Posts Tagged ‘Data Privacy’

The Hidden Benefits of a Good Data Privacy Policy

In most areas of life, negative motivation alone will not create good results. (If you don’t believe me, ask your employees, or your teenage children – or take a look at what research has to say.) When it comes to data privacy, recent studies show very similar outcomes.

Take the European Union’s strict new GDPR data privacy regulations, which went into effect in the spring of 2018. It featured some of the stiffest penalties to date, with potential fines up to the higher of €20 million or 4% of global annual turnover. But even in the face of this kind of financial risk, at least one survey, one month before the implementation deadline, showed that only 40% of companies expected to be ready for GDPR – and only 7% were actually ready.

Benefits of Investing in Data Privacy

Figures like these are all the more interesting in light of a recent benchmarking study from Cisco that shows that businesses actually gain substantial benefits from making investments in data privacy. The report quotes Peter Lefkowitz, the 2018 Board Chairman of the International Association of Privacy Professionals (IAPP), as saying, “This research provides evidence for something Privacy professionals have long understood – that organizations are benefitting from their privacy investments beyond compliance.”

So what are the benefits of a good data privacy policy? Here are the key ones found in Cisco’s 2019 survey of over 3200 data professionals in 18 countries:

Fewer data breaches. Among companies that were ready for GDPR, 74% experienced data breaches versus 89% for those companies that were least ready.

Less impact from data breaches. GDPR-ready companies who subsequently experienced data breaches had less than half the number of records affected versus the least-ready companies. They also experienced roughly a third-less downtime as a result of these breaches, and only 37% experienced losses in excess of US $500,000 versus 64% of the least-ready.

A shorter sales cycle. Because customers expect businesses to address their own privacy concerns nowadays, respondents experienced an average sales delay of 3-9 weeks, with 87% of businesses reporting delays in selling to existing customers or prospects.

Greater customer goodwill. According to Peter Lefkowitz, this study demonstrated that strong privacy compliance “increases customer trust.”

Despite these benefits, some companies are still struggling to catch up with GDPR compliance: 37% of affected companies were still not fully ready at the time of the survey, with 9% being more than a year away. But this survey also showed substantial evidence of other good habits of data governance. For example, over a third had a relatively complete catalog of their data assets, nearly a third had a formal chief data officer, and 40% felt they were “effective in connecting different data assets together to create more value for our customers and ourselves.” These habits, in turn, appear to translate to competitive advantage and tangible bottom-line benefits.

So when it comes to data privacy, it looks like psychologists had it right all along: carrots work much better than sticks. So start looking into the many benefits of better data privacy policies in your own organization, sell these goals to your stakeholders, and then use them as a base for your own organization’s efforts. And remember, when it comes to the automated data quality tools to help make these policies work, we’re always happy to discuss your options: contact us anytime.

Privacy concept: text PRIVACY over background of cityscape at night

Data Privacy and Security: The Next Big Thing for the US?

Unless you’ve been living under a rock for the past couple of years, you know that data privacy and security laws have become a big thing worldwide. Between Europe’s GDPR regulation, Canada’s PIPEDA laws and others, consumer’s rights over their own personal data became one of biggest issues of 2018 for CIOs and CDOs who do business internationally. But what about here in the United States?

Now we have some numbers behind public opinions on this issue, thanks to a recent survey from software giant SAS. The results show that many of the same concerns that led to regulations such as GDPR are top-of-mind among Americans, and should inform the way data professionals look at their contact data assets in 2019 and beyond.

What the survey says

In July 2018, SAS surveyed over 500 adult US consumers from a variety of socioeconomic levels about their opinions on data privacy. Here are some of the key conclusions from this survey:

People are concerned. Nearly three-quarters of respondents are more concerned about data privacy than they were a few years ago, with more than two-thirds also feeling their data is less secure. The biggest areas of concern? Identity theft, fraud, and personal data being used or sold without consent.

They want more regulation. 67% of respondents felt that government should do more to protect data privacy, while fully 83% would like the right to tell an organization not to share or sell their personal information. A large majority would also like the right to know how their data is being used, and to whom it is being sold.

Consumers are more savvy about privacy. Roughly two-thirds of respondents (66 percent) acknowledge that primary responsibility for their data security rests with them, and a majority are able do things like changing privacy settings. Notably, close to a third of people have reduced their social media usage and online shopping over these concerns.

Trust must be earned. Trust in organizations for keeping personal data secure vary widely, from highs of 46-47% for healthcare and banking organizations to roughly 15% for travel companies and social media.

Age matters. Older consumers value privacy more than young ones and are least willing to provide personal information in return for something (36% for Baby Boomers versus 45% for Millennials). However, this does not mean that young consumers live in a post-privacy world, with 66% of Millennials expressing concern over the security of their personal data.

What this means for data privacy – and for you

One important take-away from this study is that, whether or not we have a US version of GDPR some day – a direction favored by these survey results – the trend is clearly toward increasing consumer concerns over data privacy and security over time. This means that data professionals need to prepare for the very real possibility of increased regulation and compliance issues on the horizon.

These survey results also mean that even in the absence of regulation, your organization’s data policies can have a very real and tangible impact on brand image and consumer trust, which in turn affect your bottom line. The fact that some people are reducing their social media use and online shopping, for example, should be a warning for everyone to start paying more attention to data privacy and security concerns.

Finally, these results are another sign that more than ever, businesses need to get serious about contact data quality in 2019. Tools from Service Objects such as address, email and phone validation can help ensure that your contact data assets are accurate, and prevent unsolicited marketing contacts to mistaken or bogus entities – and in the process, give you higher quality leads and contacts.

Want to learn more? Contact us to speak with one of our knowledgeable product experts about improving your data quality in the new year.

Photo of a judge's gavel in front of a Canadian

Canada’s New PIPEDA Law: What It Means for You

If you do business with customers in Canada, an important new privacy law has taken effect as of November 2018: The Personal Information Protection and Electronic Documents Act (PIPEDA). People are already starting to refer to PIPEDA as Canada’s version of GDPR, the sweeping privacy regulations implemented in May 2018 by the European Union.

There are some common denominators between PIPEDA and GDPR. Both mandate acquiring explicit customer permission for the use of personal information, as well as disclosure of how this information will be used. Both also require breach notification in cases where personal information has been compromised: in Canada’s case, notification must be made to that country’s Privacy Commissioner a well as to affected parties. Other common threads include requirements to maintain accurate and secure data, giving individuals access to their own data, and the need for a formal compliance officer.

Getting started with PIPEDA

The Canadian government has published a downloadable guide to help organizations understand and become compliant with the new PIPEDA law, entitled Privacy Toolkit: A Guide for Businesses And Organizations. It provides an overview of the law and its principles, together with descriptions of its complaint handling procedures and audit provisions.

PIPEDA compliance revolves around ten principles that businesses must follow:

1. Accountability. Comply with these principles, appoint an individual responsible for compliance, protect information handled by you and third parties, and develop policies and practices for personal information.

2. Identifying purposes. Document and inform individuals why information is being collected, before or at the time it is collected.

3. Valid, informed consent. Specify what information is being collected, used or disclosed along with its purpose, and obtain explicit consent – before collection, and again if a new use of their personal information is identified.

4. Limiting collection. Do not collect personal information indiscriminately, or deceive or mislead individuals about the reasons for collecting personal information.

5. Limiting use, disclosure, and retention. Use or disclose personal information only for the purpose for which it was collected or consented to, keep personal information only as long as necessary, and have policies for the retention and destruction of information that is no longer required.

6. Accuracy. Minimize the possibility of using incorrect information when making a decision about a person or when disclosing information to third parties.

7. Safeguards. Protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

8. Openness. Inform customers, clients and employees that you have policies and practices for the management of personal information, and make them understandable and easily available.

9. Individual access. Provide individuals with access to their personal information on file with you, along with how and to whom it has been disclosed, as well as the ability to correct or amend this information.

10. Challenging compliance. Develop simple and easily accessible complaint procedures, inform complainants of their avenues of recourse, investigate all complaints received, and take appropriate measures to correct information handling practices and policies.

Some important distinctions

While the goals of PIPEDA are very similar to those of other privacy regulations such as GDPR – and many of the same compliance strategies will apply to both markets – there are some key differences with Canada’s new regulations. Here are two of the more important ones:

A focus on mediation. Compared with other global privacy regulations, which often carry stiff financial penalties, PIPEDA is designed to enforce privacy laws through mediation where possible. However, this does not mean that the law is without teeth: both complainants and Canada’s Privacy Commissioner can apply for a Federal Court hearing and potential damage awards. In addition, specific violations such as intentional destruction of requested personal information or whistleblower retaliation may be prosecuted as offenses.

Limits on scope for employee data. Unlike GDPR, the PIPEDA law’s application to employee data only applies to federally regulated entities such as banks, airlines and shipping companies (although some provinces have stricter provincial privacy laws). For consumer data, however, PIPEDA applies to personal data from all Canadians.

Knowing the location of customers is key to PIPEDA compliance

Contact data quality is no longer an option when dealing with the Canadian market. Service Objects has been at the forefront of helping firms with their compliance efforts for data privacy regulations, including flagging the geographic location of customers and prospects, which is key to getting started with any compliance effort.

Contact us for more information about how our data quality solutions can help your business.

The Growing and Changing Role of the Chief Data Officer

Once upon a time data was just … data. Today it has become a strategic asset for most organizations, underpinning areas such as market analysis, strategic planning, product targeting and segmentation, and much more. The Economist goes so far as to declare data the world’s most valuable resource, much like oil was a century ago. As a result, organizations are increasingly making its oversight part of their executive suites.

Among C-level executives, the Chief Data Officer (CDO) is still the new kid on the block. As recently as 2012 NewVantage Partners found that only 12% of Fortune 1000 firms surveyed had a formal CDO role, while today this figure has risen to over 63%. And by 2019 this figure is expected to rise to 90%, according to this article from Visual Capitalist.

The Chief Data Officer of 2018: Rapid growth and role confusion

Figures from Visual Capitalist paint a striking picture of how quickly the CDO role has grown in larger organizations:

  • The vast majority (83%) have a tenure of less than three years.
  • Their budgets have increased by 23% in 2017 alone.
  • Their numbers in large organizations have increased from 15 in 2010 to over 4000 in 2017.

On the other hand, like any new function where management roles are scrambling to catch up with technology, the exact functions of a CDO are still evolving. Here are some enlightening statistics from the latest NewVantage survey:

  • Change agent or company man? Respondents are split on this, with roughly one-third believing that the CDO should be a change agent from the outside, and another third feeling that he or she should be a company veteran and insider who understands the culture.
  • Only 39.4% of companies view the CDO as having primary responsibility for data strategy and results. The rest point to other executive functions for this, with 23.9% even acknowledging no single point of accountability.
  • Respondents are evenly split 50/50 on the question of whether a CDO should sit on a company’s executive committee, with 22.6% believing this person must be a data scientist or technologist, and half as many (11.3%) feeling this person must have business line experience in generating revenue.
  • There is still a very clear split on how people see a CDO’s responsibilities, between either developing a company’s data and analytics strategy (44.4%), coordinating data initiatives (26.7%), or leading them (20%). However, over 90% believe that the CDO should play a leadership role in these initiatives.

Looking to the longer term, while 12.9% of people feel that the CDO’s role should be temporary or even unnecessary, trends seem to indicate otherwise – particularly in Europe, where the recently-implemented General Data Protection Regulation (GDPR) mandates the creation of a formal Data Protection Officer for all public sector firms, as well as private ones with significant responsibility for handling large-scale private or sensitive consumer data. And this mandate is backed up with potential fines as high as €10 million euros or 2 percent of annual turnover.

The future of the CDO: From data quality to revenue?

Perhaps the most interesting trend to watch from here might be whether CDOs become entrusted with more revenue responsibility. Currently, only 2.2% see this as their primary responsibility, according to NewVantage CEO Randy Bean in Forbes. But analogous to how customer support has evolved from being the “complaint department” to becoming the strategic voice of the customer, particularly in the CRM era, we share a growing view that the strategic and revenue roles of managing data will continue to increase. Today’s CDO may focus on policies, procedures and data quality, while tomorrow’s may also be tasked with mining more profitability from these assets.

In the meantime, data has clearly found its way into the executive suite. Every indication so far is that it is here to stay. And for us at Service Objects, it has been a very exciting time indeed to be in the data quality business.

 

data privacy laws

A New Data Privacy Challenge for Europe – and Beyond

New privacy regulations in Europe have recently become a very hot topic again within the business community. And no, we aren’t talking about the recent GDPR law.

A new privacy initiative, known as the ePrivacy Regulation, deals with electronic communications. Technically a revision to the EU’s existing ePrivacy Directive or “cookie law,” and pending review by the European Union’s member states, it could go into effect as early as this year. And according the New York Times, it is facing strong opposition from many technology giants including Google, Facebook, Microsoft and others.

Data privacy meets the app generation

Among other things, the new ePrivacy Regulation requires explicit permission from consumers for applications to use tracking codes or collect data about their private communications, particularly through messaging services such as Skype, iMessage, games and dating apps.  Companies will have to disclose up front how they plan to use this personal data, and perhaps more importantly, must offer the same access to services whether permission is granted or not.

Ironically this new law will also remove the previous directive’s need for the incessant “cookie notices” consumers now receive, by using browser tracking settings, while tightening the use of private data. This will be a mixed blessing for online services, because a simple default browser setting can now lock out the use of tracking cookies that many consumers routinely approved under the old pop-up notices. As part of its opposition to these new rules, trade groups are painting a picture of slashed revenues, fewer free services and curbs on innovation for trends such as the Internet of Things (IoT).

A longstanding saying about online services is that “when something is free, you are the product,” and this new initiative is one of the more visible efforts for consumers to push back and take control of the use of their information. And Europe isn’t alone in this kind of initiative – for example, the new California Consumer Privacy Act, slated for the late 2018 ballot, will also require companies to provide clear opt-out instructions for consumers who do not wish their data to be shared or sold.

The future: more than just European privacy laws

So what does this mean for you and your business? No one can precisely foretell the future of these regulations and others, but the trend over time is clear: consumer privacy legislation will continue to get tighter and tighter. And the days of unfettered access to the personal data of your customers and prospects are increasingly coming to an end. This means that data quality standards will continue to loom larger than ever for businesses, ranging from stricter process controls to maintaining accurate consumer contact information.

We frankly have always seen this trend as an opportunity. As with GDPR, regulations such as these have sprung from past excesses the lie at the intersection of interruptive marketing, big data and the loss of consumer privacy. Consumers are tired of endless spam and corporations knowing their every move, and legislators are responding. But more important, we believe these moves will ultimately lead businesses to offer more value and authenticity to their customers in return for a marketing relationship.

Around the World with Data Privacy Laws

If you work with data, you have certainly heard by now about GDPR: the new European Union laws surrounding consumer data privacy that went into effect May 25, 2018. But how about PIPEDA, NDB, APPI, CCPA, and SHIELD?

These acronyms represent data privacy regulations in other countries (in these cases for Canada, Australia, Japan, California and New York respectively). Many are new or recently expanded, and all are examples of how your legal responsibilities to customers don’t stop with GDPR. More importantly, they represent an opportunity for you and your business to use data quality and 21st century marketing practices to differentiate yourself from your competition.

Data Protection and Privacy Laws Are Becoming Increasingly Popular

Let’s discuss some of these new regulations. According to authentication vendor Auth0, there are a wide range of reasons for their recent proliferation. First, the rollout of GDPR has implications for other countries, including whether their personal data can flow into the EU – meaning that their data quality and protection regulations must align sufficiently with EU rules to be “whitelisted” by them. New laws now being adopted by other countries address issues such as breach notification, the use of genetic and biometric data, and the rights of individuals to stop their data from being sold.

Moreover, data privacy and security doesn’t stop with Europe and GDPR. Other countries are now starting to explore the rights of consumers in this new era of online information gathering and big data. For example, Japan and other countries now have additional regulations surrounding the use of personal information codes to identify data records, and there is increasing scrutiny on personal data that is gathered through means such as social media.

Contact Data Plays a Key Role in Compliance

Now, let’s talk about your contact data. It often isn’t ready for global data regulations, through actions such as not gathering country information at the point of data entry, or having onerous location data entry requirements (like putting “United States” at the end of a long pull-down menu of countries) that encourage false responses. Worse, existing contact data often has serious information gaps or incorrect information, and it goes bad very quickly: for example, nearly 20% of phone numbers and 35% of email addresses change every year.

Finally, let’s talk about you. In the face of a growing list of data privacy and security regulations, your job isn’t just to become GDPR-compliant. It is to build and maintain a best-practices approach to data quality, which in turn keeps you up to date with both today’s consumer data laws and tomorrow’s.

Data Quality Best Practices Are a Competitive Differentiator

Taking a step back from this flood of new regulations, we would also suggest that an ideal goal isn’t just compliance – it is to leverage today’s data quality environment as a competitive opportunity. Why do these new laws exist? Because of consumer demand. People are tired of interruptive broad-brush marketing, invasive spam, and unwanted telemarketing. When you build your own marketing strategy around better targeting, curated customer relationships, and respect for the consumer, your focus can shift from avoiding penalties to growing your brand and market share faster.

We can help with both of these objectives. For starters, we now offer our Country Detective service, which can process up to 500 contact records and append correct countries to them to help guide your compliance efforts. And for the longer term we offer a free Global Data Assessment, where our team will consult with you at no charge about strategies for data quality in today’s new regulatory and market environment. Interested? Contact us to get the ball rolling, and take the next step in your global market growth.