Data Privacy Day – 3 Data Privacy Facts

Data Privacy Day is here! Why is this day so exciting?  Companies are finally realizing the power of privacy can have several benefits including the following:

  • Building brand trust
  • Driving a positive ROI
  • Staying ahead of the global privacy trend.

Because of these key factors, companies large and small are making privacy a major focus in 2020. Companies are implementing new policies, procedures, and technologies to ensure compliance and to stay competitive in this global market.

Here are 3 points on why everyone should celebrate Data Privacy Day:

Privacy Drives Transparency and Increases Brand Loyalty:

Consumers are now realizing the true power of having their data collected by companies across the globe. Wise consumers are now deciding to interact with brands that offer transparency when it comes to customer data. And the ones that offer exceptional experiences by leveraging that same information.

A recent Salesforce report found here suggests that 76% of consumers expect companies to understand their needs and provide a custom experience. That only happens when consumers are willing to share their data with these companies. In fact, according to the same report, 92% of consumers are more likely to trust these companies when they are transparent about the purpose of capturing data.

In short, the companies that are transparent about capturing data will reap the benefit of brand trust if they use that data responsibility and offer a personalized experience.

Data Privacy Drives ROI:

Some companies fall into the trap that privacy is only a cost center. These same companies see new regulations as just another hoop to jump through instead of an opportunity to improve systems, increase customer satisfaction and in turn increase ROI.

Cisco recently published a new data privacy report focusing on hard ROI numbers which can be found here. What is really interesting about this report is for the first time it puts a hard ROI number around privacy accountability. The reporting found on average companies will realize a $2.70 in brand benefit for every $1 spent on privacy and that numbers goes up for larger organizations. The benefits can be found in top-line revenue, increase brand trust, a reduction in data breaches and a reduction in sales cycles just to name a few areas.

Again, this report highlights a real ROI based on thousands of responses when companies make privacy a priority in their organization.

Data Privacy is Growing Across the Globe:

For years the web has been a bit of the wild west in terms of companies collect data consumers and then buying and selling that data everywhere. Now across the globe legal bodies trying to develop laws that encourage business but protect consumer rights.

As you can see in the map below from the World Federation of Advertising new regulations are being rolled out in every part of the world. That means companies can not simply hide and operate in a business as usual mentality. They are all now required to ensure the policy standards meet these global regulations. 

The key takeaway here is no matter what industry you are in or where you are located having strong privacy accountable is the wave of the future and the time to get right is now.

Source: https://wfanet.org/knowledge/item/2020/01/14/WFA-Global-Privacy-Map

In summary, celebrating privacy is important, because it will shape how business gets done in the future and is a reflection on our society. We all need to embrace privacy and trust and next year we will have a bigger celebration!

Resources:

Salesforce State of the Consumer Report: https://www.salesforce.com/blog/2019/04/customer-loyalty-data-privacy-trust.html

Cisco Privacy Report: https://www.cisco.com/c/dam/en/us/products/collateral/security/2020-data-privacy-cybersecurity-series-jan-2020.pdf

World Federation of Advertisers:

https://wfanet.org/knowledge/item/2020/01/14/WFA-Global-Privacy-Map

RIVN:

www.rivn.com

3 Initial Insights on CCPA

The latest high profile consumer privacy regulation called the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. As a result, social media and various publications have been buzzing about the new regulation including users’ experiences.

As background CCPA is trying to give consumers more control over their data including how companies can manage it including selling data. That includes allowing consumers to request access or deletion of their data from companies. Along with expressing if they would like companies to not sell their data.

Under the new law companies that need to meet CCPA regulations include the following: (1) generate $25 million in revenue, (2) have more than 50,000 consumer records in your database, or (3) derive more than 50% of your revenue from selling consumers’ personal info.

After reading these insights I believe everyone can agree the CCPA has empowered the people to take control of how companies capture, store and manage their data.

 

So, here are 3 initial insights after one full week of CCPA:

 

CCPA Is Huge On Social Media

CCPA is having a larger social impact than anticipated. While many companies seem to be prepared for CCPA, it does seem like a lot of companies are either not prepared or are taking that stance of none compliance. The most surprising impact of CCPA has been the groundswell of regular people fully documenting their experiences with various brands in regards to CCPA. 

California citizens on their own are creating repositories to make it easy for others to submit data access & deletion requests such as this one here

Also, individuals are documenting how huge companies such as Facebook or OpenTable are simply denying consumer requests for access or deletion of their data. for now, as seen below.

Here is an example of OpenTable denying a do not sell request from one of the co-authors of CCPA Mary Stone Ross also on Twitter @MarySRoss18:

Here is an example of a Twitter user @ampersand_ie reporting back on Facebook denying deletion requests under CCPA:

CCPA is very different than the General Data Protection Regulation (GDPR)

In contrast to GDPR, CCPA has been very visible across the web. While GDPR was highly visible with the privacy community and in Europe, it has heavily focused on consent. While CCPA does have a consent component it is highly focused on consumer data access and deletion rights along with the sale of consumer data.

So for many consumers, they have seen the impact of CCPA directly in communication with them. Even more specifically in many people’s inboxes. You may have noticed emails from several of the companies that you subscribe to recently sending email updates about their privacy policy changes. 

These are directly associated with the anticipation of CCPA. While enforcement of CCPA does not occur until July 1, 2020, responsible companies are preparing now. This will continue to rise along with the use of a “Do Not Sell” button which should become a staple on most sites.

Here is an example from Potterybarn Kids:

The cost of CCPA will be great and teams will need to work closely together

The total cost of any regulation for companies is difficult to estimate. But, a recent article from Bloomberg estimated that CCPA alone will cost companies 55 Billion dollars. 

At these levels companies, internal teams will need to work in harmony. With executive oversight, the teams that have been affected by CCPA have been marketing, IT, legal and finance. 

  • Marketing Teams – These teams have been responsible for creating messaging to ensure consumers about compliance changes that have been seen in banner ads and emails.
  • IT Teams – These teams have been required to audit technology stacks and implement new compliance solutions where required.
  • Legal Teams – Most legal teams have been required to get up to speed on marketing and analytics processes to ensure corporate compliance.
  • Finance Teams – Financial organizations have been required to take new liabilities into account and allocate resources to ensure corporate compliance.

In summary, the last week has been very interesting. Over the next several weeks and months companies will need to be vigilant & flexible to ensure they are not only meeting the new regulation but also meeting social expectations.  Very exciting times!

To learn how RIVN can help please visit www.rivn.com

Australia Set to Police Google and Facebook

Australia is trying to learn from other countries across the globe including Europe and the US to develop a platform that will help protect their citizens privacy while monitoring big tech companies. A recent Reuters article found here highlights Australia strategy including establishing the Australian Competition and Consumer Commission (ACCC) which would be “…the antitrust watchdog, to scrutinize how the companies used algorithms to match advertisements with viewers, giving them a stronghold on the main income generator of media operators.” 

This commission would be focused on Facebook and Google in particular.

Here is an excerpt from this article:
“lift the veil” on the closely guarded algorithms the firms use to collect and monetize users’ data, and accepted the ACCC’s “overriding conclusion that there is a need for reform”.

The article goes on further to discuss 5 existing investigations into the big tech companies with more to come.

To learn more about regulations mentioned above please see the following links below:

Detailed Rights Comparison of CCPA vs GDPR

Global companies are still trying to meet the standards of General Data Protection Regulation (GDPR), they are now being faced with California’s new privacy law known as California Consumer Protection Act (CCPA) which will begin enforcement January 1, 2020.  Kramer Levin published an article highlighting the comparison between the new privacy laws which can be found here.

Source: https://www.secupi.com/ccpa-mini-gdpr/

What is interesting about this post is the detail they go into specifics around the Right to be Forgotten/Erasure aka Deletion can how the two regulatory laws compare:


“The GDPR contains a similar provision, referred to as the “right to be forgotten,” allowing data subjects the right to have personal data concerning them deleted by the data controller under certain circumstances. Data subjects enjoy this right regardless of the source from which the data was obtained. Art. 17. As with the CCPA’s right to deletion, the GDPR’s right to be forgotten is combined by several exceptions, allowing controllers to deny erasure requests when doing so is part of an exercise of free expression; is necessary for compliance with a legal obligation or the establishment, exercise or defense of legal claims; or when retaining the data is in the public interest. The GDPR also allows data subjects to request that controllers implement restrictions on the use of their personal data in certain circumstances, and requires businesses to notify any recipient to whom they have disclosed the subject’s personal data of any limitations or erasures requested by the subject that they have implemented. Art. 18-19.

This is where RIVN comes into play.  When it comes to the deletion activity that is where RIVN is here to help companies get ready for CPPA and GDPR.  For digital marketer and legal teams, the greatest hurdle may be the “Right to Erasure/Deletion” function itself. Contemporary organizations are searching for a module-based solution such as RIVN to step up to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about RIVN and RIVN Delete option please visit https://www.rivn.com/

To learn more about regulations mentioned above please see the following links below:

Data Sovereignty

In the ever changing world of power and currencies data is becoming the most valuable asset for companies. We are seeing a shift in value from companies from managed materials like gold and oil. Now technology companies lead the globe in revenue creation. Data sovereignty could be the next big thing in martech! The full article published by the Forbes team can be found here which highlights the power of data in our global economy.

Source: https://www.forbes.com/sites/cognitiveworld/2019/07/21/its-time-to-fight-back-for-data-sovereignty/#7dba5abe1ccc

Credit: Deposit Photos

Below is a snippet from the scope of that article. 

“So how have companies handled such responsibility? Not well, it seems. “In the first half of 2018 alone, it’s estimated over 4.5 billion digital records were stolen or exposed,” explains Joseph Hopkins, COO of Crown Sterling. “More importantly, this crisis shows no signs of stopping. And in fact, may be worsening. Already 2019 has witnessed major breaches at the Oklahoma Department of Securities, Flipboard, and First American Corporation, releasing sensitive information, including bank account numbers, tax records, social security numbers, and wire transaction receipts.

Dubbed the “most important change in data privacy in 20 years,” the General Data Protection Regulation (GDPR) went into effect May, 2018 to safeguard all EU citizens’ privacy from data breaches with stiff fines for organizations that do not comply. As an example of just one protective feature, the GDPR inhibits opaque verbiage from user agreements: “The conditions for consent have been strengthened, and companies are no longer able to use long illegible terms and conditions full of legalese. The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.”

This is where RIVN comes into play.  For companies to effectively manage their most valuable asset, consumer data deletion functionality is a critical component. For digital marketer and legal teams the greatest hurdle may be the “Right to Erasure/Deletion” function itself.  Contemporary organizations are searching for a module based solutions such as RIVN to step up to meet this need with an easy to use SaaS based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about RIVN and RIV= Delete option please visit https://www.rivn.com/

To learn more about regulations mentioned above please see the following links below:

What is Brazilian General Data Protection Law (LDPG)

While published in 2018 the new Brazilian General Data Protection Law (LDPG) will go into effect in around February 2020. This law is Brazil’s attempt to streamline several privacy laws for personal data in the private and public sector including online/offline data. Brazil already has a number of privacy laws in place, but not a single standard. This new regulation carries a fine of R 50M or 2% of the annual take. For a detailed report on LDPG please see the excellent report that team at IAPP part together here.

Source: https://iapp.org/news/a/the-new-brazilian-general-data-protection-law-a-detailed-analysis/

Below is a snippet from the scope that LDPG will cover. It should be noted that within the Data Subject rights consumers will have the right to delete/cancel data similar to GDPR and CCPA.

Scope: The LGPD will have transversal, multi-sectoral application to all sectors of the economy, both public and private, online and offline. With few exceptions, such as national and public security; pure research, artistic and journalistic purposes; any practice that process personal data will be subject to the law.

Data subjects basic rights: Data subjects will have their basic rights expanded, and they must be guaranteed in an accessible and effective manner. Among the listed rights, it is important to highlight the right to access to data, rectification, cancellation or exclusion, opposition to treatment, right to information and explanation about the use of data. The great novelty is the right to data portability, which allows the data subject not only to request an entire copy of their data, but also to have them provided in an interoperable format, which aims to facilitate their transfer to other services, even for competitors. Due to its nature, this new right has been seen as a strong element of competition between different companies offering similar services based on the use of personal data.”

This is where RIVN comes into play.  When it comes to the deletion activity that is where RIVN is here to help companies get ready for LGPD.  For digital marketer and legal teams, the greatest hurdle may be the “Right to Erasure/Deletion” function itself.  Contemporary organizations are searching for a module-based solution such as RIVN to meet this need with an easy to use SaaS-based single function that allows brands worldwide to meet business needs and be ready for what is next.

To learn more about RIVN and RIVN Delete option please visit https://www.rivn.com/

To learn more about regulations mentioned above please see the following links below: