post image January 3, 2023 | 5 min Read

Marketers. Don't go rogue, work with your CISO.

With many governments introducing legislation and laws that protect the privacy of their citizens, marketers are faced with growing pressure to keep user privacy at the forefront of their decisions.

How much data do marketers use?

Data-driven marketing and the promise of unlocking the full potential of every marketing dollar spent tempts marketers, for better or for worse, to collect more data than they know what to do with.

The amount of user data that marketers use can vary significantly depending on the specific marketing strategy, the type of business, and the type of data being collected. Some marketers may use only a small amount of data, such as a customer’s name and email address, while others may collect and use a larger amount of data, including demographic information, purchasing history, and online behavior.

It is important for marketers to be transparent about their data collection practices and to ensure that they have obtained the necessary permissions and consent from users before collecting any sensitive or personal information. It is also important for marketers to implement appropriate security measures to protect user data and to handle it in accordance with relevant laws and regulations.

How does data collection impact marketing?

There are several risks to marketing departments when it comes to collecting and using user data. These include:

  • Privacy concerns - Marketing departments may not always obtain explicit consent from users before collecting and using their data. This can lead to concerns about privacy and the possibility of users feeling violated or misled.

  • Legal risks - There are various laws and regulations that govern the collection and use of user data, such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States. Marketing departments must ensure that they are in compliance with these laws, or they risk facing fines and other legal consequences.

  • Reputation risks - If a marketing department mishandles user data or is seen as being untrustworthy in its use of data, it can damage the reputation of the company and lead to a loss of customer trust.

  • Security risks - Marketing departments may also be at risk of cyberattacks and data breaches if they do not have strong security measures in place to protect user data.

It is important for marketing departments to be transparent and respectful in their use of user data and to carefully consider the potential risks and consequences before collecting and using it.

What do CISOs think?

CISOs are concerned with risks to the organization, and data collected by marketing departments can represent a large risk. From a high-level risk perspective, CISOs are concerned about financial, operational, and reputational risks.


As a Chief Information Security Officer (CISO), one of the main financial concerns is the potential for incidents that can incur costs for the organization. These incidents may include internal or external fraud, as well as fines levied against the organization for failing to comply with laws and regulations. It is important for the CISO to be proactive in addressing these potential threats and finding ways to mitigate their impact on the organization’s financial stability. They may need to work with other business leaders to develop and implement risk management strategies to mitigate financial risks.


As a Chief Information Security Officer (CISO), one of the main operational risks that you may be concerned with is the potential for cyber threats and security breaches to disrupt the organization’s business operations. This can include the theft or loss of sensitive data, damage to systems or networks, and the disruption of critical services. CISOs may be concerned with the operational risks associated with the organization’s use of third-party vendors and partners, including the potential for these entities to introduce security vulnerabilities into the organization’s systems or to expose sensitive data.


As a Chief Information Security Officer (CISO), one of the main reputation risks that you may be concerned with is the potential for a cyber attack or security breach to damage the organization’s reputation. This can occur if sensitive data is exposed or stolen, if systems or networks are damaged, or if critical services are disrupted.

Other reputation risks that CISOs may be concerned with include the potential for negative media coverage or public perception of the organization’s security practices, the loss of customer trust and loyalty, and the potential for legal or regulatory action.

Working together is a requirement

Different Chief Information Security Officers (CISOs) may have different views on the collection of user information by marketers. Some CISOs may be comfortable with the collection of certain types of user information, while others may have concerns about the potential risks or privacy implications.

It is generally a good idea for marketers to work closely with their Chief Information Security Officer (CISO) to ensure that the marketing efforts of the company are in compliance with data protection laws and regulations and that user data is being handled in a secure and responsible manner. The CISO is responsible for the overall security of the company’s information systems, including the protection of user data, and can provide valuable guidance and support to the marketing department as they develop and implement their campaigns. By working together, marketers and CISOs can ensure that the company’s marketing efforts are both effective and compliant with relevant laws and regulations. This can help to reduce the risk of legal and reputational issues and protect the company’s reputation with its customers.