Posts Tagged ‘compliance’

US Address Validation Use Cases

Why do people use our DOTS Address Validation – US product? There are many reasons to choose our service that really depends on your business or project. At the highest level, our clients have a goal of gaining efficiency in their systems and want to reduce waste, fraud, and abuse. The next question becomes, how are we going to create efficiencies in our client’s systems?

The primary solutions Service Objects’ real-time APIs offer typically fall into one of these general use case categories: preventing lost deliveries, eliminating waste and fraud, standardizing for compliance, gaining insights into customers and prospects and optimizing marketing automation. These categories are relevant to the majority of our APIs, however, this blog will focus on Address Validation – US and give examples of how this service can be your solution.

Preventing lost deliveries (and delivering more)

Address Validation – US can help with lost deliveries, and in turn allow for the successful completion of more deliveries, by guaranteeing accurate validated addresses. We do this with our CASS certified address validation engine which employs the culmination of 20 years of experience. We make sure addresses exist and are complete by fixing addresses and returning codes that give you additional details and visibility into the addresses at hand.

For example, besides just telling you what was fixed, or telling you what address component is missing, we will provide insights into the address and let you know if it was found to be vacant, returning mail, general delivery, rural route or highway contract and many more, which you can find in our developer guides.

With this information, your organization can make smart decisions on how to handle addresses and reduce the costs of delivering, re-delivering, handling, lost materials, materials sent to the wrong addresses and the cost of damaging your reputation.

Eliminating fraud

Fraud can manifest itself in many ways, and it is always important to keep in touch with new ways that this kind of abuse is attempted. There are several ways Address Validation – US will help eliminate fraud.

Some fraud is attempted by creating duplicate orders in an effort to either get free samples or try to get multiple orders of something and in turn try to resell them. The people behind these efforts will try to circumvent processes by entering their data into a system multiple times, each time entering the data slightly differently. These differences may include a misspelling on purpose such as using ‘Summerland’ and ‘Summer Land’ for the city, or entering the wrong street suffix such as ‘ST’ instead of ‘RD,’ or using both in separate instances. The changes or variations are usually small enough to create multiple different addresses that end up being, in fact, the same address.

Sometimes deliveries are made to multiple forms of the same address. Alias street names can be completely different even though they are the same street, for example, Highway 28 and Allen Street are the same street. Whatever the address inputs were, if the underlying address is actually the same, we can identify these duplicates in two ways. First, we return a standardized address that eliminates the variation in addresses, and second, we return a barcode digit unique to the address that can also be used for de-duplication.

Besides altering addresses to get multiple deliveries, fraud can come into play when someone has stolen purchasing details and needs to receive the delivery of a fraudulent order at another location. In some cases, the perpetrator will use the address of a vacant lot or an address with no delivery and wait for the mail to arrive. With the notes (detailed in our developer guide) that we return in the service, those kinds of details can be identified and flagged for review. In any case, an area found to be problematic or suspicious can be detected and flagged as well.

For instance, if your organization is having trouble with deliveries in certain regions or territories, ensuring the address you have is valid and accurate can help you flag addresses appropriately by getting correct the address, city, county, state, district, building type, delivery type and so on, where leaving these items not validated could lead to potential fraud. The cost savings in making your process less prone to fraud can come in many forms such as saving on delivery, handling materials, producing materials and protecting your organization’s reputation.

Standardizing for compliance

Compliance is a huge issue for most businesses nowadays, and it can be costly to be out of compliance. In recent years, lawmakers in various countries including the US have enacted compliance laws with respect to the gathering, handling, and storage of personal information. Not being in compliance with these new regulations can have a huge impact on your organization in terms of financial penalties and reputation damage.

When a request is made to purge personal information, organizations need to be able to identify all of the personal data connected to this individual and be able to purge it with certainty. One way we can help is by making sure the data you have on an individual is valid, accurate and standardized. In this situation, all three of these are equally important.

Take standardization as an example, if the same address is entered into your system with several different variations when it comes time to purge the data some of the data may be missed based on differences in the address. These variations can come from typos on forms, a call center technician misinterpreting information conveyed over the phone, or even data digitized through processes such as OCR that scan hard copy documents to digitize them for processing by computer systems.

Our Address Validation – US product helps solve these problems. First, it performs the address validation so that you can be sure that the address you have is valid and accurate. Second, it standardizes the address so that organizations can rely on consistency, and they can use our barcode digits to identify duplicate addresses even when the original addresses had variations to them. (Of course, various people can live at a single address, so care has to be taken in properly identifying, individuals at an address and making sure the wrong records are not being purged.)

Our address validation service is a huge step in untangling this problem, but we should also point out that we have other validation services, To untangle data points even further our DOTS GeoPhone Plus service and others can help. The costs associated with being in compliance are minuscule to what they can be when dealing with litigation, data handling, and reputation issues.

Gaining insights into customers and prospects

Gaining insights into your customers and prospects from your data and having a more complete picture of your leads can give you many strategic advantages. As an example, imagine being on the phone with an engaged prospect, trying to relate to them by telling them about an experience you had in their home town, just to hear them say “I’m not sure what you’re talking about, I’m not from there.” That’s embarrassing! Getting this wrong can make you look contrived.

We can increase confidence when you are reaching out to contacts with valid accurate data, but we are also giving you an opportunity to hone in and paint a better, more complete picture. What congressional district they are in can give you insights into potential political leanings. Is their address residential? Is it a rural address? Do they live in an apartment? Is it a military address? We address these kinds of questions and help shape the relationships and outreach organizations have with their contacts. Moreover, delivery strategies can be tailored to be more efficient. For instance, depending on the insights provided, deliveries can be distributed to the appropriate delivery team or person, scheduled for the right times and/or charged the proper amount.

Having a complete picture allows you to be able to not only distribute leads accurately to the right teams but also allows you to create unique territories that in turn match your strengths as a sales team. Leads can be distributed loosely or tightly. The human resource cost in handling leads and gaining insights into your customers and prospects can be tremendous, as are the costs in trying to correct the data manually. Service Objects is here to help you out with greatly reducing that burden.

Optimizing marketing automation

Just as creating smart sales territories are important for lead distribution, they are just as important in marketing territories. When distributing marketing materials, it can be important that they are tailored and are sensitive to the target audience and location. It is also important to deliver materials to addresses that exist so that you can reach as many people as possible, and make your campaign a success with a minimum of waste. Employing Address Validation – US as part of your solution can help minimize costs such as human resources, corrections, time, and delivery and re-delivery, as well as the implied costs to your reputation.

This is far from an all-inclusive list of use case categories. We have 23 other validation services besides Address Validation – US. Just imagine the possibilities when you pair this service with our other validation and data enrichment services like:

Depending on your organization, one or more of these can be part of your solution in gaining maximum efficiency and reducing waste, fraud and abuse.

Compliance is Not Optional

The roots of the term “compliance” were first used in the early 1600s when, according to the Merriam-Webster dictionary, complying meant being ceremonially courteous. Today, it involves much more than courtesy: in fact, it is often central to keeping your company out of financial and legal trouble. And it is a big part of the life of any data manager nowadays.

If you contact prospects or customers from a database, your business faces a host of regulations regarding the privacy, security and data quality of their data. These rules touch on areas such as unsolicited marketing contacts, phone and email messages, whether you are maintaining fair lending practices, and much more. And in some cases, the penalties for non-compliance can be severe.

Here, I would like to look at some of the biggest compliance issues our customers face, and how we support best-practice strategies for managing your compliance risk. Let’s start by breaking down three of the biggest areas of regulation businesses are likely to deal with regarding contact data.

TCPA

If you do outbound marketing or customer contact by telephone or text messaging in the United States, you are subject to the Telephone Consumer Protection Act (TCPA), a Federal regulation designed to protect consumers – particularly wireless users – from unsolicited marketing contacts. Penalties for violations can be as high as $1500 per call or text message, and many familiar firms have been subjected to multi-million dollar fines in recent years.

Our DOTS GeoPhone Plus service is specifically designed to help ensure TCPA compliance for your phone contact records. First, it verifies the subscriber’s name, so you can check it against your contact records. Second, it tells you what type of line it is (landline, wireless, VOIP) and, if ported to a new line, the date of porting – this is important, because if a wireless number changes hands from your contact, you only have a 14-day “safe harbor” under TCPA to stop sending messages to the new owner. Finally, it provides other important information such as SMS/MMS data and SIC codes for business numbers.

GDPR

If you have marketing or business contacts with residents of the European Union, these now fall under the strict General Data Protection Regulation (GDPR) data privacy laws that took effect in 2018. These new rules encompass areas including making sure contacts explicitly opt-in, giving contacts control over the use of their personal data, and restricting unsolicited marketing. Penalties for non-compliance can range as high as 20 million Euros or 4% of annual turnover, whichever is greater.

Our global address validation tools can help you maintain GDPR compliance by flagging contacts who reside in Europe, and also automate compliance with GDPR Article 5 by producing a Certificate of Accuracy (COA) for each of your contact records, to assist with potential compliance audits. We also offer a free GDPR data assessment on request.

CAN-SPAM

The US CAN-SPAM act prohibits sending unwanted commercial email, such as mailing to a harvested address, with penalties ranging up to $42,530 per email. CAN-SPAM compliance largely starts with your business processes, ensuring that your contact email addresses have opted in to receive commercial email from you. Our DOTS Email Validation service can enhance your email marketing efforts and protect your sender reputation by ensuring these addresses are legitimate, as well as flagging potential spammers, fraudulent email addresses, spam traps and honeypots, and much more.

Building an infrastructure for compliance

With a tip of the hat to Merriam-Webster, compliance is about much more nowadays than bowing and curtsying to the king. In fact, it is about more than simply complying with regulations: it is also about having the infrastructure to prove compliance and back it up with data. This is one area where an ounce of prevention is worth more than a pound of cure, with the use of real-time tools to validate your contacts and procedures, as well as leveraging these tools to prepare for future compliance questions or audits.

The High Cost of Poor Data Quality

If you are a marketing, order fulfillment or data manager, there are some things you don’t want to be greeted with when you come to work in the morning – and a surprising number of them revolve around issues with your contact data. For example:

  • You’ve sent someone’s sensitive personal information to a similar but incorrect address that was fat-fingered during data entry, and it’s become a news story.
  • 20% of your marketing budget was spent on direct mail pieces to people with names like “Mickey Mouse” and “SpongeBob SquarePants” who faked out your lead magnets to get free bonuses.
  • You shipped several high-ticket items to a fraudster using fake contact information.
  • You are facing a court order for violations of the Telephone Consumer Protection Act (TCPA), for unsolicited telemarketing to wireless phones that once belonged to your contacts but have now changed hands.

According to Gartner, the cost of bad data to US businesses is roughly $15 billion per year as of 2018, and UK site MyCustomer notes that bad customer data alone costs UK businesses 5.9% of annual revenue. But those are just aggregate numbers that often don’t mean anything to the average business. Here, let’s look at some of the real ground-level consequences of bad contact data.

Marketing inefficiency

According to this source, the average company spends $180,000 per year simply on direct mail that is misdelivered due to inaccurate data. Your cost per converted lead is directly impacted by the quality of your data, in a chain that runs through areas such as direct mail costs, list maintenance, human intervention, and the yield and ROI of your campaigns.

Reputational damage

Misdelivered packages. Service failures. Customer service issues. Problems like these are what, down in the trenches, create negative brand reputations that no amount of advertising or marketing can overcome – particularly in an era of social media, where your failings are always on display. Conversely, when people can count on you for quality in all of their interactions with you, it builds consumer trust and a good word-of-mouth reputation.

Compliance issues

This is one area where the cost of bad contact data becomes very real and tangible, as newer data privacy regulations have introduced serious penalties for compliance violations. For example, the European Union’s GDPR regulation includes potential fines of up to 4% of annual revenue, while the TCPA regulation mentioned above includes penalties of up to $1500 per individual violation, resulting in numerous multi-million dollar judgments against consumer firms nationwide. As a result, compliance issues alone have become a major reason for an increasing focus on data quality.

Pay now or pay later

One way to look at the impact of data quality on your business is what we call the “1-10-100” rule:

  • Catching bad data at the time of data entry may cost one cent per entry
  • Correcting bad data at the time of use may cost ten cents
  • Managing the consequences of using bad data may cost a dollar – or more

Scaling this to an organizational level, a proactive approach to data hygiene is far and away the most cost-effective way to avoid the negative financial and reputational consequences of bad contact data.

This means having processes that encompass all of your contact data touch points, including marketing, shipping, customer service and more. In particular, it means ensuring clean contact data at both the time of data entry and the time of deployment, since data decays at a substantial rate every year.

Today this also means automating the process of contact data quality, by integrating tools such as address validation, email validation, lead and order validation directly into your marketing automation or CRM environment.

Want to learn more? Visit our solutions pages online, or download our free white paper Hitting the Data Trifecta: Three Secrets of Achieving Data Quality Excellence.

Accurate Contact Data and Compliance

If you are a data professional, the word “compliance” has become a bigger part of your vocabulary than ever lately. Data privacy laws have proliferated in recent years, risks and potential penalties for violations have increased, and customers and prospects are more aware of their rights than ever.

These laws all have one thing in common: the need for accurate contact data. In this article, I would like to give you an overview of why validating your contact data assets, at the time of data entry and prior to contact campaigns, is the single most important best practice you can implement to mitigate these compliance risks. Let’s look at three of the biggest compliance areas today:

1. Marketing permission

We are increasingly part of an opt-in world, where unwanted marketing contact is often heavily penalized. The wrong email address can run afoul of the CAN-SPAM Act, bad contact data can violate the strict opt-in provisions of GDPR, and texting to a cell phone that has changed hands violates the US Telephone Consumer Protection Act (TCPA).

Few companies intentionally set out to violate laws like these. Instead, violations often occur organically as a result of data quality issues. Bad data comes into your system at the point of entry, contact data changes over time, and existing contacts change roles. Avoiding these preventable risks is one reason why a proactive approach for having clean contact data is central.

2. Breach notification

Something goes wrong. Your customers’ data falls into the wrong hands. How quickly could you notify each of these customers about what happened?

In the aftermath of recent data privacy laws, ranging from the European Union’s GDPR regulation to the Federal HIPAA act for electronic health care data, breach notification has become a key compliance concern for data professionals worldwide. According to this article, such data breaches represent one of the most likely sources of legal exposure, from both individuals and data protection authorities. And breaches themselves have proliferated to the extent that one source even features an “incident of the week.”

This is one area where accuracy AND responsiveness matter from a compliance standpoint. In the former case, risks include failure to notify affected individuals as well as liability for being out of compliance. In the latter case, speed of response is increasingly becoming a matter of law: for example, GDPR requires businesses to “communicate high-risk breaches to affected data subjects without undue delay.” Both cases require rapid access to accurate, up-to-date contact data.

3. Communications with customers

This article from Forbes Magazine points out that an effective data privacy framework starts with a dialogue with your customers. Building trust – and preventing regulatory complaints – requires having accurate channels for communicating your policies and responding to customer feedback.

Mitigating your compliance risks

Having accurate contact data plays an essential role in compliance. Data privacy regulations have proliferated around the globe, and hundreds of regulations exist today. However, achieving compliance is just the start; to be competitive nowadays, accurate data quality and transparent communications channels need to become part of your brand to customers and prospects.

Our data quality solutions help you meet these challenges. We ensure your business has the most genuine, accurate and up-to-date data for your customers, giving you the ability to communicate with your contacts when it matters most. When compliance questions come up or audits happen, be sure your organization is prepared.

GDPR: One Year Later

May 25, 2019 marks the one year anniversary of the implementation of GDPR: the European Union’s General Data Protection Regulation, a sweeping set of data privacy laws replacing a patchwork of regulations from individual European countries.

GDPR has been a hot topic for anyone involved with data who does business in Europe, and the entire industry has been watching its rollout with interest. So where do things stand one year down the road? Here are some trends we’ve been seeing in the press:

One quick win: breach notification. There is a clear consensus among industry observers that the volume of breach notifications was the single biggest immediate change following the implementation of GDPR.

In the aftermath of clear, EU-wide regulations for self-reporting data privacy breaches, such notifications have increased substantially over the past year, with nearly 60,000 breaches reported in the EU over the first eight months of GDPR. Speaking in a recent Slate article, the UK’s Steven Eckersley notes that in his country alone breach notifications are predicted to nearly double from 18-20,000 in 2018 to around 36,000 in 2019.

Compliance – and enforcement – have ramped up slowly. One of the biggest storylines of 2018 in the data industry was how companies struggled to meet this law’s compliance deadlines. 2019 finds these efforts still ramping up: at a recent meeting of the International Association of Privacy Professionals, it was estimated that 50% of covered firms are still in the process of GDPR compliance, a process that may continue for a couple of more years overall.

GDPR was also noted for its potential to levy stiff penalties on companies that did not protect consumer data, ranging up to 4% of annual turnover. However, enforcement efforts have proceeded cautiously to date. Of the roughly 56 million Euros in fines levied against firms for GDPR violations over its first nine months, nearly 90% of this sum was a single 50 million Euro fine against Google, with a majority of fines to date being small ones. However, some analysts expect enforcement efforts towards small- and medium-sized firms to increase in the future.

GDPR is part of a movement. Perhaps the biggest impact of GDPR over the past year lies outside the EU, where new data privacy laws influenced by GDPR are now being proposed in numerous countries worldwide. Here in the United States, new data privacy requirements are coming online in California in 2020, and US Senator Marco Rubio has recently proposed a federal data privacy standard similar to GDPR – and according to DestinationCRM, the latter may in fact be a welcome development for firms compared with the potential need for managing disparate state mandates.

Beyond compliance and enforcement issues, many analysts continue to feel that data privacy initiatives such as GDPR are also fundamentally changing the dialogue between businesses and their customers, creating relationships that are built more on trust and transparency. A year into the implementation of GDPR, it is still a very exciting time to be in the data quality business.

How we can help

If you do business in Europe – or have customers there – GDPR affects you too. In particular, you need to know what countries each of your customers or prospects are based in, to get started with your own compliance efforts.

Visit our GDPR solutions page for an informative solutions sheet and whitepaper report on GDPR compliance, together with details on capabilities such as our DOTS Address Detective – International product – a real-time service that employs fuzzy logic to correct or append country information for compliance purposes. Want to learn more? Contact our friendly technical team to discuss your specific GDPR compliance needs.

The Hidden Benefits of a Good Data Privacy Policy

In most areas of life, negative motivation alone will not create good results. (If you don’t believe me, ask your employees, or your teenage children – or take a look at what research has to say.) When it comes to data privacy, recent studies show very similar outcomes.

Take the European Union’s strict new GDPR data privacy regulations, which went into effect in the spring of 2018. It featured some of the stiffest penalties to date, with potential fines up to the higher of €20 million or 4% of global annual turnover. But even in the face of this kind of financial risk, at least one survey, one month before the implementation deadline, showed that only 40% of companies expected to be ready for GDPR – and only 7% were actually ready.

Benefits of Investing in Data Privacy

Figures like these are all the more interesting in light of a recent benchmarking study from Cisco that shows that businesses actually gain substantial benefits from making investments in data privacy. The report quotes Peter Lefkowitz, the 2018 Board Chairman of the International Association of Privacy Professionals (IAPP), as saying, “This research provides evidence for something Privacy professionals have long understood – that organizations are benefitting from their privacy investments beyond compliance.”

So what are the benefits of a good data privacy policy? Here are the key ones found in Cisco’s 2019 survey of over 3200 data professionals in 18 countries:

Fewer data breaches. Among companies that were ready for GDPR, 74% experienced data breaches versus 89% for those companies that were least ready.

Less impact from data breaches. GDPR-ready companies who subsequently experienced data breaches had less than half the number of records affected versus the least-ready companies. They also experienced roughly a third-less downtime as a result of these breaches, and only 37% experienced losses in excess of US $500,000 versus 64% of the least-ready.

A shorter sales cycle. Because customers expect businesses to address their own privacy concerns nowadays, respondents experienced an average sales delay of 3-9 weeks, with 87% of businesses reporting delays in selling to existing customers or prospects.

Greater customer goodwill. According to Peter Lefkowitz, this study demonstrated that strong privacy compliance “increases customer trust.”

Despite these benefits, some companies are still struggling to catch up with GDPR compliance: 37% of affected companies were still not fully ready at the time of the survey, with 9% being more than a year away. But this survey also showed substantial evidence of other good habits of data governance. For example, over a third had a relatively complete catalog of their data assets, nearly a third had a formal chief data officer, and 40% felt they were “effective in connecting different data assets together to create more value for our customers and ourselves.” These habits, in turn, appear to translate to competitive advantage and tangible bottom-line benefits.

So when it comes to data privacy, it looks like psychologists had it right all along: carrots work much better than sticks. So start looking into the many benefits of better data privacy policies in your own organization, sell these goals to your stakeholders, and then use them as a base for your own organization’s efforts. And remember, when it comes to the automated data quality tools to help make these policies work, we’re always happy to discuss your options: contact us anytime.

Blue phone icons on a screen, one lit up red

TCPA and You: A Look Ahead for 2019

If you do outbound marketing via telecommunications, the Telephone Consumer Protection Act (TCPA) has probably been part of your business agenda – particularly in recent years, as stiffer interpretations of these consumer privacy laws have led to multi-million-dollar judgments against major corporations and others. So what lies ahead for businesses in the next 12 months in terms of TCPA?

The short answer is twofold: in an era of increasing consumer privacy, TCPA isn’t going away any time soon – but as efforts to ease its impact on businesses are making their way through the courts, there is hope for less risk and more leeway in meeting the requirements of TCPA. We will continue to monitor these developments closely, as a key provider of tools for TCPA compliance, but here is a summary of what we are seeing so far.

Three key issues: equipment, consent, and third parties

In a recent video interview with text messaging vendor Tatango, TCPA attorney Ernesto Mendieta highlighted three key issues that are currently the subject of court cases:

  • the definition of automated telephone dialing systems (ATDS)
  • revocation of consent
  • the definition of co-parties.

The ATDS issue is particularly important for many businesses. TCPA prohibits unsolicited calls made via automated dialing equipment; however, a much broader definition of ATDS introduced in 2015 included equipment that could store and dial numbers without human intervention, even if these capabilities were not used. This expanded definition was struck down by an appeals court in 2018, with new FCC guidelines expected in 2019. According to law firm Eversheds Sutherland LLP, businesses are hopeful that these new guidelines will provide a much clearer standard for these devices.

Another key issue for TCPA litigation revolved around whether consumers can revoke consent for contact via ATDS if they have previously agreed to such contact under the terms of a contract. Recent legal cases have tended to rule in favor of businesses, deciding that such contracts override a consumer’s right to revoke this permission, however, case law is not unanimous and further cases are expected to shed more light on this issue in 2019.

Finally, recent court decisions such as this one involving Taco Bell point to more clear boundaries about whether businesses are liable for TCPA violations on the part of third parties promoting their products or services. Here as well, case law is expected to evolve further in 2019.

In general, many of these legal efforts spring from a backlash from businesses affected by recent stiffer interpretations of TCPA, and its fallout in terms of penalties. For example, the National Association of Federally Insured Credit Unions (NAFCU) is publicly urging the FCC to reform TCPA to “separate bad actors who are harassing consumers with unwanted and potentially harmful robocalls from good actors like credit unions contacting their members with valuable information on their existing accounts.”

A new safe harbor for changed numbers

One other major change on tap for 2019 is a new way that businesses can protect themselves against inadvertent marketing calls or texts to numbers that have changed hands. In December 2018 the FCC issued an order calling for the creation of a national database of reassigned phone numbers, for the purpose of reducing unwanted contacts to consumers with these numbers. To encourage its use by businesses, this ruling also includes a TCPA safe-harbor provision for calls to reassigned numbers when the most recent version of this database is checked first.

It is important to note that this new database will not remove the need for good contact data hygiene, particularly the verification of contact phone numbers. Contacting a bad or mistyped number can still open businesses to liability. Given the high percentage of numbers that do change each year, it is still important for the sake of data integrity to verify contact numbers both at intake and before a campaign, using tools such as Service Objects’ DOTS GeoPhone Plus 2 service. However, this new database can help mitigate what has often been a common source of liability.

Summing it all up

The essential purpose of TCPA remains unchanged: businesses still can’t spam consumers via automated telecommunications, particularly wireless devices, without their explicit permission. But there is hope for well-intentioned businesses in 2019, with prospects ranging from clearer legal requirements to better tools and safe harbor provisions for inadvertent marketing contact.

Here at Service Objects, we will continue to keep abreast of how TCPA and its enforcement continues to evolve in 2019. In the meantime, we are always happy to consult with your business to help you find cost-effective solutions for TCPA compliance – contact us anytime.

Photo of a judge's gavel in front of a Canadian

Canada’s New PIPEDA Law: What It Means for You

If you do business with customers in Canada, an important new privacy law has taken effect as of November 2018: The Personal Information Protection and Electronic Documents Act (PIPEDA). People are already starting to refer to PIPEDA as Canada’s version of GDPR, the sweeping privacy regulations implemented in May 2018 by the European Union.

There are some common denominators between PIPEDA and GDPR. Both mandate acquiring explicit customer permission for the use of personal information, as well as disclosure of how this information will be used. Both also require breach notification in cases where personal information has been compromised: in Canada’s case, notification must be made to that country’s Privacy Commissioner a well as to affected parties. Other common threads include requirements to maintain accurate and secure data, giving individuals access to their own data, and the need for a formal compliance officer.

Getting started with PIPEDA

The Canadian government has published a downloadable guide to help organizations understand and become compliant with the new PIPEDA law, entitled Privacy Toolkit: A Guide for Businesses And Organizations. It provides an overview of the law and its principles, together with descriptions of its complaint handling procedures and audit provisions.

PIPEDA compliance revolves around ten principles that businesses must follow:

1. Accountability. Comply with these principles, appoint an individual responsible for compliance, protect information handled by you and third parties, and develop policies and practices for personal information.

2. Identifying purposes. Document and inform individuals why information is being collected, before or at the time it is collected.

3. Valid, informed consent. Specify what information is being collected, used or disclosed along with its purpose, and obtain explicit consent – before collection, and again if a new use of their personal information is identified.

4. Limiting collection. Do not collect personal information indiscriminately, or deceive or mislead individuals about the reasons for collecting personal information.

5. Limiting use, disclosure, and retention. Use or disclose personal information only for the purpose for which it was collected or consented to, keep personal information only as long as necessary, and have policies for the retention and destruction of information that is no longer required.

6. Accuracy. Minimize the possibility of using incorrect information when making a decision about a person or when disclosing information to third parties.

7. Safeguards. Protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

8. Openness. Inform customers, clients and employees that you have policies and practices for the management of personal information, and make them understandable and easily available.

9. Individual access. Provide individuals with access to their personal information on file with you, along with how and to whom it has been disclosed, as well as the ability to correct or amend this information.

10. Challenging compliance. Develop simple and easily accessible complaint procedures, inform complainants of their avenues of recourse, investigate all complaints received, and take appropriate measures to correct information handling practices and policies.

Some important distinctions

While the goals of PIPEDA are very similar to those of other privacy regulations such as GDPR – and many of the same compliance strategies will apply to both markets – there are some key differences with Canada’s new regulations. Here are two of the more important ones:

A focus on mediation. Compared with other global privacy regulations, which often carry stiff financial penalties, PIPEDA is designed to enforce privacy laws through mediation where possible. However, this does not mean that the law is without teeth: both complainants and Canada’s Privacy Commissioner can apply for a Federal Court hearing and potential damage awards. In addition, specific violations such as intentional destruction of requested personal information or whistleblower retaliation may be prosecuted as offenses.

Limits on scope for employee data. Unlike GDPR, the PIPEDA law’s application to employee data only applies to federally regulated entities such as banks, airlines and shipping companies (although some provinces have stricter provincial privacy laws). For consumer data, however, PIPEDA applies to personal data from all Canadians.

Knowing the location of customers is key to PIPEDA compliance

Contact data quality is no longer an option when dealing with the Canadian market. Service Objects has been at the forefront of helping firms with their compliance efforts for data privacy regulations, including flagging the geographic location of customers and prospects, which is key to getting started with any compliance effort.

Contact us for more information about how our data quality solutions can help your business.

Saving More of Your Labor this Labor Day

Labor Day is much more than the traditional end of summer in America: it pays tribute to the efforts of working people. It dates back well over a century, with one labor leader in the 1800s describing it as a day to honor those “who from rude nature have delved and carved all the grandeur we behold.” And we aren’t forgetting our friends in Europe and elsewhere, who celebrate workers as well with holidays such as May Day.

As we celebrate work and the labor movement – and enjoy a long holiday weekend – we wanted to take a look at some of the ways that we help you save labor, as you try to carve grandeur from your organization’s data. Here are some of the more important ones:

Validation and more.

Let’s start with the big one. For nearly two decades, the main purpose of our existence has been to take the human effort out of cleaning, validating, appending, and rating the quality of your contact and lead data. Whether your needs involve marketing, customer service, compliance or fraud prevention, these tools save labor in two ways: first, by saving you and your organization from re-inventing the wheel or doing manual verification, and second, by saving you from the substantial human costs of bad data.

Ease of integration.

What is the single worst data quality solution? The one that gets implemented badly, or not at all. One of the biggest things our customers praise us for is how easy it is to implement our tools, to work almost invisibly in their environment. We offer everything from API integration and web hooks with common platforms, all the way to programming-free batch interfaces for smaller or simpler environments – backed by clear documentation, free trial licenses and expert support.

Speed and reliability.

As one customer put it, “milliseconds matter” – particularly in real-time applications where, for example, you are validating customer contact data as they are in the process of entering it. Our APIs are built for speed and reliability, with a longstanding 99.999% uptime and multiple failover servers, as well as sub-second response times for many services – so you don’t waste time tearing your hair out or troubleshooting responsiveness issues.

Better analytics.

Your contact data is a business asset – put it to work as a tool to gain business insight for faster, more informed decision-making and market targeting. You can target leads by demographics or geocoding, enhance your leads with missing phone or contact information, or leverage your customer base for better decision support, among many other applications.

Customer support.

We recently interviewed a major longtime customer about using our products, and when we asked them about support they gave us the highest compliment of all: “We never need to call you!” But those who do call know that our best-in-class support, staffed by caring, knowledgeable experts who are available 24/7/365, represents a large savings of time and effort for our clients.

We hope you enjoy this Labor Day holiday. And when you get back, contact one of our product experts for a friendly, pressure-free discussion about how we can create less labor for you and your organization!

 

Compliance and Address Insight

The golden rule of marketing has always been, “know your customer.” In today’s regulatory environment, however, it might be more accurate to say, “know your customer – or else!” Nowadays customer data – particularly in areas such as geocoding and demographic data – are often central to maintaining compliance with a wide range of regulations, in the financial world and elsewhere.

In response to this, Service Objects has just released a powerful new capability to help automate the gathering and analysis of geolocated consumer data: Address Insight – US. It provides address standardization, address geocoding and demographic information together in one real-time service, and is designed to serve a wide range of applications ranging from compliance to targeted marketing.

Examples of financial compliance issues

Let’s look at some of the areas where address insight can benefit your compliance efforts:

  • The Community Reinvestment Act (CRA) requires federally insured lending institutions to provide lending opportunities to low-to-moderate income communities – and in particular, prove that they are not “redlining” specific neighborhoods and denying them credit. One of the key performance criteria for evaluating CRA compliance is your geographic distribution of loans.
  • The Home Mortgage Disclosure Act (HMDA), enacted by Congress in 1975, requires lenders to publicly disclose data regarding their mortgage lending activities. While this is a disclosure law with no implied quotas, HMDA also serves to ensure that lenders do not contribute to the decline of specific geographic areas by failing to provide adequate mortgage financing.
  • For consumer lending in general, the Federal Financial Institutions Examination Council (FFIEC) has a set of Fair Lending Examination Procedures used to audit lenders for evidence of lending discrimination. These reviews include an analysis of geographic patterns in lending to seek evidence of “redlining” or neighborhood-based discrimination.
  • Conversely, certain real estate transactions may be subject to Geographic Targeting Orders (GTO), which are enhanced identification and record-keeping requirements imposed by the Federal Financial Crimes Enforcement Network for expensive real estate transactions in areas that are prone to money laundering activities. For example, as of 2017 transactions of $3 million or more in Manhattan or $1 million or more in parts of Florida were subject to GTOs, along with numerous other metropolitan areas.

A solution for compliance and beyond

Of course, there are numerous applications beyond compliance for geocoded address insight. For example, academic researchers can use address insight to study specific neighborhoods – for example, the University of Chicago divides the city of Chicago into 75 defined communities that correlate with tract information, and can be used as study variables. And of course, the combination of location insight and demographic data can be a very powerful tool for market targeting.

For compliance applications, Service Objects’ Address Insight – US provides data such as MSA code, state code, county code (FIPS), and tract number for addresses for FFIEC compliance. It also includes all the benefits of Service Objects’ flagship address validation and standardization capabilities, as well as appended demographic information such as household values and incomes by ZIP code.

As with all Service Objects services, Address Insight – US is available through APIs that can be interfaced directly to most contact data automation platforms, as well as convenient batch list processing for smaller applications or specific datasets. Contact us for a free 500-transaction trial key, and see what this new tool can do for you!

How Location Intelligence Benefits Your Business

What is location intelligence, or LI for short? According to geomarketing firm Carto, it is the process of transforming location data into business outcomes. Today LI has become a very hot field, with projected revenues of over US $16 billion by 2021.

You probably use location intelligence in your business already, perhaps without even knowing it. If you sell to specific geographic markets, have seasonal variations in your sales patterns, or market to a targeted demographic, location data is probably part of your marketing mix. This is how we avoid pitching winter coats to people in Hawaii, or selling farming tools on Wall Street. But its applications now go far beyond marketing, into nearly every aspect of modern commerce.

How Location Intelligence works

Today’s LI works by marrying the benefits of geocoding and big data. It turns address data into exact latitude and longitude coordinates that frame information such as its census tract and usage, which in turn can be linked with associated data such as demographics, zoning, or spending patterns.

In much the same way that CRM provides you with a wealth of customer-based insight, LI can add the power of this accumulated location-based data to your business decisions. Here are some examples:

Compliance: Geospatial data can form an integral part of documenting compliance with regulations targeted at specific demographics or geographic areas. For example, the banking industry’s Community Reinvestment Act (CRA) and Equal Credit Opportunity Act (ECOA) requires lenders to support the needs of lower and middle-income borrowers as well as avoid discriminatory lending practices. And in another example, one of New York State’s largest cable providers was recently ordered to leave the state over charges of breaking commitments to roll out broadband services to rural areas.

Fraud prevention: Your bank receives a loan application from a new customer with a swanky business park address – which actually turns out to be an abandoned industrial area. Or the loan proceeds are being spent in areas of high drug trafficking or known financial crime. According to fintech expert Kenneth Goodwin, these are just two examples of how location intelligence can prevent or investigate financial fraud.

Targeted marketing: Once upon a time, companies decided where to place a billboard based on counting how many cars drove by. Today, according to ESRI’s Marianna Kantor, the out-of-home (OOH) advertising market – encompassing everything from news kiosks to municipal buses – can tap into a rich array of anonymized financial and demographic data, fed by everything from GPS data to smartphone use. At a broader level, location intelligence promises to vastly improve the granularity with which marketers can target their efforts using any channel.

Location-based offers: Suppose you walk into a ballpark, and a text message pops up on your phone offering discounts on a seat upgrade or in-game video highlights. This isn’t science fiction: it’s happening today with real-time applications such as Major League Baseball’s Ballpark smartphone app, which links ticket purchases and geospatial data to customize the live baseball experience. In the future, the potential to customize location-based customer experiences is nearly unlimited.

Putting Location Intelligence at your fingertips

Want to quickly add the power of location intelligence to your contact data processing? Service Objects offers capabilities such as Address Geocoding, which turns US or Canadian addresses into geolocation coordinates and associated data including census tract, county and block codes, and proximity to water, as well as our GeoPhone and GeoPhone Plus services that work from your telephone contact data. Use them as standalone services, or link them with other address-based data tools such as block-level demographics for a broader picture.

Any of these tools can be integrated directly into your marketing or CRM platform via a real-time API, or via a convenient batch interface for smaller applications. And you can try them out for free right now on our website, with no registration required.