Data privacy is no longer exclusive to the IT and cybersecurity professionals. We now live in a privacy-first world with far reaching implications across all facets of business, especially for marketing.
If you have been delaying the inevitable in learning the latest in data privacy, this post is for you. We’ll address what’s driven the rise of privacy legislation globally and how you can ensure your company is up to date with consumer’s privacy expectations.
The rise of privacy legislations
Governments around the world are introducing new legislation in response to the increasing number of data breaches. These breaches are fueled by the masses giving up large amounts of personal data in exchange for something of value, such as a piece of content, like an eBook.
The issue is that the companies collecting this data have been playing fast and loose with little encryption and enabling widespread access. This has put individuals’ personal information in an incredibly vulnerable position and susceptible to misuse.
The introduction of laws such as the CCPA in California, the Nevada State Privacy Law, and new legislation such as the MPDPA in Michigan is a response to this growing issue. While these laws may not completely stop data breaches from occurring, their main purpose is to deter companies from over-collecting data by fining them when they are non-compliant. These laws give users the right to control their data, including the right to be forgotten and the right to data portability.
Getting started on your compliance journey
Privacy policy
Start with your company’s privacy policy. Ensure it is complete, thorough, and contains all the information it needs to, including a contact address. The privacy policy should include a cookie and your state’s or province’s privacy legislation’s statement, both of which should include how you store data, and access data as a baseline. Lastly, have the privacy policy vetted by a lawyer who specializes in privacy law.
Once the privacy policy has been finalized, that’s all there’s to it, right?
Sorry, to burst your bubble. The privacy policy should be reviewed regularly to ensure it is up to date with current legislations as well as your business’ practices. And more importantly, it is critical to ensure the the elements listed in the privacy policy are being exercised.
Collecting data
Review what data is being collected. Consider all the forms. All forms should be HTTPS and SSL encrypted.
Are you over-collecting data? Are you using progressive profiling? These are important questions to be reviewed regularly and practices updated in accordance to your findings.
Internal policies
Review policy documents internally. Everything from your IT security policy to retention policy, backup policy. Again, engage with legal and your compliance team to ensure the policies are up to par with current legislation as well as your business. Legal will give you their interpretation of legislation, and will inform you on what privacy and security decisions they are willing to defend.
Moving forward in a privacy-first world
If all else fails, (hopefully it doesn’t though), keep these three guidelines top of mind:
- Be responsible with the data collected
- Have a purpose for collecting the data in the first place
- Ensure there is value provided in exchange for the data
Data privacy is a constantly evolving field. Now that you’re all caught up, don’t fall behind again. To ensure this doesn’t happen, tune into our latest webinar Privacy vs personalization: striking the perfect balance with world-renowned privacy expert Chris Arrendale.
The post Your guide to data privacy appeared first on Demand Spring.
