As a new generation of privacy laws and regulations aims to hold all parties liable for poor practices and damages, brands have uncompromising responsibilities pertaining to data transparency, accuracy, minimization and privacy control.
Privacy and security are separate but interdependent aspects of data protection. No matter how secure a company’s data systems and procedures, if it uses data in a questionable manner, it will fail to satisfy the privacy standards demanded by consumers and lawmakers alike. Conversely, a company must build its privacy strategy on a robust security program to be successful.
In the wake of shifting paradigms and increasing scrutiny, aligning business practices and technologies to higher standards of care is a brand imperative.
Privacy in a Post-GDPR World
Signed into being in 2016, the General Data Protection Regulation (GDPR), and other GDPR-style laws like the California Consumer Privacy Act (CCPA) scheduled to be enacted at the start of 2020, grants individuals increased rights to know how their data is processed, to gain access to that data, and (under certain circumstances) to request that their personal data be “forgotten.” These laws also grant regulators with additional powers to enforce compliance with individuals’ rights requests.
As regulators continue to face what they believe are real and existential threats to privacy, the debate around ethical data practices will only escalate. Modern organizations must align business practices with GDPR principles to lay the foundation for responsible data management.
Taking a Proactive Approach to Privacy and Security
For ethical businesses with hopes of building or maintaining consumer trust, prioritizing privacy is the right thing to do. But privacy is also good for the bottom line, as it now offers a significant competitive advantage. Proactively taking action towards protecting consumer privacy can help businesses stand out in a crowded global marketplace. And failing to act — or worse, acting dishonestly — can ruin a brand’s reputation and potentially lead to severe financial and legal ramifications.
Proactive approaches to privacy include evaluations and principles such as:
Privacy Impact Assessments (PIA)
Data — and new ways of using it — is being generated at a rapid pace. The organizations collecting this data must audit their own processes via PIAs to determine how they could affect or compromise the privacy of the individuals to whom the information belongs. PIAs help to ensure legal compliance, assess risk and evaluate ways to mitigate risk. While PIAs have long been a best practice recommended by privacy advocates, GDPR is the first global legislation to explicitly introduce it into a legal framework.
Privacy by Design
Privacy shouldn’t be about checking a box to ensure that an organization is in compliance. Privacy concerns should be infused within every layer of the company — this is privacy by design (or default). Instill privacy considerations into all product innovation, business and partnership decisions. Mindfully integrating privacy as a core part of the organizational culture requires regular training, awareness, and active involvement from security and privacy personnel in data management, as well as every member of the company treating customers’ personally identifiable information as their own.
Additionally, if the Cambridge Analytica scandal has taught us anything, it’s that marketers must seek out the most trustworthy partners, those who can keep personal data secure and honor privacy promises — without reducing mission-critical functionality or performance.
Privacy and Security Are Everyone’s Concerns
Consumers shouldn’t have to give up their right to privacy to experience the benefits of particular products or services. Not only is the notion outdated, but it’s also unethical.
As an industry, we must come to a place where both the government sector and the tech industry join forces to offer consumers enjoyable, personalized experiences, without compromising their identity.
Maintaining compliance with state mandates like CCPA and country-specific laws like GDPR is unmanageable for most organizations. Instead, employing a foundational approach to privacy that starts at the top and trickles down throughout every level of the business is the best way to not only avoid legal consequences but to win the trust of customers by keeping their personal data safe.
Privacy and security are the new market differentiators. Brands that meet their business goals while also maintaining their privacy-compliance objectives will succeed. Those that cannot will be forced out of the market.