Mitch Eisenberg


September 14, 2023


Acting as a consultative partner with our DataHub Members is a foundational component of Alliant’s business approach. With 22 years of expertise in data privacy and compliance, Alliant commonly fields questions from customers around this important topic, especially when it comes to Membership.

With all the new state regulations, it’s time for an Alliant update on the most pressing privacy and compliance questions we hear daily from our DataHub Members. Alliant’s SVP, General Counsel and Data Compliance Officer, Mitch Eisenberg, highlights the company’s unique dedication in this Q&A.

Q1: What are Members’ top privacy & compliance concerns at the moment?

DataHub Members are well aware that new laws and guidelines are constantly being rolled out and want to ensure their data and related processes comply with these emerging regulations. There is also a real acknowledgment around data privacy and security – that their data can be a target for theft.

Q2: What is Alliant’s #1 goal for data privacy approach in 2023?

In 2023 and always, Alliant’s goal is to ensure that DataHub Members are confident the data they contribute to the cooperative is treated with the utmost respect and highest compliance standards, meeting the ever-expanding number of regulations. Alliant abides by all US State privacy, financial and other laws including incorporating Privacy by Design and FTC marketing guidelines.

Beyond our DataHub Members, Alliant consistently strives to ensure all data coming in and out of Alliant is properly sourced and permissioned, and that resulting audiences are being deployed in market via a compliant manner. Managing this across an extensive network of brand, platform and agency partners requires refined processes and systems to review everything from privacy statements to creative to custom model development.

Q3: How often does Alliant review privacy and compliance?

Our approach to data privacy is an ongoing day-to-day effort that spans across Legal, Data Governance and Information Technology teams. A dedicated IT group consistently evolves our systems to ensure we have the most rigorous software, hardware, and security practices in place. Contracts, creative assets, and custom data usage requests are reviewed by our Legal team on an ongoing basis.

Q4: How does Alliant manage all the new state privacy laws similar to the CCPA/CPRA?

Alliant maintains rigorous levels of awareness, education, and group participation. Our in-house Compliance team frequently monitors and attends education on the latest developments across all state laws, while also participating with the ANA, DAA, and other industry groups. Since each state law varies, to ensure the highest level of compliance, Alliant adopts policies and practices that meet the strictest state obligations as our standard, to ensure coverage on a broader level. For instance, while the CPRA requires opt-out for the use of Sensitive Personal Information, new states are taking it further with express opt-in consent. Alliant has made this opt-in consent part of our overall policy.

Q5: Alliant’s solution delivery systems are SOC2 Compliant. What does that mean why should it matter to DataHub Members?

Alliant went through the SOC2 certification process, originally passing the audit in 2019 and maintaining certification every year since. SOC2 (System and Organizational Controls) is a standardized framework designed to ensure companies are mitigating information-related risk. To meet these requirements, an annual multi-day audit with specific privacy and security standards consistent with the industry’s best practices needs to be met.

SOC2 compliance assures Members, brands and partners that Alliant complies with the highest industry standards possible. Alliant also layers on additional certifications through membership and certifications from industry governing bodies and third parties such as Neutronian, TAG, IAB and recently joining the NAI.

Q6: What protection is in place for Member’s first-party data?

First-party data is the core asset of Alliant Members, and we take that very seriously. Alliant uses a combination of legal compliance, IT infrastructure and processes, and constant oversight to ensure Member data are protected. In-house Compliance establishes compliance with every state privacy law, compliance by design measures when architecting new products, solutions and systems, regular reviews of Member data, and ongoing consumer privacy practices. The IT department utilizes a robust approach to infrastructure, technologies, and data transit and storage. This includes data encryption for transit and secure storage using TLS 1.2 with elliptical curve ciphers, full disk encryption, and data access via volume, folder, and file level only to required associates through a virtual cleanroom environment.

Q7: Since Alliant is a data cooperative and audience solutions provider, how do you ensure Member’s first-party data is not being sold to another brand?

A Member’s data is managed by Alliant in two ways. First it is stored in a separate DataMart, not integrated with any other data. This maintains the brand’s first-party data integrity and creates easy access for custom work. Second, the data is anonymized and matched into the greater DataHub, which is an aggregated second party data asset. This aggregated asset is the Alliant work product that drives data science and the resulting audience solutions.

Q8: Who can access Member data?

With the DataMart benefit, Members can of course request to access their own data at any time. At Alliant, only limited members of Data Integration and Data Science teams have working access to the DataMarts and the DataHub’s aggregated second-party data asset. This data is accessed in highly secure data management tools and virtual analytic workspaces that strip out PII.

Q9: What is the one thing you want existing Members of Alliant’s DataHub to know in the privacy space?

What matters is that all your data partners have a collective approach to privacy in place. Members should evaluate all partners, even the shiny new solutions getting a lot of hype. This includes business history, certifications, reputation, legal team, compliance practices, and IT infrastructure. As a leading data cooperative, Alliant wants Members to be assured that data privacy and security is of utmost importance and their focus should be on the tremendous value that comes with being a member.

Brands work hard to earn their customer’s trust in the form of data, and it is our responsibility as a data partner to protect it. The added confidence in compliance and security enables Members to focus resources on performance and revenue-driven business initiatives. This includes using their data to improve customer experiences, gain audience insights, drive better marketing decisions and ROI, and ultimately improve their bottom line.

Did you learn more about the considerations and realities of DataHub Membership and Alliant’s approach to privacy and compliance? If you have more questions please don’t hesitate to reach out to your Account Executive or Mitch Eisenberg.