As cyberspace expands, the government is tightening regulations relating to security designed to protect people’s privacy. Last August, the GDPR went into effect in the European Union, designed to give consumers greater protection over their data by requiring companies to get explicit consent to obtain personal information.
More recently, some U.S. states have followed suit, with the California Consumer Privacy Act (CCPA) slated to take effect in January 2020. This is the most ambitious privacy law enacted by any state in the U.S.—and companies must adjust and prepare for changes like these.
“Data privacy is important, but there is a cost to business progress and personalized customer experience that must be taken into account,” said Sky Cassidy, CEO of data intelligence firm MountainTop Data, in a news release.
The CCPA is set to change a few major elements of the data collection process:
- Ownership—It grants consumers ownership of their data by allowing them to choose to share it with companies
- Control—It gives consumers control over the personal information that is collected about them
- Security—It makes companies responsible for the protection of consumer data
Many believe that this legislation on privacy and security at the state level will eventually raise the penalties for harms caused by privacy or security failures for many companies nationwide.
It’s not only government agencies cracking down—consumers themselves are more reluctant to share their personal information
Results of a 1,000-person survey by the Advertising Research Foundation (ARF) found that U.S. consumers are less likely in 2019 to share personal information than they were a year ago. According to the ARF, the number of people willing to share their home address fell from 41 percent to 31 percent from 2018 to 2019. Those willing to share the name of their spouse fell from 41 percent to 33 percent. Meanwhile, only 54 percent said they were willing to share their email address—down from 61 percent last year. Another report found that 31 percent of Americans are unwilling to give out personal information under any circumstances.
Increased security laws coupled with consumer reluctance to share personal information makes the job of the marketer that much more difficult
Cassidy urges for balanced data regulations now and in the future. “As B2B companies develop more consumer-preference marketing styles, where they target people based on their personal preferences as much as their job description and company details, these regulations will become more of a barrier,” said Cassidy.
With these regulations slated to take effect in a few months, companies should use this time to review the new rules and make sure their current databases are compliant. Cassidy suggests first determining if the regulation even applies to your business, then using the following as a guideline:
- Assign a person or team to oversee complying with the regulation.
- Update your privacy notices and policies.
- Audit the data you have to make sure it is compliant.
- Update the way to collect and store data for compliance.
- Review your data security to prevent breaches.
- Create processes for data access and deletion.
Time will tell if other states follow suit with regulations that mirror California. For now, companies and consumers should work together to balance the give-and-take of personal information for targeted marketing.