The roots of the term “compliance” were first used in the early 1600s when, according to the Merriam-Webster dictionary, complying meant being ceremonially courteous. Today, it involves much more than courtesy: in fact, it is often central to keeping your company out of financial and legal trouble. And it is a big part of the life of any data manager nowadays.
If you contact prospects or customers from a database, your business faces a host of regulations regarding the privacy, security and data quality of their data. These rules touch on areas such as unsolicited marketing contacts, phone and email messages, whether you are maintaining fair lending practices, and much more. And in some cases, the penalties for non-compliance can be severe.
Here, I would like to look at some of the biggest compliance issues our customers face, and how we support best-practice strategies for managing your compliance risk. Let’s start by breaking down three of the biggest areas of regulation businesses are likely to deal with regarding contact data.
If you do outbound marketing or customer contact by telephone or text messaging in the United States, you are subject to the Telephone Consumer Protection Act (TCPA), a Federal regulation designed to protect consumers – particularly wireless users – from unsolicited marketing contacts. Penalties for violations can be as high as $1500 per call or text message, and many familiar firms have been subjected to multi-million dollar fines in recent years.
Our DOTS GeoPhone Plus service is specifically designed to help ensure TCPA compliance for your phone contact records. First, it verifies the subscriber’s name, so you can check it against your contact records. Second, it tells you what type of line it is (landline, wireless, VOIP) and, if ported to a new line, the date of porting – this is important, because if a wireless number changes hands from your contact, you only have a 14-day “safe harbor” under TCPA to stop sending messages to the new owner. Finally, it provides other important information such as SMS/MMS data and SIC codes for business numbers.
If you have marketing or business contacts with residents of the European Union, these now fall under the strict General Data Protection Regulation (GDPR) data privacy laws that took effect in 2018. These new rules encompass areas including making sure contacts explicitly opt-in, giving contacts control over the use of their personal data, and restricting unsolicited marketing. Penalties for non-compliance can range as high as 20 million Euros or 4% of annual turnover, whichever is greater.
Our global address validation tools can help you maintain GDPR compliance by flagging contacts who reside in Europe, and also automate compliance with GDPR Article 5 by producing a Certificate of Accuracy (COA) for each of your contact records, to assist with potential compliance audits. We also offer a free GDPR data assessment on request.
The US CAN-SPAM act prohibits sending unwanted commercial email, such as mailing to a harvested address, with penalties ranging up to $42,530 per email. CAN-SPAM compliance largely starts with your business processes, ensuring that your contact email addresses have opted in to receive commercial email from you. Our DOTS Email Validation service can enhance your email marketing efforts and protect your sender reputation by ensuring these addresses are legitimate, as well as flagging potential spammers, fraudulent email addresses, spam traps and honeypots, and much more.
Building an infrastructure for compliance
With a tip of the hat to Merriam-Webster, compliance is about much more nowadays than bowing and curtsying to the king. In fact, it is about more than simply complying with regulations: it is also about having the infrastructure to prove compliance and back it up with data. This is one area where an ounce of prevention is worth more than a pound of cure, with the use of real-time tools to validate your contacts and procedures, as well as leveraging these tools to prepare for future compliance questions or audits.