Did you know antibiotics don’t work on viruses? I bet you also know, as most people on the tech grid do, that technology giants such as Google and Facebook know a lot about you and most people around the world. They have information or data on where people are in the world, what they search for and share, what they buy and how they buy them.
Multi-million dollar businesses are built on data collected through various means. Data privacy back when organizations stored data in locked filing-cabinets was fairly less complicated. But today, in the digital environment, high-profile scandals such as that of Cambridge Analytica have sadly become a reality. Deliberate data breaches have been repeatedly exposed, resulting not only in data loss, but damaged reputations too.
A survey conducted by AnchorFree, a Silicon Valley company that provides a virtual private network for secure web browsing, reports that nearly 95% of Americans are concerned about various businesses collecting and selling personal data without permission. What does this mean? Organizations are waking up to the fact that consumers have woken up to the reality of their data being sold off without their knowledge. Consumers are conscious about their privacy when they visit websites, download mobile apps, or purchase a product or service online. They wonder if the tradeoffs are worthy enough to share their personal data online.
Having a “culture of privacy” instilled in your employees and business partners will ensure due respect given to consumer data and privacy. The most effective way to begin is to first understand what privacy means.
What is Data Privacy?
For the uninitiated, data privacy is the way a piece of information or data is collected and handled. People are more connected and share more information online than before. They also interact on social media to share their preferences and views. A world without Netflix, Facebook, or Alexa is not something many will choose to live in, having gotten so used to the technology-enabled way of life. Yet, it is hard to tell if people realize that this constant dependence on technology is slowly eating away their privacy. Given the modern world’s reliance on technology, the question really is – is data privacy even possible?
Data Privacy = Data Security?
It is a common misconception that keeping data secure, or from being compromised, is being compliant with data privacy regulations. Data privacy and data security, though used interchangeably very often, are actually quite different.
Data security protects data from being hacked by attackers. It is a practice or process that protects data from being accessed by unauthorized parties. Whereas, data privacy governs how data is collected, used, and distributed.
Consider a situation where your group or company possesses a large amount of customer, user or buyer data. You (or rather, your IT data governance cell) have enforced all the necessary efforts to encrypt them, restrict access, and put multiple overlapping monitoring systems in place. However, what if no proper consent was taken before collecting this data? Regardless of the data being secure, this could be a clear case of violation of a data privacy regulation.
Data Privacy Acts and Laws
Fortunately, the importance of having data privacy regulations has come to the fore, with companies required to clearly demonstrate how they protect their consumers’ personal data.
Here’s a peek into the recent data privacy regulations across the globe that organizations need to comply with:
General Data Protection Regulation (GDPR): Have clients in the EU? It is mandatory to be GDPR-compliant to do business in the European Union. Agreed upon in May 2018 by the European Parliament and Council, the GDPR was designed to protect EU citizens’ personal data. Some of the features of GDPR include, but not restricted to:
- Explicit opt-in consent
- The right to request their data
- The right to delete their data
- Anonymizing collected data to protect privacy
- Providing data breach notifications
- Safely handling the transfer of data across borders
California Consumer Privacy Act (CCPA): Most organizations have business partners in the US of A, particularly in California. Being CCPA compliant is a mandate to do business in the state. The California Consumer Privacy Act has come into effect from January 1, 2020. Businesses having operations in the state of California need to, for instance:
- Disclose to consumers, categories and specific pieces of personal information the business collects
- Delete any personal information, upon request from the consumer, which the business has collected from the consumer
- Disclose to consumers the sources from which the personal information is collected, the business or commercial purpose for collecting or selling the personal information
- Provide the right to direct a business not to sell the consumer’s personal information, known as the right to opt-out.
Personal Data Protection Bill 2019: The Personal Data Protection Bill 2018 submitted by the Srikrishna Committee provides clauses related to the processing of personal data, setting up an independent regulatory body for enforcing the data protection laws and penalizing organizations for violating the law. The bill was cleared by the Union Cabinet of India on December 4, 2019. Clause 4, among others, prohibits processing of personal data without any specific, and lawful purpose.
How To Implement Data Privacy?
There are a lot of people and businesses who thrive on using data, with marketers having the maximum opportunity to profit from it. The very nature of building marketing solutions involves identifying target groups (or paying to get information or databases), and running tests to ensure maximum return on investment. For a product/service to succeed, organizations collect user information, analyze, and employ them as part of algorithms that customize ads to target their consumers.
1. Limit the information you collect from users
Collect information that is absolutely needed, and not just for the sake of building your database. You’d end up spending more bandwidth protecting any “extra” information collected from the users, anyway.
2.Check for GDPR, CCPA, and other privacy laws
Ensure you are compliant with the laws of the land where you do business. If your clients or users belong to another country, ensure you are compliant with the laws of that specific country too. Put up disclaimers or footnotes about your GDPR or CCPA compliance. This way, the users of your website are assured that their data will not be misused.
4. Train employees regarding data privacy
Data privacy could well be the path to building strong relationships with consumers that are based on trust. Now the question is, what is your organization doing to demonstrate its priority towards protecting consumer data and its compliance with data privacy laws?