Data collection and privacy are two integral parts of modern business operations. However, with ever-evolving regulatory scrutiny, businesses need to toe the fine line between using data for their benefit and misusing it, risking hefty fines, customer mistrust and negative business outcomes. According to Joe Jones, director of research and insights at the International Association of Privacy Professionals (IAPP), Piecing together the alphabet soup of proliferating regulations and translating it into clear and consistent requirements is a top priority and challenge for organizations.
Enterprises depend heavily on data to analyze consumer behavior, identify market trends, and deliver customized advertising. In addition, data helps them quickly and efficiently understand their target market and inform strategic decision-making. However, the use of new technologies and the risks associated with them have led to sharper regulatory scrutiny.
The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are some of the regulations that businesses need to comply with. Approximately 25 states and Puerto Rico have also introduced or are considering around 140 consumer privacy bills this year. Heather Dunn Navarro, associate general counsel for product and privacy at digital analytics company Amplitude, explains that this patchwork of laws creates a web of compliance for companies functioning in a global manner in collecting data, and going forward, regulations are inevitable.
One way companies can navigate privacy regulations is to benchmark their programs against the strictest regulations. GDPR is currently the best bet for companies to follow. While this might over-limit what they can collect, companies can start with that base and gain an understanding of where they can flex and adjust as needed.
According to Dunn Navarro, every organization should have a dedicated team — whether internal or external — that helps them stay abreast of these emerging and evolving regulations and the changing legal landscape. This dedicated team helps inform their understanding of customer rights in all regions where companies are doing business.
Building a privacy first culture should be the focus of every organization going forward, stresses Dunn Navarro. Organizations need to invest in privacy and security and have strong operations that allow them to adjust to changes as they arise. Employees should be trained so that they are aware of their role in data privacy and mindful of privacy laws and risks. Organizations should always respond to consumer requests and inquiries around data collection and use.
According to Jones, Privacy is not dead, it is alive and kicking. Organizations are increasingly using privacy performance metrics, third-party audit, and accountability tools and privacy-enhancing technologies to better manage their privacy practices.
Moreover, consumers are becoming increasingly aware (and wary) of organizations collecting and using their data, and the majority simply do not like being tracked. In a KPMG report on consumer sentiment, 86% of respondents said data privacy is a growing concern. The IAPP’s Privacy and Consumer Trust Report found that 64% of consumers indicated that companies that provide clear information about their privacy policies enhance their trust.
While data is critical to running a modern business, it is essential to comply with data privacy laws and regulations and build a privacy first culture to keep customer trust and avoid hefty fines.
