How to Securely Share your Customer Data

Have you ever wanted to build a custom audience in Facebook? Or perhaps you’ve wanted to provide a list of email addresses to a partner such as Google for retargeting across the web? Perhaps even to your agency or programmatic provider to use in a campaign? Were you concerned about sharing your raw customer data? You’re not alone.

Firstly, why would I share my data?

One of the most valuable assets available to you as a marketer is the data you have on both your existing customers and your target audience. However, a word of caution, it is not the data itself that provides value, rather it is how you segment it and what you are able to do with it.

One example is sharing a list of the email address of your current customers so that you can exclude them from advertising campaigns relating to a product or service that they have already purchased. Another is drawing upon a list of your most engaged prospects so that you can drive a much more targeted & efficient advertising campaign by only targeting those that are already brand aware.

To give you an idea of the power of utilising your data in this way Bench recently worked on a campaign for a well known University. The University was able to secure the email addresses of all postgraduate students over the last 12 months. We then segmented these by faculty and used the seed audience pools to find like-minded audiences who might be interested in studying a postgraduate degree. This audience group performed 35% better than all other prospecting activity…!

An important distinction needs to be made here. The actual students whose email addresses were used were not directly marketed to in any way at all. This is an important distinction as many privacy policies contain a clause preventing the use of customer data in “direct marketing” activities.

Ok that’s great, but I can’t share my customer’s email addresses with anyone, let alone my agency…

This is a valid point, and I don’t think anyone would ever expect you to. Fortunately there is a simple solution to overcome this problem. That solution comes in the form of a one-way cryptographic hash function.

What the hell is a one-way cryptographic hash function?

Put simply, a one-way hash function is an algorithm which takes an input of a variable size (e.g. customer email addresses) encrypts it and converts it into an output of fixed length. However unlike typical encryption, the process is irreversible. There is no way to work out the original input (in this case the customer’s email address) from the result.

The most commonly adopted standard for one-way hash functions is the SHA-256 algorithm. The output of the SHA-256 algorithm is a fixed length encoded 64-character string. See examples of the SHA-256 algorithm being applied to customer email addresses below.

Email Address: [email protected]

Resulting Hash: 22B28AB920AC727C530D5C9ADB23C3D8B7E26EC5CC1600B0EDB60B1D6398D1C6

Email Address: [email protected]

Resulting Hash: 85372D4AAC47CB3CD0949617884CD81A2D6CCA3CC1494370DC228D8DC6A259CF

Email Address: [email protected]

Resulting Hash: 87F1C18EAB85BA2A24D87F925AA77515991591BB5FE7A943378AFC952311D1C8

Once you have hashed your data you can then provide it to your 3rd party without fear of your customer’s personal information being compromised.

So if the data is unreadable, how is it of any use to anyone?

In the example of creating a Facebook custom audience, Facebook will use the same SHA-256 algorithm on its users’ information. Facebook will then compare the hash it has received from you with the one that it has generated. If the hashes match, it knows that the original email address must also be a match.

How can I hash my data?

Although there are many online tools available, NEVER use an online tool to hash your data as this requires providing the raw unfiltered data to the 3rd party providing the hashing solution which is exactly what we are trying to avoid. Instead, you can download a tool such as the one created by tedtechnology from Source Forge here.

Let’s talk privacy policies

One-way cryptographic hash functions are a very powerful tool that can allow you to make the most of your data. Saying that, every company or organisation has a different privacy policy. The content of this article is intended to help you build a case with your legal/compliance team who should always be involved in discussions around the use of data.


Written by Mike McGarry