The Feds and the States Are Embracing Privacy Law -- What That Means to Your Business
The point is to put consumers in the driver's seat by clearly outlining data protection practices and reaffirming your company's commitment to data protection.
A modern-day battle is under way as lawmakers try to block companies' efforts to get closer with the consumers of their products and services. And the focus of that battle is online personalization.
This is the practice of targeting an advertisement to consumers’ interests, platforms and online activities, with the hope they’ll be more likely to follow through with a company's call to action (e.g., visiting its website, signing up for a service or purchasing a product).
Regardless of whether online personalization is referred to as "precision marketing" or merely recognized as good business sense, its value cannot be debated -- particularly for small and medium-size businesses. Personalization reduces advertising spend by helping businesses focus their costs on reaching the audiences they intend, and delivering the tailored messages consumers have come to expect.
This is an important effort that can serve as an equalizer for smaller entrepreneurs who lack the marketing budgets of their larger competitors.
Despite this competitive edge online personalization enables, its efficacy as a marketing tool could soon be at risk. Privacy laws are being introduced at both the federal and local government levels, challenging how U.S. companies access customer data -- and ultimately, how they conduct business.
Specifically, the federal government is considering writing its own set of sweeping privacy standards -- including the ability to retract and delete information companies need to deliver targeted business advertising. Given the importance of such a law, it follows that data-reliant companies like Google are weighing in on what these rules should look like.
At the same time, states like California, Colorado, Illinois and Vermont have already enacted regulations that grant constituents control over their data, or at the very least, specify punishments for companies that don’t honor consumer privacy.
The work of these governments has created templates for other blue and purple states to create their own privacy policies, a trend some predict will be widespread sooner than later. In navigating this state-specific data policy minefield, organizations will find it impossible to customize their data privacy compliance to 50 different markets (assuming a federal law doesn’t pass first).
Instead, they will need to continuously identify the strictest regulation and comply with it, to ensure they can operate in the more stringent states. Bottom line: The way companies use data to bolster their business is changing -- and fast.
What the future looks like
Having limited or no access to customer data may seem like an insurmountable business challenge. Data is, after all, at the cornerstone of today’s most successful companies. From Stitch Fix to Netflix, organizations are using personal data about your clothing style or favorite TV genres to optimize their offerings. At the same time, we as customers are accustomed to businesses using our data to learn our preferences, and tailoring their offerings accordingly.
With Amazon Prime, for instance, Amazon.com has a clear record of what members like to buy, when they're most likely to make a purchase and how much they're willing to spend; and that data goes into offering people the right deals at the right time, and, in the process, bolstering brand affinity.
Given the importance of data, businesses will look for ways to fight or game data privacy regulations to avoid their inherent costs. Beyond the investments associated with compliance, including software solutions that gather and document customer privacy preferences, increased advertising spend will also occur.
Another change: Without access to data (and personalized marketing tactics), the marketing scales will tip back in favor of the industry giants that can afford the costs attached to broad-sweeping, online advertising tactics -- effectively reducing the share of voice for smaller players.
What businesses should do
Nonetheless, if you own a small business, don’t run away from data privacy law; lean into it. Reassess your business strategy, and invest in the most effective corporate tool of all: trust.
Online ads and promotions may generate temporary awareness and consideration, but trust is essential to enabling long-term, successful business relationships. Despite the fact that consumers’ trust in how organizations handle their data is remarkably low, according to a Pulse survey, their desire for businesses to protect their information and use it judiciously has arguably never been greater, according to a survey by my business, ForgeRock.
In addition, internet access is practically ubiquitous, so the stakes of a data breach or misuse are now significant enough that customers tend to patronize companies they believe will protect their information. As a result, trust is key to building brand loyalty.
As such, for companies that honor the tenets of the data privacy laws to come, putting the trust of existing and prospective customers first, will ultimately win out. So, how exactly can companies build trust and anticipate compliance with privacy legislation?
1. Enable transparency.
An overarching theme to the laws that are being discussed (or are already in place) is transparency, a desire from the public to understand how their data is being used, and with whom it will be shared.
Traditionally, companies have kept this type of information close to the vest, but there’s actually a benefit to (at least partially) sharing how consumer information will be used and how it will benefit the customer. The point is to put consumers in the driver's seat by clearly outlining data protection practices, establishing simple processes for customers to remove themselves from opt-in lists and reaffirming on your website your company’s commitment to data protection.
Even if you're not yet technically required to do so, you should ensure transparency about how your company acquires, uses and protects customers' information. That move will earn you their trust.
Related: Report: Uber to Pay $20,000 Fine and Update Privacy Policies
2. Prioritize proactivity.
Keeping customer data safe isn’t just good practice, it’s fiscally prudent. Integral to data privacy legislation is making sure that consumers are empowered to seek financial retribution from any organizations that fail to keep their data safe (already, U.S. companies are shelling out more for data breaches than businesses in any other country).
To head off such legal action against your company, take charge before catastrophe strikes. Once a breach occurs, your corporate reputation and trust will have already been eroded. Investing in a data privacy platform allows companies to ensure that classified information is shared with only those authorized to access it, preventing any form of data misuse.
I assure my company's privacy platform by meeting with partners and customers to understand their security pain points, and then working closely with our engineering and solutions teams to tailor our product to their evolving needs. With customers, a reoccurring theme is the need for data protection tools to be scalable, and available across all traditional and mobile platforms. As such, we’ve taken an omnichannel approach to our solution, helping clients identify and mitigate potential privacy risks, no matter what the context.
The British Broadcasting Corporation (BBC), for instance, turned to us when it needed a security platform that would accommodate the proliferation of devices (mobile, tablet, web) on which its services had become available. Toyota Motor Corporation in Europe also used us to protect its increasingly "smart" vehicles from remote takeovers and other IoT security attacks by authenticating and securing the identity of both vehicle and the driver. Both companies first identified their challenges, then adopted a solution tailored to those obstacles.
3. Publicize your progress.
As data privacy laws become pervasive, there’ll be a keen eye on which companies achieve compliance by the required deadlines, and which do not. Businesses that fail to do so may face fines (even service blackouts). Those that achieve compliancy will have an opportunity to communicate their commitment to data privacy, driving customer satisfaction and trust.
Too often, data security is nothing more than a checkbox on a corporate to-do list. But with the slew of recent data breaches and misuses stirring a sea change in how customers prioritize protecting their information, the new legislation offers a chance for businesses to reaffirm their commitment to privacy through social media and press outreach.
To date, privacy protection has been mainly seen as a nice-to-have. But with unprecedented legal scrutiny placed upon how businesses access and leverage data, they must not only comply with the letter of the law, but the spirit of it. If organizations embrace a proactive, “privacy first” approach, they’ll be prepared to weather the shifting landscape of data privacy legislation -- and generate trust, brand equity and long-term success.
Ben Goodman is vice president of global strategy and innovation at Forgerock, where he is helping to build the company's innovation agenda and product direction, and to develop technology partnerships. Prior to ForgeRock, Goodman led technology evangelism for VMware's End-User Computing business unit, where he contributed to the creation of VMware Workspace One. He also worked at Novell, helping to build Novell's Identity Management platform.