and understanding of what B2B marketers are striving for and standards to be recognized as best practices.
How do you see the data privacy landscape evolving in the coming years, and how is Anteriad preparing for these changes?
The focus has shifted to the digital landscape with the deprecation of cookies and a growing consumer awareness of how data is used, shared, and sold online. We are developing our own Identity and entity graph that will pull data together in a compliant way.
How do you measure the success of Anteriad’s data privacy and security efforts, and what metrics do you track to evaluate performance?
We get a lot of privacy assessments from our clients before they onboard with us and we always see the question; “Have you had any formal complaints upheld?” It is satisfying and a testament to the team’s hard work and commitment to the cause that we can check the ‘No’ box. Another testament would be independent validation, including the Neutronian data privacy certification that I mentioned. Above all is the tenure of our client relationships, we have relationships of 10 years plus with many of our Top 25 clients, this validates our approach, and client respect and support is the best measurement.
Our data ecosystem is living and constantly in flux, we are never complacent, and we set ourselves ongoing improvement metrics and KPIs that we can track against. If I were to summarize what’s of strategic importance to us it is focusing on compliance, coverage, engagement, and results – these are the cornerstones of our Data-Driven approach.
Tune in to MTC Podcast for visionary Martech Trends.
Karie Burt, Chief Data and Privacy Officer at Anteriad
Since joining Anteriad in 2013, the organization has relied on Karie’s expertise in B2B data-driven solutions, including ABM strategies specializing in global brands. Karie currently runs our international efforts and is instrumental in launching OmniChannelBase International. She is well versed in European Data Protection legislation and advises clients on cultural aspects and the optimum data-driven solutions for targeting audiences outside the U.S. In 2021, she took on the role of Chief Data and Privacy Officer and now oversees Anteriad’s privacy matters and advises clients on best practices and compliance. Karie’s two passions are international travel and her large, badly behaved-rescue dogs; she is still trying to figure out how to combine the two! LinkedIn.