Episode 33: Building the Ultimate MarTech Guide for Privacy-First Marketing Success

In this episode of The Digital Clinic, we dive into building a privacy-compliant MarTech stack with Paul Weinstein, President at Wheelhouse DMG, as he breaks down the comprehensive 12-category guide we created to navigate demanding privacy environments.  

While evaluating MarTech tools at the intersection of privacy and performance, Paul shares practical insights for building your own compliant marketing infrastructure, revealing why proper privacy compliance doesn’t hurt performance—it dramatically improves it.  

From consent management platforms to data activation tools, this episode delivers the strategic roadmap you need to evaluate vendors, control your data, and create marketing technology that delivers exceptional results while keeping you out of legal trouble. Whether you’re dealing with HIPAA, GDPR, or state privacy laws, our blueprint transforms regulatory challenges into performance opportunities. 

Listen Wherever You Get Your Podcasts:

The Complex Privacy Landscape 

Aaron Burnett: The level of complexity, the number of regulations, the number of regulatory bodies, and the governing authorities that are focused on privacy regulations continue to grow. You have all the federal regulations that come from HHS and OCR guidance that are still largely enforced. 

You have FTC enforcement actions. You have states coming online with their own versions of privacy regulations, some of which acknowledge and carve out HIPAA, some of which don’t at all, or are silent on it. They are in conflict. Some of them are more restrictive than federal regulations, like California and, in some ways, Washington State. 

You have international regulations with GDPR and recent court rulings that make some aspects of GDPR even more stringent than they were previously thought to be. Then, as if that weren’t enough, you have antitrust rulings against Google in particular, and you have platform changes with Google, Meta, and others that take data away from advertisers and agencies. So, it’s a simple landscape. It’s very straightforward. 

Paul Weinstein: Yes. 

Aaron Burnett: Very straightforward. Into this simple landscape, tell me, what’s the state of play for MarTech? For the options that agencies and clients should be thinking about as they seek to navigate all of this and not run afoul of the law, the lawyers, their patients, and customers? 

The MarTech Evolution and Current Stakes 

Paul Weinstein: Businesses have been investing in MarTech for a long time, since the beginning of SaaS. We’ve been investing in Salesforce and CRMs and then buying ads on Google. We’ve been doing all kinds of things to drive marketing performance and drive business outcomes. As we’ve been doing this, we’ve been accumulating MarTech. We’ve been connecting it together. We’ve been building our MarTech stacks and then, along the way, having to navigate all the changes that have come along, of all sorts, with privacy just being one of them. 

So, the stakes are getting higher and more clear and then more complicated at the same time. Sometimes it’s not really clear whether or not I have to do this. Is this recommended for me to do? Am I going to get in trouble or not?  

The Need for Data Control  

What I think is most important is that organizations really have to—no matter what posture they take, what problem they’re trying to solve—they need control over the data that they’re collecting, how they’re collecting it, how they’re using it, how they’re sharing it, and their ability to get more value from it. 

In today’s age, and this is even more true with AI, the value is in the data that you’re collecting and your ability to leverage it. But also, the risk is there too. So, it’s become important to both be very adept and understand how to collect but also keep the data private. Then also figure out how to leverage, activate, optimize against, and continue to drive business outcomes with that same data. 

So, what it means is you need tools and platforms and MarTech to be able to manage all the different aspects of what that means from the very start of just asking for consent all the way through to the activation and building of audiences and tracking performance. And being able to figure out, did this work or not? The level of difficulty on that part has just kept going up. 

It’s complicated, or they were sold this vision of what it could do. Without the right expertise in-house or the right further investment after buying it, there are all sorts of things that go into figuring out how to drive value with your marketing dollars. It’s not getting simpler. 

Aaron Burnett: No. As you said, in some instances, existing MarTech providers have evolved so that they have the right or most of the right privacy controls incorporated into their platform if you configure it in the right way, and often if you combine it with other things. In some instances, MarTech providers have not provided those privacy controls either because they’ve said we’re not focused on privacy-first industries. We’ll stick with e-commerce and these other sorts of more standard lead generation or more vanilla web applications. 

So part of the science here, part of the art, is coming up with a diagnostic that enables folks to figure out what they have, what they should be looking for, how it might fit together, and what the ingredients are for a MarTech stack that actually is privacy-compliant and HIPAA-compliant. 

So that leads us to this guide that you’ve created. Tell us about some of the impetus for the guide, which I’ve alluded to, but also what’s in the guide, how we went about putting it together, and what its utility is. 

Building the 12-Category MarTech Guide 

Paul Weinstein: So, what we have done is basically gone through and categorized all the different types of MarTech utility that is required for an organization to be able to safely collect data from their website and then turn around and activate it and use it for advertising purposes. 

Depending on an organization’s size, the type of market they’re going after, their complexity, and where they’re at in a maturity curve, we came up with a dozen different categories of MarTech. The way that we organized it or thought about it was we started at the start. We started at the beginning, which is just consent. That’s just the first step in the process. Then we worked our way through what has to happen next, or how you build each successive step. 

So, we went from consent management platforms to then the cloud infrastructure that you might use to collect data or host certain tools, then into tag management, and then into server-side analytics platforms. From there, we talked about the actual visualization and reporting tools that are out there. Then we started thinking about monitoring. We have to monitor our infrastructure to make sure that we’re not accidentally leaking any data or that some rogue pixel hasn’t been thrown into some blog posts somewhere on the website. 

So, we looked at monitoring, then we started getting into CDPs, where we’re trying to unify all these different identities across all the different touchpoints of a website. Then we got into marketing automation and CRM. From there, we went into clean rooms, which is a little more advanced, and then started getting into ad activation, data providers, and then service providers that are focused on this space. 

We basically went through, and we were looking for vendors and platforms that had a demonstrated capability around privacy and compliance. They would either sign a BAA or could be configured in a way that you didn’t need to sign a BAA with them because you weren’t sending them any PHI or things like that. 

So, we looked at it—we did look at this definitely from a HIPAA-compliance lens predominantly, but this still applies equally well to any kind of industry or vertical that’s focused on privacy and compliance. We looked for platforms and vendors that are also figuring out how to activate and drive value. Really, the work—what we’re really trying to do is safely advertise and build our businesses and find new patients and all of that. 

Once we had settled on the 12 categories, within each category, we then went out and looked for every vendor we could find that satisfied mostly the compliance needs, because typically they’re in the category because they satisfy the utility of that category. We want to be able to help marketers understand the utility of each category. This is what this category is meant to do. These are the vendors that deliver on that and in ways that maybe some of them do and some of them don’t, or what you have to be careful of if you’re going to use this vendor and configure it in this way. We really provide a clear guide for marketers to be able to know all the vendors that are in this space, their pros and cons when it comes to both compliance and driving performance. 

We give somebody step by step: start here, move here. Along the way, we’re interviewing our own experts, industry experts that we have relationships with, and the vendors themselves. We’re interviewing them as well to get their perspective on what makes them special in the category, where the category’s going, what they’re thinking about, and what their roadmaps are. We just provide as much depth, detail, and color into each as we can. 

The Vendor Evaluation Process 

Aaron Burnett: We wanted to create a rubric for each of the vendors within each category. Here are the must-haves. Here are the things that would be very good to have, but if you did it in this particular way, maybe you don’t have to. Here’s how to evaluate each of these vendors. 

In this initial guide, I know that we tried to remain neutral. In one sense, we captured the top 10 in each category, but we didn’t rank them. We’re going a little deeper in each of the categories, where we’re also being a little more critical and prescriptive. 

Paul Weinstein: Sure. Tell me about that. The way that this whole process started is we’ve already published what we’re calling our foundational guide, which is essentially just a list. It’s got some very high-level—it’s got a high-level description of each category, and then it lists the vendors in each that are eventually going to show up in what we’re calling the ultimate guide for each respective category. 

So, for the Ultimate Guide for Consent Management Platforms, we’re going to go a level deeper into evaluating each of the vendors that we have and provide, like you said, a scoring rubric as to how we think that this one meets this particular criteria versus another criteria. 

It’s mostly focused again on basically the two axes: the compliance—do they sign a BAA? Do they have healthcare clients? Do they already have a demonstrated ability to meet the needs of this particular industry? Then you get into things like maybe some more qualitative aspects of usability, extensibility, service level, those kinds of things. 

We attempt to grade all of the vendors and give our point of view on them in that way. We do have a point of view on each category in terms of things to look out for and things that have tripped us up in the past and that we’ve had to figure out. Hopefully, we’ve got some things in each of these guides.  

Aaron Burnett: I think one of the reasons I was very enthusiastic about this project is that we do have an interesting perspective right now, born of our own experience of going through this process.  

The Performance Paradox: Compliance Improves Results 

The fear that most marketers have, and honestly that we had—we were nervous about—is that when you go into a fully compliant environment, by definition, you’re losing fidelity around the data that was always there from third parties. The easy data. The “Hey, just define an audience in my platform and go get them.” You can’t do that anymore. “Hey, just track your performance. We’ll give you all the information.” You can’t do that anymore because you can’t share and track in the same way. 

The worry was, okay, you lose performance if you lose fidelity around data. But our experience is the opposite. If you collect the right data and you use it in the right way, it forces a discipline through which you have to then concentrate on what’s really important: the moment of delivery of business value as opposed to what third parties provide, which is at least a couple of levels above. It’s an abstraction. It’s away from value. “Okay, you generated a lead.” Okay, this thing happened, but was it really the valuable thing? In healthcare and med tech, usually it’s not. It’s a level or two removed. 

Because we have our own data warehouse, because of some very intelligent things we’ve been able to do as we learned, we’ve found that the performance that we’re driving with the recipe that we have around MarTech is exceptional. It is significantly better than what we drove when we were operating using third-party tracking and targeting. We have a lot that we have learned to share in these guides about how to do this in a way that unlocks performance and doesn’t just make you compliant. 

Paul Weinstein: There was something you said in there where there’s all of a sudden scarcity of data. We’re in some ways feeling like we’re data poor. What that has, at least for us, forced us to do is be creative and maybe think a little bit outside the box, or at least deeper into the organizations that we’re supporting, in terms of we have to go looking for the data that we need. 

In a lot of cases, as you go look for the data, you’re finding better data. You’re finding data that tells you the actual value of that lead that we drove with that campaign, with that creative. We’ve also taken great pains and spent a lot of energy making sure that we are instrumenting our analytics in a way that’s enabling us to tie outcomes to everything from the platforms to the creative to the keyword and all of that. 

Building Your Own Data Infrastructure 

We’re having to, in our own data warehouse, bring in first-party data. We’re bringing in CRM data from Salesforce. We are collecting all the data from the marketing platforms, the ad platforms, and we’re bringing that all together. We’re putting it in our own compliant data warehouse. We’re normalizing it. We’re putting it all together, and then we’re layering on our analytics and BI and visualization, on top of that, and then applying our skills as advertisers to be able to understand, this is working, this is not, more of this, less of that. 

It’s creating phenomenal outcomes for our clients and creating an environment in which we’re being trusted with more data, which gives us higher fidelity and a greater ability to drive better outcomes. With that comes more budgets and more territory, and all of that. It’s coming from the discipline around taking control of the data that we’re collecting, where we’re putting it, how we’re organizing it, who we’re sharing it with, and making sure that we’re sharing it in a compliant way, but also not relying on those third parties to basically tell us what to do. We could figure that out on our own. 

Aaron Burnett: So, the foundational guide is available under the Insights tab on our website. What comes next? 

What’s Next: Guide Releases and Updates 

Paul Weinstein: The next guide that we’re releasing is Consent Management Platforms, and it’ll be coming out very soon. After that is Cloud Infrastructure. We’re hoping to release these ultimate guides—basically all of them—by the end of this year, which is ambitious because these are not small documents. They’re not small guides. But we have done the vast majority of the research already, so we have researched every category. We have researched every vendor and conducted interviews, at least internally, on all the categories. We have interviews yet to go with outside experts as well as with vendors. 

This’ll be a little bit of an organic process in terms of we’ll be updating these guides as we learn more, as we interview more people, as things change, as platforms start to evolve, and perhaps address some of the shortcomings in the approach that we have to take today, which is cobbling all of these together. 

So, there are some very interesting things that are happening right now with some platforms that are piecing it all together. That’ll come out as well as we talk more about each category. There are platforms that do show up in several categories. They are addressing several aspects of the stack all at once. 

Aaron Burnett: Some of them well, some of them not so well. 

Paul Weinstein: Yep. There’s all of that. So, we hope to be sharing our point of view on all of that over the next few months. 

Aaron Burnett: It’s very helpful. Thank you. 

Paul Weinstein: I hope so. 

Aaron Burnett: All right, so people should find this on wheelhousedmg.com under Insights. The Foundational Guide is published. The Consent Management Guide, the Ultimate Guide, will be published shortly, and the other 11 will follow shortly thereafter. 

Paul Weinstein: And if you want to see these as they come out, go to our website and sign up for alerts for when each of them are released. 

Aaron Burnett: That’s great. All right, thanks very much. 

Paul Weinstein: Thanks for having me.