Famous comedian Tim Conway certainly wasn’t thinking about marketers when he was quoted as saying, “People enjoy sitting back knowing they won’t hear a lot of four-letter words.” As marketers know, the four-letter word, known as “data,” is key to their success.
Years ago, any data collected was placed in folders and retrieved as needed. Things were also in silos so there was little, if any, collaboration between departments. Sharp marketers today have programs that capture and deliver cross content and are shared and accessible by other key departments.
Along with the maturation of data gathering have arisen some controversial issues, largely around privacy. Federal and state agencies are also looking at various ways to protect consumers and any actions they take could also change how advertisers market. Marketers are already seeing an assortment of jargon about CCPA (California Consumer Protection Act) and GDPR (General Data Protection Regulation).
On January 1, 2020, a new state law with regulations governing privacy for companies doing business in California was hurriedly rushed into place. The regulations could be far-reaching for large companies that meet one of the following:
1. They have annual gross revenues of $25 million.
2. Acquire or share personal information each year on 50,000 or more California residents.
3. Get half or more of their income by selling personal information of California residents.
The law defined personal information as just about everything imaginable, which includes the obvious things associated with individuals like name, address, birth date, social security number and account numbers along with “unique personal identifiers” like IP or MAC addresses.
GDPR has been in effect since May 25, 2018 and governs data protection for consumers who live in countries that belong to the European Union. Much of the general focus appears to have been mimicked by California’s CCPA.
What’s unique with GDPR is that companies are required to get permission from customers and to tell them how the data being requested will be used and stored. Customers will also have the ability to ask companies to delete certain pieces of information.
Initial reports from Europe appear to indicate that companies affected by GDPR will treat all customers as though they were covered rather than maintain two sets of records.
U.S. companies not affected by either CCPA or GDPR should still take notice and prepare for what appears inevitable. One only has to review reports from the Federal Trade Commission and other regulators about various infractions and scams, and if the federal government doesn’t act, other states will likely follow California’s lead. Regulation about privacy will descend on U.S. companies sooner or later.
Woodrow Hartzog, Northwest University computer researcher and author of “Privacy’s Blueprint,” told Wired Magazine that many European companies are still lacking the tools to comply with consumer requests, even though they had years to prepare for CCPA.
These two four-letter words, CCPA and GDPR, appear to be the standard that will eventually be in place sometime in the future in the U.S. American companies that get ahead of the curve by incorporating the rules that come out of CCPA and communicate their efforts to their customers will not only gain respect and loyalty but will be perceived as a leader. Consent and transparency will be key.