Read Time: 10 min

6 Ways to Privacy-Proof Your Email Program


Data privacy measures are increasing and each new regulation impacts how email marketers reach their audiences.

In 2014, Canada’s Anti-Spam Law (CASL) went into effect, with The European Union’s privacy law—General Data Protection Regulation (GDPR)—following in 2018. Then in 2020, it was the California Consumer Privacy Act (CCPA) which strengthened measures in the U.S. and is likely to be a blueprint for other states to follow. 2021 was the year of Apple’s Mail Privacy Protection (MPP), and looming on the horizon is the death of third-party cookies from Google in 2023.

With the rise of privacy measures, it’s important to not only stay informed but also to plan for the long-term health of your email program. While the upcoming changes are uncertain, something you can count on is that privacy measures will continue to increase—and it’s best to be prepared.

Our recommendation? If you aren’t doing it now, you should be taking steps to privacy-proof your email program. This means setting up your email program for longevity and success, with privacy top of mind. Read on for six ways you can set yourself up for privacy-proofing success (or jump ahead below):

  1. Increase collection of zero-party data
  2. Ensure confirmation campaigns are in place
  3. Track engagement with metrics other than open rates
  4. Redefine how you re-engage customers, outside of email
  5. Steer away from dependence on opens and geolocation
  6. Consider removing Personally Identifiable Information (PII)

What are the four types of data?

For email marketers, it’s important to understand the data you have accessible so you understand how to use it most effectively. First, let’s recap the four different types of data.

Zero-party data is individual-level data explicitly given to you directly from your audience. Examples are email preference centers, account preferences, and topic or product interests.

First-party data is individual-level data collected from your audience on your own channels. This includes email engagement, website activity, and purchase history.

Second-party data is individual-level data acquired from a trusted partner—aka someone else’s first-party data. Think co-marketing efforts, customer reviews, and loyalty programs.

Third-party data: aggregate data collected from one or more sources. Examples of this include browsing activity (via cookies), demographics, and survey responses.

How to privacy-proof your email program

Consider these tips as jumping-off points to prepare your email program for the ever-changing future of privacy.

1. Increase collection of zero-party data

As more people adopt Apple’s MPP, open rates will appear inflated. As such, you’ll need more reliable data to glean insights from—like zero-party data.

Zero-party data is individual-level data explicitly given to you directly from your audience. It’s a key component for future-proofing because it’s reliable data. By increasing your efforts to collect more zero-party data from your audience, you’ll set yourself up for success down the line as privacy measures rise.

How can you put this into practice? We usually think of subscription preference centers as a place where subscribers choose what they want to receive and frequency of communication. But they can also be a place to gather zero-party data, like topics of interest.

Additionally, account preferences can be a great place to capture information, like role, title, and location—all of which can be used as part of your strategy (e.g. determining send times, localization, etc.).

Example from Fairygodboss

Other ways to capture this are through customer onboarding, sign-up forms on your site, and even quizzes—which adds a layer of interactivity, too. This is a win-win because you’re not only allowing users to have an interactive experience, but also establishing brand trust by encouraging participation with the understanding that you’ll use the information appropriately.

Here’s an example from Notion’s onboarding experience—they collect relatively standard information like company size but also team type, making it a more interactive experience.

Example of Notion onboarding experience from Blush

2. Ensure confirmation campaigns are in place

Staying on top of your list hygiene is important as privacy changes take place. One way to do that is ensuring you have confirmation campaigns in place that gather explicit opt-in from existing subscribers. We’ll talk about two kinds here: 1) re-permission campaigns and 2) double opt-in (DOI).

Re-permission campaigns

By having re-permission campaigns as part of your regular practice (e.g. your list hygiene activities), you’re ensuring you have the most up-to-date consent of your subscribers.

Let’s say you’re looking at a segment of inactive subscribers who haven’t opened an email from your company or business in the past six months. In a world where privacy is an increasing concern, is it worth the risk of your spam complaint rate potentially going up by continuing to send to this group?

A re-permission campaign helps make sure you’re emailing people who are still interested. And with opens becoming less of a dependable metric, it’s only going to be harder to determine. That’s why regular re-permission campaigns—where subscribers actively say they’re interested—are a good way to not only keep your list clean, but refresh or update your subscribers’ email consent.

At Litmus, if a subscriber has not opened or clicked on any email they have been sent in the last 60 days, we send them an email asking them if they’d like to continue receiving emails. This allows the subscriber to re-engage or opt-out and allows us to keep good data hygiene.

Double opt-in (DOI)

A long-standing debate in the email community is single opt-in vs. double opt-in. In terms of privacy-proofing your email program, DOI, gives you a stronger proof of opt-in.

A big concern for double opt-ins is losing out on subscribers when they don’t confirm. But one way to work around this is by requiring subscription confirmation before delivering the intended resource that the person signed up to receive (e.g. a report, e-book, etc.). For example, your post-form page could say: Confirm your subscription in your email to receive the e-book. Then, after they confirm, they’ll receive the download.

Also, DOI is great in instances where a typo may have occurred when entering an email address. It helps you validate new subscriber’s email addresses, ensuring you’re emailing the right people (and reducing the risk of getting hit with spam complaints).

3. Track engagement with metrics other than open rates

Like we mentioned above, as adoption of MMP increases, open rates will become less reliable due to perceived inflation.

Open rates are known as the most traditional and popular metric in email marketing. But it’s time to shift your focus to other engagement metrics, especially if you use open rates to project conversions. It’s especially important to look toward more reliable ones—such as click-through rates, read rates, and unsubscribe rates—as you plan for 2022 onwards.

But the real key for measuring engagement is looking beyond email. Look at your other platforms and incorporate omnichannel metrics that demonstrate customer engagement—such as offline purchases, account activity, website visits, mobile app activity, and SMS engagement. Think of email as a touch point for engagement. Then, discuss with your team: How can you get these omnichannel metrics and metrics from your ESP pulled into your dashboards, combined for a more holistic view of your marketing efforts?

4. Redefine how you re-engage customers, outside of email

Let’s talk about your re-engagement campaigns. What KPIs are you using to measure success? Metrics like click and click-to-open rates may come to mind. But are they enough to measure re-engagement alone?

Rather, as we mentioned earlier, think of email as a touch point in your customer journey. A more effective way to measure re-engagement is by looking at where subscribers go after they engage with your email. For example, did they go to your site or mobile app after reading your newsletter?

By taking an omnichannel approach to how you look at your own metrics, you’ll paint a fuller picture of your customer journey, better than if you were to look at specific email metrics alone. This also gives an opportunity for teams to break down their marketing silos and use a combined approach to achieve results.

5. Steer away from dependence on opens and geolocation

In addition to open rates, MPP has also impacted email marketers’ ability to track geolocation. That’s why it’s a good idea to start adjusting how you measure your program’s performance, outside of these metrics. Being prepared for these contingencies will be helpful in privacy-proofing your program for what lies ahead.

One way to prepare is by conducting an audit of your email program(s). Evaluate your current activities: check for instances where you rely on open rates and geolocation and discuss new ways to move forward with your team. These might include your:

And, although you may have to change how some of your campaigns operate currently, you can also add tactics to your strategy. Here are some examples to look into, if they aren’t a part of your program already:

  • Real-time inventory updates
  • Countdown timers
  • Suppressing inactive subscribers
  • Monitoring deliverability or inbox placement
  • Reporting on overall email program performance to leadership

6. Consider removing Personally Identifiable Information (PII)

Personally identifiable information (PII) is “information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual” according to the U.S. General Services Administration.

How does this apply to email marketing? Usually for any product or service, a person’s account information is linked to their email address. If there were ever a security breach, all of that information would be tied to the subscriber. In an effort to privacy-proof, removing PII could be a great way to protect your subscribers’ sensitive information.

Instead of PII, a subscriber ID number can be used. By assigning an ID, you can connect information to an individual user and protect their information from being passed to other systems in case of a breach.

The proof is in the privacy

With many of us in 2022 planning-mode, one of the things that should be on your mind is the longevity of your email program. And while privacy will continue to change and evolve, by taking action to privacy-proof your program now, you’re making an investment for the future.

Get insights into your audience—even with increasing privacy measures

With Litmus Email Analytics, you’ll get visibility into your audience with powerful metrics—like reliable open counts and Apple privacy-impacted opens—to adapt for the future, and continue to create more effective campaigns, faster.


Kimberly Huang

Kimberly Huang

Kimberly Huang is a Content Marketing Manager at Litmus