If you do business with customers in Canada, an important new privacy law has taken effect as of November 2018: The Personal Information Protection and Electronic Documents Act (PIPEDA). People are already starting to refer to PIPEDA as Canada’s version of GDPR, the sweeping privacy regulations implemented in May 2018 by the European Union.

There are some common denominators between PIPEDA and GDPR. Both mandate acquiring explicit customer permission for the use of personal information, as well as disclosure of how this information will be used. Both also require breach notification in cases where personal information has been compromised: in Canada’s case, notification must be made to that country’s Privacy Commissioner a well as to affected parties. Other common threads include requirements to maintain accurate and secure data, giving individuals access to their own data, and the need for a formal compliance officer.

Getting started with PIPEDA

The Canadian government has published a downloadable guide to help organizations understand and become compliant with the new PIPEDA law, entitled Privacy Toolkit: A Guide for Businesses And Organizations. It provides an overview of the law and its principles, together with descriptions of its complaint handling procedures and audit provisions.

PIPEDA compliance revolves around ten principles that businesses must follow:

1. Accountability. Comply with these principles, appoint an individual responsible for compliance, protect information handled by you and third parties, and develop policies and practices for personal information.

2. Identifying purposes. Document and inform individuals why information is being collected, before or at the time it is collected.

3. Valid, informed consent. Specify what information is being collected, used or disclosed along with its purpose, and obtain explicit consent – before collection, and again if a new use of their personal information is identified.

4. Limiting collection. Do not collect personal information indiscriminately, or deceive or mislead individuals about the reasons for collecting personal information.

5. Limiting use, disclosure, and retention. Use or disclose personal information only for the purpose for which it was collected or consented to, keep personal information only as long as necessary, and have policies for the retention and destruction of information that is no longer required.

6. Accuracy. Minimize the possibility of using incorrect information when making a decision about a person or when disclosing information to third parties.

7. Safeguards. Protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

8. Openness. Inform customers, clients and employees that you have policies and practices for the management of personal information, and make them understandable and easily available.

9. Individual access. Provide individuals with access to their personal information on file with you, along with how and to whom it has been disclosed, as well as the ability to correct or amend this information.

10. Challenging compliance. Develop simple and easily accessible complaint procedures, inform complainants of their avenues of recourse, investigate all complaints received, and take appropriate measures to correct information handling practices and policies.

Some important distinctions

While the goals of PIPEDA are very similar to those of other privacy regulations such as GDPR – and many of the same compliance strategies will apply to both markets – there are some key differences with Canada’s new regulations. Here are two of the more important ones:

A focus on mediation. Compared with other global privacy regulations, which often carry stiff financial penalties, PIPEDA is designed to enforce privacy laws through mediation where possible. However, this does not mean that the law is without teeth: both complainants and Canada’s Privacy Commissioner can apply for a Federal Court hearing and potential damage awards. In addition, specific violations such as intentional destruction of requested personal information or whistleblower retaliation may be prosecuted as offenses.

Limits on scope for employee data. Unlike GDPR, the PIPEDA law’s application to employee data only applies to federally regulated entities such as banks, airlines and shipping companies (although some provinces have stricter provincial privacy laws). For consumer data, however, PIPEDA applies to personal data from all Canadians.

Knowing the location of customers is key to PIPEDA compliance

Contact data quality is no longer an option when dealing with the Canadian market. Service Objects has been at the forefront of helping firms with their compliance efforts for data privacy regulations, including flagging the geographic location of customers and prospects, which is key to getting started with any compliance effort.

Contact us for more information about how our data quality solutions can help your business.

Labor Day is much more than the traditional end of summer in America: it pays tribute to the efforts of working people. It dates back well over a century, with one labor leader in the 1800s describing it as a day to honor those “who from rude nature have delved and carved all the grandeur we behold.” And we aren’t forgetting our friends in Europe and elsewhere, who celebrate workers as well with holidays such as May Day.

As we celebrate work and the labor movement – and enjoy a long holiday weekend – we wanted to take a look at some of the ways that we help you save labor, as you try to carve grandeur from your organization’s data. Here are some of the more important ones:

Validation and more. Let’s start with the big one. For nearly two decades, the main purpose of our existence has been to take the human effort out of cleaning, validating, appending, and rating the quality of your contact and lead data. Whether your needs involve marketing, customer service, compliance or fraud prevention, these tools save labor in two ways: first, by saving you and your organization from re-inventing the wheel or doing manual verification, and second, by saving you from the substantial human costs of bad data.

Ease of integration. What is the single worst data quality solution? The one that gets implemented badly, or not at all. One of the biggest things our customers praise us for is how easy it is to implement our tools, to work almost invisibly in their environment. We offer everything from API integration and web hooks with common platforms, all the way to programming-free batch interfaces for smaller or simpler environments – backed by clear documentation, free trial licenses and expert support.

Speed and reliability. As one customer put it, “milliseconds matter” – particularly in real-time applications where, for example, you are validating customer contact data as they are in the process of entering it. Our APIs are built for speed and reliability, with a longstanding 99.999% uptime and multiple failover servers, as well as sub-second response times for many services – so you don’t waste time tearing your hair out or troubleshooting responsiveness issues.

Better analytics. Your contact data is a business asset – put it to work as a tool to gain business insight for faster, more informed decision-making and market targeting. You can target leads by demographics or geocoding, enhance your leads with missing phone or contact information, or leverage your customer base for better decision support, among many other applications.

Customer support. We recently interviewed a major longtime customer about using our products, and when we asked them about support they gave us the highest compliment of all: “We never need to call you!” But those who do call know that our best-in-class support, staffed by caring, knowledgeable experts who are available 24/7/365, represents a large savings of time and effort for our clients.

We hope you enjoy this Labor Day holiday. And when you get back, contact one of our product experts for a friendly, pressure-free discussion about how we can create less labor for you and your organization!

 

The golden rule of marketing has always been, “know your customer.” In today’s regulatory environment, however, it might be more accurate to say, “know your customer – or else!” Nowadays customer data – particularly in areas such as geocoding and demographic data – are often central to maintaining compliance with a wide range of regulations, in the financial world and elsewhere.

In response to this, Service Objects has just released a powerful new capability to help automate the gathering and analysis of geolocated consumer data: Address Insight – US. It provides address standardization, address geocoding and demographic information together in one real-time service, and is designed to serve a wide range of applications ranging from compliance to targeted marketing.

Examples of financial compliance issues

Let’s look at some of the areas where address insight can benefit your compliance efforts:

• The Community Reinvestment Act (CRA) requires federally insured lending institutions to provide lending opportunities to low-to-moderate income communities – and in particular, prove that they are not “redlining” specific neighborhoods and denying them credit. One of the key performance criteria for evaluating CRA compliance is your geographic distribution of loans.
• The Home Mortgage Disclosure Act (HMDA), enacted by Congress in 1975, requires lenders to publicly disclose data regarding their mortgage lending activities. While this is a disclosure law with no implied quotas, HMDA also serves to ensure that lenders do not contribute to the decline of specific geographic areas by failing to provide adequate mortgage financing.
• For consumer lending in general, the Federal Financial Institutions Examination Council (FFIEC) has a set of Fair Lending Examination Procedures used to audit lenders for evidence of lending discrimination. These reviews include an analysis of geographic patterns in lending to seek evidence of “redlining” or neighborhood-based discrimination.
• Conversely, certain real estate transactions may be subject to Geographic Targeting Orders (GTO), which are enhanced identification and record-keeping requirements imposed by the Federal Financial Crimes Enforcement Network for expensive real estate transactions in areas that are prone to money laundering activities. For example, as of 2017 transactions of $3 million or more in Manhattan or $1 million or more in parts of Florida were subject to GTOs, along with numerous other metropolitan areas.

A solution for compliance and beyond

Of course, there are numerous applications beyond compliance for geocoded address insight. For example, academic researchers can use address insight to study specific neighborhoods – for example, the University of Chicago divides the city of Chicago into 75 defined communities that correlate with tract information, and can be used as study variables. And of course, the combination of location insight and demographic data can be a very powerful tool for market targeting.

For compliance applications, Service Objects’ Address Insight – US provides data such as MSA code, state code, county code (FIPS), and tract number for addresses for FFIEC compliance. It also includes all the benefits of Service Objects’ flagship address validation and standardization capabilities, as well as appended demographic information such as household values and incomes by ZIP code.

As with all Service Objects services, Address Insight – US is available through APIs that can be interfaced directly to most contact data automation platforms, as well as convenient batch list processing for smaller applications or specific datasets. Contact us for a free 500-transaction trial key, and see what this new tool can do for you!

What is location intelligence, or LI for short? According to geomarketing firm Carto, it is the process of transforming location data into business outcomes. Today LI has become a very hot field, with projected revenues of over US $16 billion by 2021.

You probably use location intelligence in your business already, perhaps without even knowing it. If you sell to specific geographic markets, have seasonal variations in your sales patterns, or market to a targeted demographic, location data is probably part of your marketing mix. This is how we avoid pitching winter coats to people in Hawaii, or selling farming tools on Wall Street. But its applications now go far beyond marketing, into nearly every aspect of modern commerce.

How Location Intelligence works

Today’s LI works by marrying the benefits of geocoding and big data. It turns address data into exact latitude and longitude coordinates that frame information such as its census tract and usage, which in turn can be linked with associated data such as demographics, zoning, or spending patterns.

In much the same way that CRM provides you with a wealth of customer-based insight, LI can add the power of this accumulated location-based data to your business decisions. Here are some examples:

Compliance: Geospatial data can form an integral part of documenting compliance with regulations targeted at specific demographics or geographic areas. For example, the banking industry’s Community Reinvestment Act (CRA) and Equal Credit Opportunity Act (ECOA) require lenders to support the needs of lower and middle income borrowers as well as avoid discriminatory lending practices. And in another example, one of New York State’s largest cable providers was recently ordered to leave the state over charges of breaking commitments to roll out broadband services to rural areas.

Fraud prevention: Your bank receives a loan application from a new customer with a swanky business park address – which actually turns out to be an abandoned industrial area. Or the loan proceeds are being spent in areas of high drug trafficking or known financial crime. According to fintech expert Kenneth Goodwin, these are just two examples of how location intelligence can prevent or investigate financial fraud.

Targeted marketing: Once upon a time, companies decided where to place a billboard based on counting how many cars drove by. Today, according to ESRI’s Marianna Kantor, the out-of-home (OOH) advertising market – encompassing everything from news kiosks to municipal buses – can tap into a rich array of anonymized financial and demographic data, fed by everything from GPS data to smartphone use. At a broader level, location intelligence promises to vastly improve the granularity with which marketers can target their efforts using any channel.

Location-based offers: Suppose you walk into a ballpark, and a text message pops up on your phone offering discounts on a seat upgrade or in-game video highlights. This isn’t science fiction: it’s happening today with real-time applications such as Major League Baseball’s Ballpark smartphone app, which links ticket purchases and geospatial data to customize the live baseball experience. In the future, the potential to customize location-based customer experiences is nearly unlimited.

Putting Location Intelligence at your fingertips

Want to quickly add the power of location intelligence to your contact data processing? Service Objects offers capabilities such as Address Geocoding, which turns US or Canadian addresses into geolocation coordinates and associated data including census tract, county and block codes, and proximity to water, as well as our GeoPhone and GeoPhone Plus services that work from your telephone contact data. Use them as standalone services, or link them with other address-based data tools such as block-level demographics for a broader picture.

Any of these tools can be integrated directly into your marketing or CRM platform via a real-time API, or via a convenient batch interface for smaller applications. And you can try them out for free right now on our website, with no registration required.