Does your business have a data privacy policy in place?

If the answer is “not yet,” my next question is whether you do business with customers in California – because that state’s strict new consumer privacy laws take effect on January 1, 2020. The California Consumer Protection Act (CCPA), which particularly applies to larger firms as well as firms that sell personal consumer data, is part of a growing trend in consumer privacy legislation worldwide.

This article will take a look at why data privacy policies are not just a must for regulatory compliance, particularly with new legislation coming online, but also good business.

Why you need a data privacy policy

The latest wave of consumer privacy regulations is part of a global trend putting customers back in control of their data and giving them more of a say in efforts to market to them. One of the most public examples recently has been the European Union’s General Data Protection Regulation (GDPR): It has strict requirements for opting-in to marketing communications, allowing people to manage their marketing preferences, and even giving consumers the right to be digitally “forgotten” if requested. Backed by stiff fines that can total as much as 4% of annual turnover, it affects companies of any size that market to EU consumers.

According to a recent Capgemini report, laws such as these are proliferating worldwide, with regulations pending or in effect on every continent, and draft privacy legislation in the works for at least 10 US states. In addition, Washington state has even proposed its own GDPR-style legislation.

Sadly, companies are still behind the curve in adapting to this new landscape. Capgemini notes that less than a third of organizations were fully GDPR-compliant as of June 2019, with some market sectors such as insurance, telecom and government services falling below a 25% compliance rate. Closer to home, nearly a third of firms are claiming they will only be partially compliant with CCPA by its 2020 implementation. And in the latter case, these firms cite factors including legacy IT systems, unclear guidance and getting employees on board as major factors.

From a data quality standpoint, this means that having clean, validated contact data from a central source isn’t just nice to have – it is increasingly becoming a requirement. When a customer opts out at any touch point, for example, every stakeholder in your organization needs to know this. And the cost of bad or misdirected customer contact data now includes potential regulatory fines as well as increased business costs. This means that a data privacy policy, as part of a larger data governance framework, must replace silos of contact information and unclear boundaries for data quality responsibilities.

Why you want a data privacy policy

For years, we have been making the case that better control of data privacy – including a process for ensuring data quality at each phase of data acquisition and usage – makes good business sense, for reasons that go far beyond fear of compliance penalties. Here are just a few of the reasons why:

• Better customer engagement. When your marketing and customer communications are targeted to people who want to hear from you, and welcome your message, you are building an engaged community with better ROI compared with traditional “spray and pray” marketing.
• A single 360-degree view of the customer. The single customer view (SCV) movement has gained steam over the years, particularly with the growth of multi-channel support and marketing. Company-wide data privacy policies are a foundation for successful SCV implementations.
• Brand reputation. When you play “gotcha” by tricking consumers into opting in to marketing communications, don’t give them control over their preferences, or worse, market with dirty data, you not only run afoul of data privacy laws – you brand yourselves as pests in a world that likes interruptive marketing tactics less and less. A recent GlobalWebIndex article describes this as a “Data-Driven Trust Deficit” affecting your brand image.
• Improved performance. In perhaps the most important reason of all for data privacy, Capgemini notes that firms that are fully GDPR compliant have better revenue performance, customer satisfaction and even employee morale. Correlation isn’t necessarily causation, but there is a clear and quantifiable relationship between good data governance and better outcomes.

The rise of the new consumer

Most industry observers will say that data privacy policies are increasingly becoming a requirement, on the heels of a growing regulatory compliance burden for data managers. We would take this view a step further – these policies can also be a competitive differentiator and even a strategic foundation for revenue growth. Compliance is important – and growing in importance – but it is only part of the picture nowadays.

So don’t just react to the threat of compliance penalties – think through the advantages of an engaged community of prospects and customers. Then quantify these advantages and let them inform the development of your data protection, privacy and governance policies. The end result will be an organization that knows and interacts with its contacts much better than its competitors do.

Your contact data assets represent the lifeblood of your company. Your organization probably has procedures in place to secure this data. But what about the third-party vendors you work with?

Some vendors – particularly email validation providers – have terms in their master service agreements (MSA) allowing them to store the data you send them. And, in some cases, use this data for their own “research” purposes. This article discusses why we feel this is a bad idea, and why you should be careful about who accesses your data.

The problem with third-party data storage

In an ideal world, any company that processes your most sensitive data should offer you a gold-plated guarantee that it will never fall into the wrong hands. Unfortunately, it doesn’t always work that way in practice. Here are some sobering facts:

• There have been numerous well-publicized breaches of customer data involving vendors and contractors, such as the recent exposure of over 1.3 million customer records by a Walmart vendor, the infamous Target payment card breach of 40 million customers in 2014, and many more.
• According to a 2018 study by the Ponemon Institute, 59% of companies surveyed experienced a data breach caused by a third party, and three-quarters of respondents feel that these incidents are on the rise.
• Third-party data storage has even been a problem in security-critical environments like health care, with regulatory burdens such as HIPAA compliance. In 2018 an estimated 20% of health care data breaches were due to third-party vendors, including some of the largest breaches, with problems ranging from lax procedures to attacks by insiders.

These concerns are compounded when you work with vendors who retain and store your data beyond its original business purpose. Unfortunately, terms allowing for the storage and subsequent usage of this data are often buried in the fine print of service agreements, leaving its security in the hands of the vendor. This can potentially open you up to risks that fall outside the reach of your own data security policies and procedures.

We don’t store your data

Of course, one of the best ways to safeguard your data is to work with a vendor who won’t store it in the first place – like Service Objects. We never store customer data, and security and privacy are among our highest concerns.

When you use one of our real-time products for contact data validation, we process each record you send us against continuously updated databases such as USPS and Canada Post address data, known problem email addresses, and over 400 million phone listings, together with other proprietary resources. And once we return these validation results to you, the original data is discarded.

We invite you to learn more about our own bank-grade security procedures, including secured 24/7/365 data centers, encryption of sensitive information, and hardened servers with multi-layer perimeter security. And, of course, a policy that no copies of your real-time data nor your responses are stored.

As we approach three and a half billion transactions validated, with a track record stretching back to our founding in 2001, we feel that data security policies are extremely important. This is why leading companies like Amazon.com, Microsoft, and most major credit card providers trust us with their data. Firms like these scrutinize contract terms involving access to their data, and you should too.

In a world of big data, information for sale, and people oversharing on social media, this past decade has lulled many marketers into believing in a post-privacy era of virtually unfettered access to consumer and prospect data.

Even consumers themselves share this perception: according to an Accenture survey, 80% of consumers between the ages of 20 and 40 feel that total digital privacy is a thing of the past. But today this Wild West scenario is becoming increasingly regulated, with growing constraints on the acquisition and use of people’s personal data. Directives such as the European Union’s GDPR and ePrivacy regulations, along with other initiatives around the globe, are ushering in a new landscape of privacy protections.

Much has been written about how to comply with these new regulations and avoid penalties, on this blog and elsewhere. But this new environment is also a marketing opportunity for savvy organizations. Here, we examine some specific ways you can position yourself to grow in a changing world of privacy.

Leverage data quality with these five key marketing strategies

Be transparent. In their 2018 State of the Connected Customer survey, Salesforce.com found that 86% of customers would be more likely to trust companies with their information if they explain how it will provide them with a better experience.

Offer value. The Accenture survey mentioned above notes that over 60% of customers feel that getting relevant offers is more important than keeping their online activity private, with nearly half saying that they would not mind companies tracking their buying behavior if this led to more relevant offers.

Give customers what they want. According to European CRM firm SuperOffice, the post-GDPR world represents an opportunity to create segmented customer lists, through techniques such as separate website pop-ups for different areas of interest and content marketing via social media.

Look at the entire customer life cycle. Many firms offer a one-time free incentive, such as a report or webinar, in exchange for contact data and marketing permission. However, this can lead to fraudulent information being offered to get the goodie (we can help with that), or even a real but never-checked “wastebasket” email address. Instead, consider offering a regular stream of high-value information that keeps customers connected with your brand.

Change your perspective. This is perhaps the most important strategy of all: start looking at your customers as partners instead of prospects. Recent regulations are, at their root, a response to interruptive marketing strategies that revolve around bugging the many to sell to the few. Instead, focus on cultivating high-value client relationships with people who want products and services you offer.

More consumer privacy can be a good thing

Whether businesses are ready or not, they are increasingly facing a world of marketing to smaller prospect lists of people who choose to hear from them for specific purposes, starting with Europe and spreading elsewhere. But this can be a good thing, and indeed a market opportunity. By changing your selling focus from a numbers game to one of deeper and mutually beneficial customer relationships, you can potentially gain more loyal customers and lower marketing expenses. In the process, this new era of consumer privacy could possibly end up being one of the best things that happen to your business.

Protecting your customers’ privacy and creating a mutually beneficial relationship starts with having the most genuine, accurate and up-to-date data for your contacts.  Download our white paper, Marketing with Bad Contact Data, to learn more about how quickly customer data ages and the impact on your business.