Business Strategy| December 14, 2017
Google sued over privacy laws for collecting customer data. You may be next.
Make no mistake. Regulators in DC are gunning for your data. And how your company is collecting in an effort to drive new business. Privacy laws are on the verge of being completely redefined to account for a shift in consumer view on the matter. If you don’t follow the rules, you may join Google to the list of companies being sued for how they collect and use customer data in their day to day business activities.
Whether or not you believe there should be additional regulation on big data because of privacy laws and users concerns, as a marketer you will have to make changes to stay compliant with big data regulations or face costly legal battles.
Big Data regulation impacts how you can legally leverage customer data for digital and traditional marketing purposes. Run astray from existing regulations and risk the consequences.
Regulators are serious about enforcing big data regulatory compliance based on existing privacy laws. Even Google is currently facing legal action in the UK for collecting private data about its users without their consent, in the first mass legal action of its kind in Europe.
All the major regulatory agencies are sticking their fingers in the big data regulation pie. That includes the Securities Exchange Commission (SEC), the Federal Trading Commission (FTC), and various state/local regulators.
Now the FTC has decided to get involved in Big Data privacy issues, stating in a report issued in 2015: “The commission will continue to monitor areas where big data practices could violate those laws and will bring enforcement actions where appropriate.”
What if I told you there are tried and true methods to make sure you can still collect customer data without getting in trouble with the government? Or worse – get sued like Google for collecting customer data from your users.
In this article we’ll give you step by step methods to keep you on the right side of data regulation laws.
Consumers want control over their data – so explain how you collect it and how you’ll use it
Regulators’ mission is to protect consumers, and in the case of big data that becomes all the more critical to regulate ( DC’s view, not necessarily ours). Most consumers are in the dark about the data they are sharing. According to Timothy More at HBR, only 23% of users realize they are sharing their web searches, and even less at 14% realize their web-surfing history is being shared.
Government regulators have concern that customers do not have enough control over their data.
Reclaim your name legislation was proposed by Julie Brill at a privacy conference in Washington, DC. It hones in on the individual’s right to choose what data to be made available to a company. It mentions “I support legislation that would require data brokers to provide notice, access, and correction rights to consumers scaled to the sensitivity and use of the data at issue.
For example, it suggests that data brokers should give consumers the ability to access their information and correct it when it is used for eligibility determinations, and the ability to opt-out of information used for marketing.”
Big data collection in the United States may be going towards the models used in Europe, where websites have to get informed consent regarding cookie usage. The EU Internet Handbook notes
“The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage or for access to information stored on a user’s terminal equipment. In other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.”
The Transparency and accountability in the data broker industry bill was raised by Ed Markey, to regulate how information brokers can work. It points out how cheap it is to buy user’s demographic data and even a full profile. Markey wants to give users greater control over this data.
Regulators are looking for companies to provide data control to their users:
- Make it very clear to customers what data is being collected
- Explain how you will use the customer’s data
- Give options for customers to opt-out of data collection
Here’s what you need to do to ensure you can use the customer data that you’re collecting.
Be transparent about what data you’re collecting to abide by existing privacy laws
You should clearly tell your customers during the signup process what data is being collected about them and why it is being collected. It’s important to be clear in how the collection of the data benefits users in their the user experience. For example, if you use the data to personalize their digital experience with relevant offers and discounts – then explain how the personalized experience will help them find products easier.
Explain how you use customers data and give access to see the data:
Provide your customers with the ability to decide what data is collected about them. Also, consider allowing users the ability for users to see the content collected.
1. Give your customers the ability to opt-out of their data being collected:
You should give users a way to opt-out of data collection on a granular and global level.
This includes building experiences to allow users to opt-out of data collection including opting out of: emails, cookies, browser data, behavior in the application, etc.
Google does a great job by letting users check what information is collected, and let’s adjust it. Google Privacy Control
Amazon lets you adjust what is included in their browsing history and even lets their customers shut off history all together. Amazon User History
You should be sure to provide mechanisms for users to easily see what data is being collected, and opt-out of data collection.
2. Provide an option for users to opt out of cookies
Cookies help you learn more about your users behavior on your site, personalize the user experience, and allow ad targeting. In many ways they are great for your users. However, some users may not consent to being tracked.
Remember in some countries and regions this isn’t optional. According to Cookie Choices, in Europe, laws require that you give visitors to your site and apps information about cookies being used. Even further than that, some regions require consent to be obtained to track users at all.
So, you need to create a clear way for users to opt out of cookies.
As soon as a user comes to your site prompt them to agree to your cookies policy. If they don’t agree you should ensure you are not dropping cookies on their computers.
Check out more detail on how to implement notifications / acceptance to users before collecting cookies here.
3. Invest in securing the data you collect
How is Big Data protected? Data security has been a hot topic in the last few years, due to high profile data leaks at major companies.
If you haven’t yet heard about the Equifax breach, you’re probably hiding under a rock at the moment. According to the FTC, over 140 million Americans sensitive personal information was exposed.
As we all painfully know, Russia has been accused of influencing the US election through disbursement of fake news, and hacking of information from the Democratic National Committee and to a lesser extent other political linked organizations.
In the case of Target, the data leak cost them 39 Million in a lawsuit, not to mention the negative customer sentiment likely costing them far more in lost goodwill.
In the case of Anthem, the data leak happened to almost 80 Million individuals! This incident has cost Anthem over a quarter million dollars. “Yahoo has now won the gold medal and the silver medal for the worst hacks in history,” said Hemu Nigam, CEO of online security consultancy SSP Blue.
What you should do to protect customer data:
- Frequent security audits
- Frequent security training for your employees related to phishing, etc to reduce threat of social engineering
- Increased IT security focus and funding through software monitoring tools/platforms for security. There are a number of open source and corporate tools to ensure security: Aorato, Bit9, Cybderscan, Exabeam, Fortscale, LightCyber, Seculert, and Vectra Network.
Customers want to be able to control the data they let you have. You should give them access to not only view their data, but the ability to opt out of data collection at a granular level or any and all data collection.
There has been consolidation in the data management industry leading to concern by regulators that it could be monopolistic. Companies in the data management industry should be careful to guard themselves from coming under fire by regulators, especially those companies with strong market power.
Data security has become a hot issue for consumers and regulators, as more businesses are found to have leaked data about their users. Continue to invest in data security audits, training, and tools to reduce the chances your business has a security vulnerability.