Posts Tagged ‘data compliance’

Accurate Contact Data and Compliance

If you are a data professional, the word “compliance” has become a bigger part of your vocabulary than ever lately. Data privacy laws have proliferated in recent years, risks and potential penalties for violations have increased, and customers and prospects are more aware of their rights than ever.

These laws all have one thing in common: the need for accurate contact data. In this article, I would like to give you an overview of why validating your contact data assets, at the time of data entry and prior to contact campaigns, is the single most important best practice you can implement to mitigate these compliance risks. Let’s look at three of the biggest compliance areas today:

1. Marketing permission

We are increasingly part of an opt-in world, where unwanted marketing contact is often heavily penalized. The wrong email address can run afoul of the CAN-SPAM Act, bad contact data can violate the strict opt-in provisions of GDPR, and texting to a cell phone that has changed hands violates the US Telephone Consumer Protection Act (TCPA).

Few companies intentionally set out to violate laws like these. Instead, violations often occur organically as a result of data quality issues. Bad data comes into your system at the point of entry, contact data changes over time, and existing contacts change roles. Avoiding these preventable risks is one reason why a proactive approach for having clean contact data is central.

2. Breach notification

Something goes wrong. Your customers’ data falls into the wrong hands. How quickly could you notify each of these customers about what happened?

In the aftermath of recent data privacy laws, ranging from the European Union’s GDPR regulation to the Federal HIPAA act for electronic health care data, breach notification has become a key compliance concern for data professionals worldwide. According to this article, such data breaches represent one of the most likely sources of legal exposure, from both individuals and data protection authorities. And breaches themselves have proliferated to the extent that one source even features an “incident of the week.”

This is one area where accuracy AND responsiveness matter from a compliance standpoint. In the former case, risks include failure to notify affected individuals as well as liability for being out of compliance. In the latter case, speed of response is increasingly becoming a matter of law: for example, GDPR requires businesses to “communicate high-risk breaches to affected data subjects without undue delay.” Both cases require rapid access to accurate, up-to-date contact data.

3. Communications with customers

This article from Forbes Magazine points out that an effective data privacy framework starts with a dialogue with your customers. Building trust – and preventing regulatory complaints – requires having accurate channels for communicating your policies and responding to customer feedback.

Mitigating your compliance risks

Having accurate contact data plays an essential role in compliance. Data privacy regulations have proliferated around the globe, and hundreds of regulations exist today. However, achieving compliance is just the start; to be competitive nowadays, accurate data quality and transparent communications channels need to become part of your brand to customers and prospects.

Our data quality solutions help you meet these challenges. We ensure your business has the most genuine, accurate and up-to-date data for your customers, giving you the ability to communicate with your contacts when it matters most. When compliance questions come up or audits happen, be sure your organization is prepared.

Blue phone icons on a screen, one lit up red

TCPA and You: A Look Ahead for 2019

If you do outbound marketing via telecommunications, the Telephone Consumer Protection Act (TCPA) has probably been part of your business agenda – particularly in recent years, as stiffer interpretations of these consumer privacy laws have led to multi-million-dollar judgments against major corporations and others. So what lies ahead for businesses in the next 12 months in terms of TCPA?

The short answer is twofold: in an era of increasing consumer privacy, TCPA isn’t going away any time soon – but as efforts to ease its impact on businesses are making their way through the courts, there is hope for less risk and more leeway in meeting the requirements of TCPA. We will continue to monitor these developments closely, as a key provider of tools for TCPA compliance, but here is a summary of what we are seeing so far.

Three key issues: equipment, consent, and third parties

In a recent video interview with text messaging vendor Tatango, TCPA attorney Ernesto Mendieta highlighted three key issues that are currently the subject of court cases:

  • the definition of automated telephone dialing systems (ATDS)
  • revocation of consent
  • the definition of co-parties.

The ATDS issue is particularly important for many businesses. TCPA prohibits unsolicited calls made via automated dialing equipment; however, a much broader definition of ATDS introduced in 2015 included equipment that could store and dial numbers without human intervention, even if these capabilities were not used. This expanded definition was struck down by an appeals court in 2018, with new FCC guidelines expected in 2019. According to law firm Eversheds Sutherland LLP, businesses are hopeful that these new guidelines will provide a much clearer standard for these devices.

Another key issue for TCPA litigation revolved around whether consumers can revoke consent for contact via ATDS if they have previously agreed to such contact under the terms of a contract. Recent legal cases have tended to rule in favor of businesses, deciding that such contracts override a consumer’s right to revoke this permission, however, case law is not unanimous and further cases are expected to shed more light on this issue in 2019.

Finally, recent court decisions such as this one involving Taco Bell point to more clear boundaries about whether businesses are liable for TCPA violations on the part of third parties promoting their products or services. Here as well, case law is expected to evolve further in 2019.

In general, many of these legal efforts spring from a backlash from businesses affected by recent stiffer interpretations of TCPA, and its fallout in terms of penalties. For example, the National Association of Federally Insured Credit Unions (NAFCU) is publicly urging the FCC to reform TCPA to “separate bad actors who are harassing consumers with unwanted and potentially harmful robocalls from good actors like credit unions contacting their members with valuable information on their existing accounts.”

A new safe harbor for changed numbers

One other major change on tap for 2019 is a new way that businesses can protect themselves against inadvertent marketing calls or texts to numbers that have changed hands. In December 2018 the FCC issued an order calling for the creation of a national database of reassigned phone numbers, for the purpose of reducing unwanted contacts to consumers with these numbers. To encourage its use by businesses, this ruling also includes a TCPA safe-harbor provision for calls to reassigned numbers when the most recent version of this database is checked first.

It is important to note that this new database will not remove the need for good contact data hygiene, particularly the verification of contact phone numbers. Contacting a bad or mistyped number can still open businesses to liability. Given the high percentage of numbers that do change each year, it is still important for the sake of data integrity to verify contact numbers both at intake and before a campaign, using tools such as Service Objects’ DOTS GeoPhone Plus 2 service. However, this new database can help mitigate what has often been a common source of liability.

Summing it all up

The essential purpose of TCPA remains unchanged: businesses still can’t spam consumers via automated telecommunications, particularly wireless devices, without their explicit permission. But there is hope for well-intentioned businesses in 2019, with prospects ranging from clearer legal requirements to better tools and safe harbor provisions for inadvertent marketing contact.

Here at Service Objects, we will continue to keep abreast of how TCPA and its enforcement continues to evolve in 2019. In the meantime, we are always happy to consult with your business to help you find cost-effective solutions for TCPA compliance – contact us anytime.

The Growing and Changing Role of the Chief Data Officer

Once upon a time data was just … data. Today it has become a strategic asset for most organizations, underpinning areas such as market analysis, strategic planning, product targeting and segmentation, and much more. The Economist goes so far as to declare data the world’s most valuable resource, much like oil was a century ago. As a result, organizations are increasingly making its oversight part of their executive suites.

Among C-level executives, the Chief Data Officer (CDO) is still the new kid on the block. As recently as 2012 NewVantage Partners found that only 12% of Fortune 1000 firms surveyed had a formal CDO role, while today this figure has risen to over 63%. And by 2019 this figure is expected to rise to 90%, according to this article from Visual Capitalist.

The Chief Data Officer of 2018: Rapid growth and role confusion

Figures from Visual Capitalist paint a striking picture of how quickly the CDO role has grown in larger organizations:

  • The vast majority (83%) have a tenure of less than three years.
  • Their budgets have increased by 23% in 2017 alone.
  • Their numbers in large organizations have increased from 15 in 2010 to over 4000 in 2017.

On the other hand, like any new function where management roles are scrambling to catch up with technology, the exact functions of a CDO are still evolving. Here are some enlightening statistics from the latest NewVantage survey:

  • Change agent or company man? Respondents are split on this, with roughly one-third believing that the CDO should be a change agent from the outside, and another third feeling that he or she should be a company veteran and insider who understands the culture.
  • Only 39.4% of companies view the CDO as having primary responsibility for data strategy and results. The rest point to other executive functions for this, with 23.9% even acknowledging no single point of accountability.
  • Respondents are evenly split 50/50 on the question of whether a CDO should sit on a company’s executive committee, with 22.6% believing this person must be a data scientist or technologist, and half as many (11.3%) feeling this person must have business line experience in generating revenue.
  • There is still a very clear split on how people see a CDO’s responsibilities, between either developing a company’s data and analytics strategy (44.4%), coordinating data initiatives (26.7%), or leading them (20%). However, over 90% believe that the CDO should play a leadership role in these initiatives.

Looking to the longer term, while 12.9% of people feel that the CDO’s role should be temporary or even unnecessary, trends seem to indicate otherwise – particularly in Europe, where the recently-implemented General Data Protection Regulation (GDPR) mandates the creation of a formal Data Protection Officer for all public sector firms, as well as private ones with significant responsibility for handling large-scale private or sensitive consumer data. And this mandate is backed up with potential fines as high as €10 million euros or 2 percent of annual turnover.

The future of the CDO: From data quality to revenue?

Perhaps the most interesting trend to watch from here might be whether CDOs become entrusted with more revenue responsibility. Currently, only 2.2% see this as their primary responsibility, according to NewVantage CEO Randy Bean in Forbes. But analogous to how customer support has evolved from being the “complaint department” to becoming the strategic voice of the customer, particularly in the CRM era, we share a growing view that the strategic and revenue roles of managing data will continue to increase. Today’s CDO may focus on policies, procedures and data quality, while tomorrow’s may also be tasked with mining more profitability from these assets.

In the meantime, data has clearly found its way into the executive suite. Every indication so far is that it is here to stay. And for us at Service Objects, it has been a very exciting time indeed to be in the data quality business.