Rethinking ‘Boring’ Business Data in the Age of AI and Data Privacy


Data drives business success and is critical for business operations. Building trust around its use has never been more important.

As generative AI gains traction, data privacy concerns are on the rise. Speaking as a former regulator with more than two decades of experience in data privacy, regulation, and risk management, there are, unfortunately, many misconceptions about businesses’ data use.

B2C data is often wrongly lumped in with B2B data when, in reality, there are significant differences between the two. B2C data is often personal, sensitive, and immutable, whereas B2B data continually changes and is normally lower risk, reflecting the essential flow of business.

Society naturally tends to focus more on worrisome B2C examples, often following a large data breach or some especially intrusive profiling of people. One way to consider the difference between B2B vs. B2C data is to picture handing someone your business card versus providing them with your Social Security card. The first example is a common, everyday practice. The latter poses more risk of abuse.

Work contact information is low on the sensitivity spectrum

A 2023 Aberdeen Strategy & Research study found business people are generally less concerned about the processing or sharing of their work contact information. They’re much more worried about misuse of data related to their personal lives, like passwords and financial or health information. Only 21% of those surveyed listed their work email among their top 10 most sensitive types of data, and just 18% listed their work phone. Bank account information, mobile phones, and credit scores, by contrast, were ranked among the most sensitive data types by a majority of respondents.

In other words, not all data is created equal. Professional contact information – names, titles, work email, and office numbers – doesn’t carry the same expectations as B2C data. Most privacy laws have some kind of delineation to reflect the risk of harm to the individual; the EU’s GDPR does this by defining ‘sensitive’ personal data, covering areas such as race, political opinions, and sexual orientation, and many U.S. states exclude B2B data entirely. Businesses publish professional contact data for external reference, and B2B data is often shared freely for sales prospecting, recruitment, and market research.

See also: Data Privacy Concerns Deter Enterprises From Commercial LLMs

Generative AI

Two trends are changing the B2B data landscape, especially for sales and marketing: third-party cookies are (slowly) fading away, and AI is becoming more powerful and accessible, making other data sources easier to understand. We can expect to see more innovation as B2B companies combine first-party data and third-party data sources to create and measure more personalized customer experiences.

A recent McKinsey & Company study found that companies using data-driven marketing are 23x more likely to acquire customers, 6x more likely to retain them, and 19x more likely to be profitable. It’s not hard to see why leading B2B companies are investing in so-called “boring data,” like professional contact lists and databases. It’s generally seen as non-intrusive and lower-risk, with a clear ROI for B2B commerce.

Establish trust & safeguard privacy 

Regardless of how low-risk it is, if B2B data is about a person, it’s personal data. Low risk isn’t zero risk, and lighter regulation isn’t zero regulation. In many parts of the world, notification obligations apply, there may be opt-out rights for marketing, and a range of other data rights must be respected. At ZoomInfo, we keep things simple by applying one notification and opt-out approach globally, applying the same high standard regardless of whether it’s required or not. But for other companies, adhering to local applicable laws may be preferable. But this approach does mean always having to adjust your procedures as privacy laws continue to evolve and explaining why you treat some people differently than others.

The gold standard for fostering and maintaining trust is to establish a centralized privacy resource, or trust center, that provides convenient access to this information. Organizations can also include information about their certifications and privacy safeguards, like third-party compliance audits, to give relevant parties peace of mind. At ZoomInfo, we’ve just expanded the scope of our trust center to explain our responsible AI and cybersecurity policies. This type of proactivity is especially important as organizations invest in solutions to marry their first-party and third-party data. After all, businesses that take the chance on third-party data from disreputable or unreliable sources put their whole enterprise and data ecosystem at risk.

“Boring data” is the future of business

Professionals have always shared business contact information through business cards, rolodexes, and the Yellow Pages. People – and regulators – understand that B2B data is inherently lower risk than much B2C data, but sometimes all data processing gets tarred with the same brush. The distinction between B2B and B2C is worth clarifying because global commerce would grind to a halt without B2B contact information. 

Companies using vast amounts of first-party and third-party data must take a fresh look at their data governance  – not only to ensure compliance with applicable privacy laws but also to encourage greater trust by setting clear, public expectations regarding their data practices. Ultimately, B2B data may seem “boring,” but the reality is that it’s always been – and will be – critical for business operations. Building trust around its use has never been more important.

Simon McDougall

About Simon McDougall

Simon McDougall is the Chief Compliance Officer at ZoomInfo. He has served in that role since joining the company in January 2022, overseeing how the company collects its professional data and upholds individuals’ rights to privacy. Before joining the company, Simon served as Deputy Commissioner for the Information Commissioner’s Office (ICO), the U.K.’s independent authority for upholding information rights. He’s also a board member of the International Association of Privacy Professionals (IAPP) and an International Fellow at Yale University’s Digital Ethics Center. He holds a B.A. from Somerville College at the University of Oxford and is a Chartered Accountant.

Leave a Reply

Your email address will not be published. Required fields are marked *