Data privacy is on digital analyst’s minds these days. With the many privacy laws and changes to tracking consumer data, there’s a lot of literature to understand and a lot of changes to navigate through. In the DAA Digital Backyard Series “ What Your Boss Thinks You Already Know About Data Privacy”, 3 experts shared key information for every analyst to keep pace with the changes to legislation on customer data collection Here are my top key takeaways from each expert.
Ian ONeil is an expert in privacy law and he shared key privacy laws that are currently impacting the digital landscape. The key laws that I noted from his sessions were as follows:
- The Health Insurance Portability and Accountability Act HIPPA
- The definition of PHI is really broad so if your client or your advertiser that your working for is a covered entity, any PII that you receive from a covered entity
- We can do lots of things from PHI on behalf of code entity “Business associate” where you do things on data based on their behalf. But you cannot use PHI for marketing or in an insecure way.
- Telephone Consumer Protection Act TCPA
- Covers any that includes texts/SMS, IVR call, and human calls if an autodialer is used.
- HIPPA rules still apply. For eg., it’s ok to send an SMS message informing the patient that “Your prescription is ready” but it’s not ok to send a message referring to the patient’s specific condition.
- Children’s Online Privacy Protection Act COPPA
- This applies if we are collecting PII from a child under the age of 13, you have to have a verifiable way to allow parents to allow consent before collection of PII data.
- We can be held responsible if we design our sites and/or platforms for children to use them. An example of this is using a site with excessive cartoon graphics or mentioning that the site is “For Kidz”.
- Safe Harbour certification is an option to safely collect children’s data but this can be costly and subject us to additional audits on an ongoing basis.
- California Consumer Privacy Act CCPA
- It’s important for every company to know how to comply with CCPA. If we receive any of the following requests from users we are required to act on them within 45 days.
It’s also important for our vendors/subcontractors to comply with these requests as well
- Delete all their data
- Provide them with access to all their data
- Cease sale of their data
- An EU rule that applies to companies doing business within the EU whether it’s soliciting or conducting business with residents of the EU and collecting their PII.
- Similar to CCPA, GDPR requires companies to comply with requests from EU residents about their data and are required to respond within 30 days.
Both CCPA and GDPR laws are concerned with the users' residence. For example, if your site is based in Massachusetts you are still bound by CCPA for any California resident that visits your site.
Judah Phipps, an expert in AI and data privacy, shared the importance of using privacy-compliant methods and tools to address the privacy for data being used early on in the AI systems. As a digital analyst, Judah shared the following key areas a digital analyst can focus on to ensure that privacy is preserved when ingesting data into an AI algorithm and after the analysis.
- Internal: Make privacy a priority by considering how privacy plays a factor in your role, whether it’s your client sharing data or the data captured in our analytics architecture. Also, educate our stakeholders and our customers on the best practices.
- Operational: Ensure data encryption is used so that user PII data remains secure. Apply privacy focus data hygiene and use compliant data sets. Using publicly available data is an example Judah shared to enhance existing data. Ensure there’s a game plan in place to deal with cases where we will find PII data.
- Algorithmically: Use differential privacy, homomorphic encryption, and explainable AI.
Jodi Daniel, the expert in cookie-less alternatives, shared what it would take for us to move forward in the new privacy changes to the digital landscape and what it takes to be marketing responsibly.
Some key consumer data that Jodi pointed out below highlights the reason why companies are losing consumer trust:
- About 39% of consumers are using ad blockers and are likely to walk away from companies that require them to provide PII data to conduct business with them. Consumers want to see data security/privacy be a core part of the company and does not consent to 3rd party sales of their data.
- 79% are concerned about how the data collected from them, how much personal information is collected and how it’s being used.
Understanding consumers' concern about the use of their data, to be marketing responsibly, organizations need to think about sending messages to customers that resonate with them, connects with them, and makes sense to them. To do so it’s important to use privacy as a key feature of a product and service and to explain clearly to consumers the benefits of providing data by thinking about some of the objections consumers have to opt-in or provide data. She also mentioned the ways to move away from using cookies to identifiers but highlighted the importance of ensuring that we are not using the information from the identifiers that would not seem intrusive or would go against what customers can expect from your brand/business.
Overall the brands should focus on building trust and can do so through privacy notices and creating a privacy framework for their digital marketing efforts. Privacy notices create a communication vehicle where the more you explain how you will use consumer data the more information consumers are willing to provide. Privacy framework can help you ensure that it is compliant with every stage of the marketing efforts.
The growing legislation to protect customer data can be a lot to keep in mind. All in all, all the 3 experts mentioned and agreed that organizations need to ensure data privacy is part of the corporate values, that consumer privacy is preserved in every step of the organization’s processes and the need to build consumer trust is important in the value exchange of personal information.
I’d love to hear thoughts on data privacy from the DAA community. How are data privacy changes impacting your role and what other factors you think are important for digital analysts to understand?
#dataprivacy #privacy #datasecurity #CCPA #analytics