Recherche avancée

Sur d’autres sites (6764)

• Data Privacy in Business : A Risk Leading to Major Opportunities

  9 août 2022, par Erin — Privacy

  Data privacy in business is a contentious issue. 

  Claims that “big data is the new oil of the digital economy” and strong links between “data-driven personalisation and customer experience” encourage leaders to set up massive data collection programmes.

  However, many of these conversations downplay the magnitude of security, compliance and ethical risks companies face when betting too much on customer data collection. 

  In this post, we discuss the double-edged nature of privacy issues in business — the risk-ridden and the opportunity-driven. ​​

  3 Major Risks of Ignoring Data Privacy in Business

  As the old adage goes : Just because everyone else is doing it doesn’t make it right.

  Easy data accessibility and ubiquity of analytics tools make data consumer collection and processing sound like a “given”. But the decision to do so opens your business to a spectrum of risks. 

  1. Compliance and Legal Risks 

  Data collection and customer privacy are protected by a host of international laws including GDPR, CCPA, and regional regulations. Only 15% of countries (mostly developing ones) don’t have dedicated laws for protecting consumer privacy. 

  

  Global legislature includes provisions on : 

  • Collectible data types
  • Allowed uses of obtained data 
  • Consent to data collection and online tracking 
  • Rights to request data removal 

  Personally identifiable information (PII) processing is prohibited or strictly regulated in most jurisdictions. Yet businesses repeatedly circumnavigate existing rules and break them on occasion.

  In Australia, for example, only 2% of brands use logos, icons or messages to transparently call out online tracking, data sharing or other specific uses of data at the sign-up stage. In Europe, around half of small businesses are still not fully GDPR-compliant — and Big Tech companies like Google, Amazon and Facebook can’t get a grip on their data collection practices even when pressed with horrendous fines. 

  Although the media mostly reports on compliance fines for “big names”, smaller businesses are increasingly receiving more scrutiny. 

  As Max Schrems, an Austrian privacy activist and founder of noyb NGO, explained in a Matomo webinar :

  “In Austria, my home country, there are a lot of €5,000 fines going out there as well [to smaller businesses]. Most of the time, they are just not reported. They just happen below the surface. [GDPR fines] are already a reality.”​

  In April 2022, the EU Court of Justice ruled that consumer groups can autonomously sue businesses for breaches of data protection — and nonprofit organisations like noyb enable more people to do so. 

  Finally, new data privacy legislation is underway across the globe. In the US, Colorado, Connecticut, Virginia and Utah have data protection acts at different stages of approval. South African authorities are working on the Protection of Personal Information Act (POPI) act and Brazil is working on a local General Data Protection Law (LGPD).

  Re-thinking your stance on user privacy and data protection now can significantly reduce the compliance burden in the future. 

  2. Security Risks 

  Data collection also mandates data protection for businesses. Yet, many organisations focus on the former and forget about the latter. 

  Lenient attitudes to consumer data protection resulted in a major spike in data breaches.

  Check Point research found that cyberattacks increased 50% year-over-year, with each organisation facing 925 cyberattacks per week globally.

  Many of these attacks end up being successful due to poor data security in place. As a result, billions of stolen consumer records become publicly available or get sold on dark web marketplaces.

  What’s even more troublesome is that stolen consumer records are often purchased by marketing firms or companies, specialising in spam campaigns. Buyers can also use stolen emails to distribute malware, stage phishing and other social engineering attacks – and harvest even more data for sale. 

  One business’s negligence creates a snowball effect of negative changes down the line with customers carrying the brunt of it all. 

  In 2020, hackers successfully targeted a Finnish psychotherapy practice. They managed to steal hundreds of patient records — and then demanded a ransom both from the firm and its patients for not exposing information about their mental health issues. Many patients refused to pay hackers and some 300 records ended up being posted online as Associated Press reported.

  Not only did the practice have to deal with the cyber-breach aftermath, but it also faced vocal regulatory and patient criticisms for failing to properly protect such sensitive information.

  Security negligence can carry both direct (heavy data breach fines) and indirect losses in the form of reputational damages. An overwhelming 90% of consumers say they wouldn’t buy from a business if it doesn’t adequately protect their data. This brings us to the last point. 

  3. Reputational Risks 

  Trust is the new currency. Data negligence and consumer privacy violations are the two fastest ways to lose it. 

  Globally, consumers are concerned about how businesses collect, use, and protect their data. 

  

  • According to Forrester, 47% of UK adults actively limit the amount of data they share with websites and apps. 49% of Italians express willingness to ask companies to delete their personal data. 36% of Germans use privacy and security tools to minimise online tracking of their activities. 
  • A GDMA survey also notes that globally, 82% of consumers want more control over their personal information, shared with companies. 77% also expect brands to be transparent about how their data is collected and used. 

  When businesses fail to hold their end of the bargain — collect just the right amount of data and use it with integrity — consumers are fast to cut ties. 

  Once the information about privacy violations becomes public, companies lose : 

  • Brand equity 
  • Market share 
  • Competitive positioning 

  An AON report estimates that post-data breach companies can lose as much as 25% of their initial value. In some cases, the losses can be even higher. 

  In 2015, British telecom TalkTalk suffered from a major data breach. Over 150,000 customer records were stolen by hackers. To contain the issue, TalkTalk had to throw between $60-$70 million into containment efforts. Still, they lost over 100,000 customers in a matter of months and one-third of their company value, equivalent to $1.4 billion, by the end of the year. 

  Fresher data from Infosys gives the following maximum cost estimates of brand damage, companies could experience after a data breach (accidental or malicious).

  

  3 Major Advantages of Privacy in Business 

  Despite all the industry mishaps, a reassuring 77% of CEOs now recognise that their companies must fundamentally change their approaches to customer engagement, in particular when it comes to ensuring data privacy. 

  Many organisations take proactive steps to cultivate a privacy-centred culture and implement transparent data collection policies. 

  Here’s why gaining the “privacy advantage” pays off.

  1. Market Competitiveness 

  There’s a reason why privacy-focused companies are booming. 

  Consumers’ mounting concerns and frustrations over the lack of online privacy, prompt many to look for alternative privacy-centred products and services. 

  The following B2C and B2B products are moving from the industry margins to the mainstream : 

  • Private search engines (Duckduckgo)
  • Password managers (1password, Dashlane)
  • Online identity networks (id.me)
  • Web analytics solutions (Matomo) 
  • And secure messaging apps (Signal) among others 

  Across the board, consumers express greater trust towards companies, protective of their privacy : 

  

  And as we well know : trust translates to higher engagement, loyalty, and – ultimately revenue. 

  By embedding privacy into the core of your product, you give users more reasons to select, stay and support your business. 

  2. Higher Operational Efficiency

  Customer data protection isn’t just a policy – it’s a culture of collecting “just enough” data, protecting it and using it responsibly. 

  Sadly, that’s the area where most organisations trail behind. At present, some 90% of businesses admit to having amassed massive data silos. 

  Siloed data is expensive to maintain and operationalise. Moreover, when left unattended, it can evolve into a pressing compliance issue. 

  A recently leaked document from Facebook says the company has no idea where all of its first-party, third-party and sensitive categories data goes or how it is processed. Because of this, Facebook struggles to achieve GDPR compliance and remains under regulatory pressure. 

  Similarly, Google Analytics is riddled with privacy issues. Other company products were found to be collecting and operationalising consumer data without users’ knowledge or consent. Again, this creates valid grounds for regulatory investigations. 

  Smaller companies have a better chance of making things right at the onset. 

  By curbing customer data collection, you can : 

  • Reduce data hosting and Cloud computation costs (aka trim your Cloud bill) 
  • Improve data security practices (since you would have fewer assets to protect) 
  • Make your staff more productive by consolidating essential data and making it easy and safe to access

  Privacy-mindful companies also have an easier time when it comes to compliance and can meet new data regulations faster. 

  3. Better Marketing Campaigns 

  The biggest counter-argument to reducing customer data collection is marketing. 

  How can we effectively sell our products if we know nothing about our customers ? – your team might be asking. 

  This might sound counterintuitive, but minimising data collection and usage can lead to better marketing outcomes. 

  Limiting the types of data that can be used encourages your people to become more creative and productive by focusing on fewer metrics that are more important.

  Think of it this way : Every other business uses the same targeting parameters on Facebook or Google for running paid ad campaigns on Facebook. As a result, we see ads everywhere — and people grow unresponsive to them or choose to limit exposure by using ad blocking software, private browsers and VPNs. Your ad budgets get wasted on chasing mirage metrics instead of actual prospects. 

  Case in point : In 2017 Marc Pritchard of Procter & Gamble decided to first cut the company’s digital advertising budget by 6% (or $200 million). Unilever made an even bolder move and reduced its ad budget by 30% in 2018. 

  Guess what happened ?

  P&G saw a 7.5% increase in organic sales and Unilever had a 3.8% gain as HBR reports. So how come both companies became more successful by spending less on advertising ? 

  They found that overexposure to online ads led to diminishing returns and annoyances among loyal customers. By minimising ad exposure and adopting alternative marketing strategies, the two companies managed to market better to new and existing customers. 

  The takeaway : There are more ways to engage consumers aside from pestering them with repetitive retargeting messages or creepy personalisation. 

  You can collect first-party data with consent to incrementally improve your product — and educate them on the benefits of your solution in transparent terms.

  Final Thoughts 

  The definitive advantage of privacy is consumers’ trust. 

  You can’t buy it, you can’t fake it, you can only cultivate it by aligning your external appearances with internal practices. 

  Because when you fail to address privacy internally, your mishaps will quickly become apparent either as social media call-outs or worse — as a security incident, a data breach or a legal investigation. 

  By choosing to treat consumer data with respect, you build an extra layer of protection around your business, plus draw in some banging benefits too. 

  Get one step closer to becoming a privacy-centred company by choosing Matomo as your web analytics solution. We offer robust privacy controls for ensuring ethical, compliant, privacy-friendly and secure website tracking. 

• Reverse Engineering Clue Chronicles Compression

  15 janvier 2019, par Multimedia Mike — Game Hacking

  My last post described my exploration into the 1999 computer game Clue Chronicles : Fatal Illusion. Some readers expressed interest in the details so I thought I would post a bit more about how I have investigated and what I have learned.

  It’s frustrating to need to reverse engineer a compression algorithm that is only applied to a total of 8 files (out of a total set of 140), but here we are. Still, I’m glad some others expressed interest in this challenge as it motivated me to author this post, which in turn prompted me to test and challenge some of my assumptions.

  Spoiler : Commenter ‘m’ gave me the clue I needed : PKWare Data Compression Library used the implode algorithm rather than deflate. I was able to run this .ini data through an open source explode algorithm found in libmpq and got the correct data out.

  Files To Study
  I uploaded a selection of files for others to study, should they feel so inclined. These include the main game binary (if anyone has ideas about how to isolate the decompression algorithm from the deadlisting) ; compressed and uncompressed examples from 2 files (newspaper.ini and Drink.ini) ; and the compressed version of Clue.ini, which I suspect is the root of the game’s script.

  The Story So Far
  This ad-hoc scripting language found in the Clue Chronicles game is driven by a series of .ini files that are available in both compressed and uncompressed forms, save for a handful of them which only come in compressed flavor. I have figured out a few obvious details of the compressed file format :

  bytes 0-3 "COMP"
  bytes 4-11 unknown
  bytes 12-15 size of uncompressed data
  bytes 16-19 size of compressed data (filesize - 20 bytes)
  bytes 20- compressed payload
  

  The average compression ratio is on the same order as what could be achieved by running ‘gzip’ against the uncompressed files and using one of the lower number settings (i.e., favor speed vs. compression size, e.g., ‘gzip -2’ or ‘gzip -3’). Since the zlib/DEFLATE algorithm is quite widespread on every known computing platform, I thought that this would be a good candidate to test.

  Exploration
  My thinking was that I could load the bytes in the compressed ini file and feed it into Python’s zlib library, sliding through the first 100 bytes to see if any of them “catch” on the zlib decompression algorithm.

  Here is the exploration script :
  

  <script src="https://gist.github.com/multimediamike/c95f1a9cc58b959f4d8b2a299927d35e.js"></script>
  

  It didn’t work, i.e., the script did not find any valid zlib data. A commentor on my last post suggested trying bzip2, so I tried the same script but with the bzip2 decompressor library. Still no luck.

  Wrong Approach
  I realized I had not tested to make sure that this exploratory script would work on known zlib data. So I ran it on a .gz file and it failed to find zlib data. So it looks like my assumptions were wrong. Meanwhile, I can instruct Python to compress data with zlib and dump the data to a file, and then run the script against that raw zlib output and the script recognizes the data.

  I spent some time examining how zlib and gzip interact at the format level. It looks like the zlib data doesn’t actually begin on byte boundaries within a gzip container. So this approach was doomed to failure.

  A Closer Look At The Executable
  Installation of Clue Chronicles results in a main Windows executable named Fatal_Illusion.exe. It occurred to me to examine this again, specifically for references to something like zlib.dll. Nothing like that. However, a search for ‘compr’ shows various error messages which imply that there is PNG-related code inside (referencing IHDR and zTXt data types), even though PNG files are not present in the game’s asset mix.

  But there are also strings like “PKWARE Data Compression Library for Win32”. So I have started going down the rabbit hole of determining whether the compression is part of a ZIP format file. After all, a ZIP local file header data structure has 4-byte compressed and uncompressed sizes, as seen in this format.

  Binary Reverse Engineering
  At one point, I took the approach of attempting to reverse engineer the binary. When studying a deadlisting of the code, it’s easy to search for the string “COMP” and find some code that cares about these compressed files. Unfortunately, the code quickly follows an indirect jump instruction which makes it intractable to track the algorithm from a simple deadlisting.

  I also tried installing some old Microsoft dev tools on my old Windows XP box and setting some breakpoints while the game was running and do some old-fashioned step debugging. That was a total non-starter. According to my notes :

  Address 0x004A3C32 is the setup to the strncmp(“COMP”, ini_data, 4) function call. Start there.

  Problem : The game forces 640x480x256 mode and that makes debugging very difficult.

  Just For One Game ?
  I keep wondering if this engine was used for any other games. Clue Chronicles was created by EAI Interactive. As I review the list of games they are known to have created (ranging between 1997 and 2000), a few of them jump out at me as possibly being able to leverage the same engine. I have a few of them, so I checked those… nothing. Then I scrubbed some YouTube videos showing gameplay of other suspects. None of those strike me as having similar engine characteristics to Clue Chronicles. So this remains a mystery : did they really craft this engine with its own scripting language just for one game ?

  The post Reverse Engineering Clue Chronicles Compression first appeared on Breaking Eggs And Making Omelettes.

• What is Audience Segmentation ? The 5 Main Types & Examples

  16 novembre 2023, par Erin — Analytics Tips

  The days of mass marketing with the same message for millions are long gone. Today, savvy marketers instead focus on delivering the most relevant message to the right person at the right time.

  They do this at scale by segmenting their audiences based on various data points. This isn’t an easy process because there are many types of audience segmentation. If you take the wrong approach, you risk delivering irrelevant messages to your audience — or breaking their trust with poor data management.

  In this article, we’ll break down the most common types of audience segmentation, share examples highlighting their usefulness and cover how you can segment campaigns without breaking data regulations.

  What is audience segmentation ?

  Audience segmentation is when you divide your audience into multiple smaller specific audiences based on various factors. The goal is to deliver a more targeted marketing message or to glean unique insights from analytics.

  It can be as broad as dividing a marketing campaign by location or as specific as separating audiences by their interests, hobbies and behaviour.

  

  Audience segmentation inherently makes a lot of sense. Consider this : an urban office worker and a rural farmer have vastly different needs. By targeting your marketing efforts towards agriculture workers in rural areas, you’re honing in on a group more likely to be interested in farm equipment. 

  Audience segmentation has existed since the beginning of marketing. Advertisers used to select magazines and placements based on who typically read them. They would run a golf club ad in a golf magazine, not in the national newspaper.

  How narrow you can make your audience segments by leveraging multiple data points has changed.

  Why audience segmentation matters

  In a survey by McKinsey, 71% of consumers said they expected personalisation, and 76% get frustrated when a vendor doesn’t deliver.

  

  These numbers reflect expectations from consumers who have actively engaged with a brand — created an account, signed up for an email list or purchased a product.

  They expect you to take that data and give them relevant product recommendations — like a shoe polishing kit if you bought nice leather loafers.

  If you don’t do any sort of audience segmentation, you’re likely to frustrate your customers with post-sale campaigns. If, for example, you just send the same follow-up email to all customers, you’d damage many relationships. Some might ask : “What ? Why would you think I need that ?” Then they’d promptly opt out of your email marketing campaigns.

  To avoid that, you need to segment your audience so you can deliver relevant content at all stages of the customer journey.

  5 key types of audience segmentation

  To help you deliver the right content to the right person or identify crucial insights in analytics, you can use five types of audience segmentation : demographic, behavioural, psychographic, technographic and transactional.

  

  Demographic segmentation 

  Demographic segmentation is when you segment a larger audience based on demographic data points like location, age or other factors.

  The most basic demographic segmentation factor is location, which is easy to leverage in marketing efforts. For example, geographic segmentation can use IP addresses and separate marketing efforts by country. 

  But more advanced demographic data points are becoming increasingly sensitive to handle. Especially in Europe, GDPR makes advanced demographics a more tentative subject. Using age, education level and employment to target marketing campaigns is possible. But you need to navigate this terrain thoughtfully and responsibly, ensuring meticulous adherence to privacy regulations.

  Potential data points :

  • Location
  • Age
  • Marital status
  • Income
  • Employment 
  • Education

  Example of effective demographic segmentation :

  A clothing brand targeting diverse locations needs to account for the varying weather conditions. In colder regions, showcasing winter collections or insulated clothing might resonate more with the audience. Conversely, in warmer climates, promoting lightweight or summer attire could be more effective. 

  Here are two ads run by North Face on Facebook and Instagram to different audiences to highlight different collections :

  

  Each collection is featured differently and uses a different approach with its copy and even the media. With social media ads, targeting people based on advanced demographics is simple enough — you can just single out the factors when making your campaign. But if you don’t want to rely on these data-mining companies, that doesn’t mean you have no options for segmentation.

  Consider allowing people to self-select their interests or preferences by incorporating a short survey within your email sign-up form. This simple addition can enhance engagement, decrease bounce rates, and ultimately improve conversion rates, offering valuable insights into audience preferences.

  This is a great way to segment ethically and without the need of data-mining companies.

  Behavioural segmentation

  Behavioural segmentation segments audiences based on their interaction with your website or app.

  You use various data points to segment your target audience based on their actions.

  Potential data points :

  • Page visits
  • Referral source
  • Clicks
  • Downloads
  • Video plays
  • Goal completion (e.g., signing up for a newsletter or purchasing a product)

  Example of using behavioural segmentation to improve campaign efficiency :

  One effective method involves using a web analytics tool such as Matomo to uncover patterns. By segmenting actions like specific clicks and downloads, pinpoint valuable trends—identifying actions that significantly enhance visitor conversions. 

  

  For instance, if a case study video substantially boosts conversion rates, elevate its prominence to capitalise on this success.

  Then, you can set up a conditional CTA within the video player. Make it pop up after the user has watched the entire video. Use a specific form and sign them up to a specific segment for each case study. This way, you know the prospect’s ideal use case without surveying them.

  This is an example of behavioural segmentation that doesn’t rely on third-party cookies.

  Psychographic segmentation

  Psychographic segmentation is when you segment audiences based on your interpretation of their personality or preferences.

  Potential data points :

  • Social media patterns
  • Follows
  • Hobbies
  • Interests

  Example of effective psychographic segmentation :

  Here, Adidas segments its audience based on whether they like cycling or rugby. It makes no sense to show a rugby ad to someone who’s into cycling and vice versa. But to rugby athletes, the ad is very relevant.

  

  If you want to avoid social platforms, you can use surveys about hobbies and interests to segment your target audience in an ethical way.

  Technographic segmentation

  Technographic segmentation is when you single out specific parts of your audience based on which hardware or software they use.

  Potential data points :

  • Type of device used
  • Device model or brand
  • Browser used

  Example of segmenting by device type to improve user experience :

  Upon noticing a considerable influx of tablet users accessing their platform, a leading news outlet decided to optimise their tablet browsing experience. They overhauled the website interface, focusing on smoother navigation and better readability for tablet users. These changes offered tablet users a seamless and enjoyable reading experience tailored precisely to their device.

  Transactional segmentation

  Transactional segmentation is when you use your customers’ purchase history to better target your marketing message to their needs.

  When consumers prefer personalisation, they typically mean based on their actual transactions, not their social media profiles.

  Potential data points :

  • Average order value
  • Product categories purchased within X months
  • X days since the last purchase of a consumable product

  Example of effective transactional segmentation :

  A pet supply store identifies a segment of customers consistently purchasing cat food but not other pet products. They create targeted email campaigns offering discounts or loyalty rewards specifically for cat-related items to encourage repeat purchases within this segment.

  If you want to improve customer loyalty and increase revenue, the last thing you should do is send generic marketing emails. Relevant product recommendations or coupons are the best way to use transactional segmentation.

  B2B-specific : Firmographic segmentation

  Beyond the five main segmentation types, B2B marketers often use “firmographic” factors when segmenting their campaigns. It’s a way to segment campaigns that go beyond the considerations of the individual.

  Potential data points :

  • Company size
  • Number of employees
  • Company industry
  • Geographic location (office)

  Example of effective firmographic segmentation :

  Companies of different sizes won’t need the same solution — so segmenting leads by company size is one of the most common and effective examples of B2B audience segmentation.

  The difference here is that B2B campaigns are often segmented through manual research. With an account-based marketing approach, you start by researching your potential customers. You then separate the target audience into smaller segments (or even a one-to-one campaign).

  Start segmenting and analysing your audience more deeply with Matomo

  Segmentation is a great place to start if you want to level up your marketing efforts. Modern consumers expect to get relevant content, and you must give it to them.

  But doing so in a privacy-sensitive way is not always easy. You need the right approach to segment your customer base without alienating them or breaking regulations.

  That’s where Matomo comes in. Matomo champions privacy compliance while offering comprehensive insights and segmentation capabilities. With robust privacy controls and cookieless configuration, it ensures GDPR and other regulations are met, empowering data-driven decisions without compromising user privacy.

  Take advantage of our 21-day free trial to get insights that can help you improve your marketing strategy and better reach your target audience. No credit card required.