Data Privacy Legislation Isn’t Going Away, Here’s What That Means
2021: Among other things, The Year of Data Privacy
According to Business Insider, 2021 is the year to expect sweeping federal data privacy laws to go into effect.
This may not be true — just scan a few 2020 predictions to disabuse your expectations from anyone’s powers of prescience — but no matter your political stance, it would be a fairly uncontroversial statement to believe that the current administration will be much tougher with data privacy regulations than the previous administration.
So even if “USAGDPR” doesn’t come to be this year, it’s really just a matter of time. Luckily, with CCPA having been in place for over a year now, most large companies should have a handle on their data and consent management practices.
If you sell a product and you’re not a cash-only greasy spoon, then you’re also in the business of data privacy and security, which itself ladders up to customer confidence. That last bit, the thing about customer confidence — that’s the hard part.
In a report called “How consumers see cybersecurity and privacy risks and what to do about it,” PwC learned this about customer trust:
- 69% of consumers believe companies are vulnerable to hacks and cyberattacks.
- 25% of consumers believe most companies handle their sensitive personal data responsibly.
- 10% of consumers feel they have complete control over their personal information.
- 72% of consumers believe businesses — not governments — are best equipped to protect them.
In other words, the topic of data privacy does not inspire confidence.
To make the internet a safer place, businesses, governments, and citizens will need to educate themselves on best practices, easily avoidable hazards, and the fact that vulnerable PII poses a very real danger.
“Transparency is central, but so is a public commitment to ethical data practices, tools, and data governance. As a starting point, businesses, more specifically, the people — data analysts to chief data officers — need tools as a means to analyze the data in their own databases, minimize sprawl, and reduce the risk of breach or misuse. We should be expecting data governance at machine speed.”
Following Ms. Lawler, I must agree that technology got us into this mess, and it’s only with technology’s help that we can ever hope to get out. The problem is just too complex, the amount of data too vast, and the stakes too high.
What happens when you fail to comply with data privacy legislation?
We are not in any way giving legal advice, but there are many hazards that lay ahead of the company that ignores privacy regulations.
Take for example the Subject Rights Requests (SRRs) outlined in CCPA.
SSRs requires companies to respond in a timely, accurate manner to all requests for enabling consumers to opt out and invoke their right to be forgotten by companies that hold their data. CCPA empowers consumers to take legal action against non-compliant organizations. Consumers can easily go after non-compliant organizations via social media to receive a payout for PII mismanagement.
This could create mountains of SSRs. Where does consumer trust go if you can’t honor them?
Further complicating matters is that many organizations still use a manual systems-based approach to manage compliance, which is complex, time-consuming, and offers little insight into their known and unknown data.
If a company doesn’t know what data they have or where it resides or moves, it’s impossible to comply with CCPA, creating a vicious cycle of opportunistic SRRs that can prevent an enterprise from attending to its core activities and bringing business to a halt.
So let’s see how the technology proposes we solve this issue.
How technology can automate data privacy compliance
The threat of drowning in SSRs is just one reason to adopt technology that will automate an accurate and scalable CCPA compliance solution. Brands need to put in place technology that can locate all caches of personal data — structured, unstructured, or not yet inventoried — on a continuous basis.
If a customer leverages their right to be forgotten, and you don’t have the ability to corral all of their data, then it’s safe to say you’re in trouble.
As data privacy worries grow, it is becoming existentially important to any company that they are able to automatically find every single location housing a consumer’s personal data, which will allow your brand to efficiently remove the relevant data across the org.
This is only simple if you don’t pause long enough to stare at the firmament in awe of how much data a large brand actually collects on every human that interacts with it. (Not to say that every brand uses their data well, but that’s a story for the CDP Buyer’s Guide.)
To demonstrate compliance — with CCPA or any legislation that may be on the horizon — you must implement a data mapping process to describe data flow throughout the org. Building the data map without visibility over the network traffic of your org would be a massive challenge. Manually creating a data map difficult; manually maintaining it is impossible. Having this in place will make it infinitely easier to honor SSRs and requests invoking the right to be forgotten.
Stay privy to privacy laws
The growing number and reach of privacy legislation in the US and abroad might seem overwhelming. Rest assured that the current trajectory is moving toward a simpler regulatory environment in which individuals gain more control over their data and the necessary trust between brands and consumers can grow stronger.
With the right flexible data framework in place, you can easily respond to markets, legislation, or other external pressures (like, say, COVID), reducing legal liability and keeping your customer data safe.
One issue that arises when Marketing doesn’t own its own data strategy is that data changes hands too often, sometimes in the form of emailed CSV files with thousands of customers’ data. One way to patch this hole is by giving Marketing control of no-code segmentation tools. To see how one of our clients was able to gain a 300% boost in engagement by just passing segmentation from IT to Marketing, click here to read the report.
Disclaimer: The information provided in this post does not constitute legal advice, is not intended to be a substitute for legal advice, and should not be relied upon as such. You should seek legal advice or other professional advice in relation to various governing laws and data compliance regulation matters you or your organization may have.