PreviousDeveloping your Data Privacy and Protection Program
According to the International Association of Privacy Professionals (IAPP), Privacy is defined as “the right to be left alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how personal information is collected and used.”
Become a Certified Privacy Professional today!
By this point, we all would have heard of the General Data Protection Regulation (GDRP) coming out of the EU. Similar regulations have been enforced in different jurisdictions while many others are pending. Regulations such as the CPRA, CPA, PIPEDA, PDPA among others. All of which are extraterritorial regulations which simply means that they are valid across all jurisdictions. There is a common misconception that privacy is an IT or Security issue, which could not be further from the truth. Privacy is an organization-wide issue and Marketing, Sales and Customer Service are all warriors on the front-line. Almost all privacy regulations stipulate some basic rights, all of which affect how we engage with our customers. Some of these rights include:
Right to Consent – Access to process personally identifiable data must be clear and intentionally given.
Right to Data Protection – Personally identifiable data should be protected with adequate and effective security controls.
Right to Access and Rectification– Individuals should be able to, upon request, review all information collected and to correct where applicable.
Right to be Forgotten – All data that has been collected should be permanently deleted upon legal request including archived data.
All four concepts above in addition to others not named here, places the responsibility of data collection, protection and use squarely in the hands of the organization despite how it may have been obtained. With this responsibility comes very large fines for the misuse or inability to adequately protect this critical data. For us Business development practitioners, this creates a bottle-neck of competing interests. No longer can we store or use customer information without clear legal interest that matches the use of data to the purpose for which it was collected.
Data privacy regulations should be viewed as a gift, not a curse. Following proper privacy regulations will lead to us collecting, storing and using less meaningless data as the less data we have, the lower the chances are of violations occurring. This creates a more competitive customer growth strategy as collecting less data means we need to collect more targeted data, and the more targeted the data, the more efficient our data use must become. Even without regulations customers are becoming smarter and more cautious about their data and expect a reasonable explanation for the use of their personal information. However, for most consumers, it’s about how the data is collected and used not necessarily what data attribute is being collected. I don’t necessarily mind the fact that you remind me that my yearly subscription is coming to an end a month or weeks in advance. What I do mind is you sending me an unsolicited email telling me that the shirt I wore to work today would look great with your new pair of designer slippers. Companies that combine data privacy with data use will, in the long-term, benefit from creating value through relevant communication all while increasing consumer trust over time.
Now, imagine meeting with your CEO to explain your customer growth strategy two days before she receives regulatory fines for privacy violations related to a recently concluded email campaign? Can you say no Promotion? Can you say let’s start crafting our resignation letter because we might be out of a job?