Privacy-Safe Measurement Should Be Part of Your Marketing Strategy

Earlier this year, Veeva Crossix became a member of the Network Advertising Initiative (NAI), the leading self-regulatory association dedicated to responsible data collection and its use in digital advertising in the United States. As a member, the NAI certifies that all Crossix tailored advertising and measurement solutions are compliant with the standards included in the 2020 NAI Code of Conduct.

Our NAI membership is new, but our dedication to protecting privacy is not — and this is more important than ever in today’s data-driven marketing landscape. Crossix technology was purpose-built with privacy in mind, while still providing valuable insights to help marketers efficiently reach their target audiences and measure the impact of their campaigns. Many marketers prioritize privacy-safe tailored advertising, but the same standards must extend to campaign measurement too. Crossix DIFA, the leading platform for measuring and optimizing healthcare marketing, meets the highest privacy standards for digital ad delivery and reporting (in other words, measurement) created by the NAI.

First of all, what does the NAI Code of Conduct require for Ad Delivery and Reporting (ADR) for health campaigns?

The 2020 NAI Code of Conduct for ADR refers to the collection or use of data about a person, browser, or device for the purposes of delivering ads or providing advertising-related services, including analytics. Like the requirements for Tailored Advertising, which I discussed in a previous blog post, the NAI Code of Conduct for ADR provides recommendations to help ensure consumer privacy and give users control over how their data is used.

  • De-Identified Information is permitted for ADR, including for health advertising. De-Identified Information is defined as “data that is not linked, or intended to be linked, to an individual, browser, or device.” De-Identified Information cannot, by definition, be sensitive information, such as prescription data, tied to an individual, their cookie ID, their browser, or device. Crossix uses only De-Identified Information for campaign reporting and analytics.
  • The linkage of sensitive healthcare data, such as medical records, to Personally Identified Information (PII) or Device Identified Information (DII) is not permitted without opt-in consent. PII is defined as any data linked, or intended to be linked, to an identified individual, such as data containing a person’s name and address. DII is defined as any data that is linked to a particular browser or device, such as an IP address, cookie ID, or mobile ID.

What is Crossix’s measurement approach and how does it meet the NAI’s Code of Conduct?

Crossix SafeMine technology, which is the foundation of the Crossix Data Platform, leverages a distributed approach to data mining. Analyses are done in segregated and secure environments behind privacy firewalls of healthcare companies. After the data is matched and combined in the Crossix Data Platform, Crossix uses a privacy-by-design approach leveraging technology to control outputs and to ensure only population-level, certified deidentified data is extracted out of the system and used in analytics.

Features of this approach include:

  • Digital identifiers such as DII are never combined with health data.
  • Campaign metadata, such as creative ID or site, is never connected to health data. Instead, metadata is used only to define large cohorts of people for analysis. For example, metadata would be used to create a group of people who saw an ad on a given website.
  • Analytics and reporting are only provided on large groups of people. Only HIPAA certified by Expert Determination to be de-identified, aggregated results are delivered to customers.

By breaking the person-level link between digital data (digital identities and metadata) and health data, the distributed approach represents the gold standard for privacy-safe analysis of digital health campaigns. It is a high velocity, high accuracy, technology-enabled, modern approach to privacy-safe analytics, nearly eliminating risks of re-identification in the process.

What Should I Look For to Ensure My Measurement Approach is Safe?

There are several measurement solutions currently in-market that do not adequately protect the privacy of individuals and do not comply with the 2020 NAI Code. In fact, Crossix is the only NAI member among the leading digital measurement offerings for health marketers.

Things to avoid include:

  • Linking DII or PII, at an individual level, with anonymous health data to determine marketing effectiveness. Even if DII and PII are encrypted, by connecting DII or PII with health data in one data warehouse, the ability to learn the health history of an individual exists.
  • Creating a two-way “crosswalk” between media exposure and health information. This process allows the potential for reverse engineering of PII or DII to identify an individual’s health information. It also opens the door to using that health data to develop Tailored Advertising campaigns, which is also prohibited under the 2020 NAI Code.
  • Linking campaign metadata to health data. Even if working with de-identified data, the inclusion of campaign metadata (such as exposure timestamp, site, creative ID, or placement ID) would make it possible to re-identify an individual or device.

These are risky approaches. We all must do our part to protect the important and valuable ecosystem that enables more effective healthcare communications. When it comes to safe and strategic marketing analytics, it is important to work with partners, like Veeva Crossix, who take privacy seriously for both targeting and measurement. Interested in learning more about our privacy-safe marketing solutions? Contact us.

Interested in learning more about how Veeva can help?