[The following is adapted from Crawl, Walk, Run: Advancing Analytics Maturity Google Platform.]
Not long ago, the area of consumer privacy looked more like the Wild West than a space of law and order. Companies had few restrictions when it came to using customer data, but those circumstances have changed.
In today’s world of tightening regulations, you have to be extremely careful with your customer data or face the financial consequences. It’s not a bad thing—the purpose and eventual payoff of customer data governance is to create trust with customers while deriving value from the data they entrust to your organization.
But if you’re unaware of what those laws entail, it can be easy to break the rules. Here’s what you need to know to protect your company and your customers as you handle their personal data.
The Rise of Privacy Regulations
In recent years, we have seen an increase in privacy regulations due to certain companies abusing the rights of customers and doing whatever they wanted with customer data. With the passage of the General Data Protection Regulation (GDPR) in the European Union in 2016, the regulatory environment entered a new, more intense, and more difficult era for marketers.
In terms of actual numbers, the maximum fine that can be levied against an organization for misuse of customer data is 4 percent of their gross revenue. That means a company with $1.25 billion in revenue could be fined as much as $50 million—not something any organization can shrug off.
California passed similar privacy regulations in 2019 with the California Consumer Privacy Act (CCPA), which went into effect in January 2020 (with enforcement beginning in July 2020). Like the GDPR, the CCPA was driven by a desire to protect consumers.
With CCPA, there are two tiers of fines: $2,500 per violation for an unintentional violation and $7,500 per violation for an intentional violation. As you might imagine, this can add up quickly.
As of 2020, at least 20 states in the US have either passed or have introduced consumer privacy regulations, and this number continues to grow.
What’s Expected of Companies with Regard to Customer Data
Breaking these new regulations means stiff financial penalties, so how can you stay in compliance? The essence of these regulations is that companies must inform customers about what will be done with their data. That’s why when you visit many websites these days, you get a popup banner that says something like, “We use cookies. Are you okay with us collecting your information? Please, refer to our privacy policy.”
California adds a new twist in which customers must be able to opt out of companies selling their data. Furthermore, companies can’t penalize a customer for opting out. The real challenge of the California regulation comes into play when a customer makes a request concerning their data that a company possesses.
If a customer contacts a company, providing their email, phone number, or other information, within 45 days of receiving that information, the company must reconnect with the customer and inform them of what categories of data they’ve captured and what precisely has been done with it.
Is Your Company Prepared to Comply with Regulations?
Creating a paper trail of exactly where a customer’s data has gone and what has been done with it is easier said than done. After all, tracking the flow of an individual’s information through tags and pixels becomes extremely difficult as that information flows throughout an organization’s many data systems.
To comply, you need a clear understanding of the customer data being held throughout your organization, and then you must be able to retrieve that data and provide it to the customer—in plain language, not in some cryptic form. Consider the consumer data you have collected and ask yourself:
- Do you actually know where all of this data is located in your organization?
- Do you know what categories each piece of data falls into?
- Can you provide that data back to customers in an efficient manner?
- Finally, can you then delete that data if a customer requests it? Is your company prepared to follow the rules?
If your answer to any of these questions is “no” or “I’m not sure,” you have work to do to meet regulatory demands.
Plan for the Future of Data Regulations
Even if your company doesn’t currently operate in California or the European Union, you should plan for the future. The rise of privacy regulations means that, no matter where you do business, similar regulations are bound to impact you sooner or later.
For this reason, you need to immediately start creating a customer data governance strategy to get your data under control. Make sure that your systems track where customer data goes, who has access to it, and when it’s sold.
Given the privacy restrictions in place, competitive advantage is not just realized by who can best analyze and act around their data but by those who can collect the most in a compliant manner. Gain compliance and avoid the fines that many of your competitors are paying, and you’ll be positioned to thrive in the privacy-minded future.
Michael Loban is the Chief Growth Officer at InfoTrust. He’s an adjunct instructor at the University of Cincinnati and Xavier University, and is also a presenter and author, with work published in Forbes, AdWeek, and CIO Magazine.
For more advice on digital transformations, you can find Crawl, Walk, Run on Amazon.