Redpoint Logo
Redpoint Logo

Apr 27, 2016

Understanding the Differences Among First-, Second-, and Third-Party Data

In many ways, the collection, management, and use of data is a central activity in the modern world. Certainly, it is the foundation of today’s marketing, and the partnership between marketers and database experts grows increasingly closer year after year. That’s why it’s extremely important for marketers — and their audiences – to understand the different kinds of data that can be collected and the rules regarding its use.

Generally speaking, data is divided into three categories based on how it was acquired: first-party data, second-party data, and third-party data.

In any marketing situation it’s obviously critical to have as much information about a customer or prospect as legally possible. In the customer acquisition scenario this is just as important, but of course it can be more difficult. Find them; get them to react to call to action; drive them first to one channel, then another until they buy or don’t buy. This is the domain where alternative data sources become extremely important to the marketing team and just as importantly, we need to understand their relationships and treatment.

First-party data is information a company or organization acquires directly from a person or device. They buy something from you, or regularly interact with you in some way such that you begin to collect plenty of information about their buying behavior and their device usage when they visit you in person or digitally.

For marketers, that information is voluntarily provided during a transaction, and can include the person’s name, address, color and size preferences; or any information about products shopped or purchased. First-party data can also include information submitted when a person fills out a web form, even though they maybe haven’t purchased anything at all. First-party data is generally thought of as the most reliable and valuable to marketers since the person is known to the marketer and is first-hand information. Also, unlike other kinds of data, first-party data comes into the company’s possession free of charge. Companies own their first-party data and usually store it in their CRM, marketing and/or loyalty-program systems to help them get and retain customers by making offers that meet their preferences or simply to maintain their customers’ awareness.

Second-party data is data that is acquired as a result of a relationship, typically a partner company, or a co-op partner. Second-party data offers the promise of combining the unique, highly-personalized information first-party data provides with someone else’s first-party data. Many companies share first-party data with a second party and when you receive someone else’s first-party data, it is “second-party” data to you. Usually a company that has a similar or linked business with yours is that kind of partner. A simple example or mutually beneficial second-party relationships would be ski resort partnering with an outdoor winter clothing retailer. The resort could provide its first-party data of its guests to the retailer (the resort is a second party to the retailer), which could then make direct offers advertising skis, helmets, boots, and even ski jackets if it carried apparel. The arrangement is typically reciprocal, with the retailer providing its customer list for the resort’s marketing (which is second-party data to the resort). In large companies, a consumer may be opted-in by their agreement to make their information “available to our partners,” which many times means other business units of the corporation, for example.

Let’s jump to third-party data now. Third-party data is…everything else. This includes data that you buy. Some examples are data from list brokerages, acquisition through digital means via online digital data providers like reverse phone append, email append, and so on. Third-party data is used to help identify potential customers for generally anything that you’re selling in a “look-alike” way – by looking at your good customers and trying to buy access to people or device access (display ads, search words) that appear and behave like those good customers.

A prime source of third-party data for many years has been data aggregators, companies that specialize in identifying people’s attributes via hundreds or thousands of sources, and aggregating that information in a proprietary way for sale. With digital extensions now, these “on-boarders” can take your first- or second-party data digitally, and match them to the aggregated data set and also provide details about whether you can perhaps reach them on a social platform or generally on web properties around the internet.

The key to the marketing usefulness of third-party data is in the volume of data and how precise the segmentation of that data is. If a seller has a large database of people who have shown an interest in cooking, for example, that data could be sold to kitchen remodelers, food merchants, cookbook sellers, major appliance retailers, pot and pan outlets, and cutlery houses, among others. The aggregating product would in effect sell the same database to an array of clients in different ways. Because third-party sellers are in the data business, they charge for their information.

Even though first-party data is regarded as the most valuable, a Forrester Consulting survey confirms that marketers must rely on all three types of data to build their campaigns.

The same survey also reported that privacy concerns and security controls were very much on the mind of digital marketers which makes sense because there are so many considerations — from maintaining trust in customer relationships to making sure data use in in compliance with applicable regulations.

One of their most significant considerations is Personally Identifiable Information (PII). In its 2010 Guide to Protecting the Confidentiality of Personally Identifiable Information, the National Institute of Standards and Technology (quoting earlier Office of Management and Budget memorandums on the subject) defines PII as “―any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” Though this definition is quite broad and only applies to federal agencies, it serves as a marker for what private data collectors can have and use. In 2012, the Federal Trade Commission released a report with recommendations for how businesses should implement best practices in protecting consumers’ private information.

Of course, data would be pretty useless to marketers if it didn’t contain sufficient information to shape the offer and reach the customer. So all three types of data have some PII information, the difference is the amount and type of fields shared. First-party data has the most personalized and detailed PII, but some it may not be passed onto a second-party cooperative data sharing situation, leaving second-party data with a greater degree of PII than third-party, but both partners in a second-party arrangement need to be very cognizant of any restrictions as these agreements can be “a bit of a legal minefield,” as one observer commented. Third-party data usually is assembled for transfer to the purchaser by an automated device and it might have some PII but that is usually limited to digital life: location, position, device, emails, and phone number.

This complexity is why everyone who has an investment in these three types of data can’t just dump it all into a Data Management Platform (DMP) and hope for the best. First-party data isn’t fully at home in the DMP – many pieces of PII have no business in the DMP. Besides, most DMP data is a one-way trip: It goes in but getting all the detailed data and decision history back out isn’t a pretty sight. The larger a company is in terms of transactions and the more of these three classes of data they have, the more imperative it becomes to create a data layer that specializes in keeping the keys aligned and the classes of data clear.

Steve Zisk 2022 Scaled

Redpoint Global

Do you like this article? Share it!

Related Articles: