We’ve all gotten used to providing our personal information when downloading content or making an in-app purchase. In today’s digital world, it’s what we do—but not all of us feel entirely confident sharing that personal info.
According to Statista, most people in America are somewhat worried about their personal data being collected online: Only 17% said they weren’t worried at all. If you’re in charge of marketing, it’s your responsibility to ensure that your data collection practices are airtight so that your customers’ personal information remains safe and they feel confident doing business with you.
Does the US have consumer data privacy laws?
In the United States, we have laws regarding consumer privacy, but internet privacy laws are still evolving. While some states have data privacy laws in place, other states, including California, Colorado, Connecticut, Utah, and Virginia, have new laws taking effect in 2023.
The federal government is working to pass legislation providing nationwide protection for all consumer data. Earlier this year, the House Energy & Commerce Committee (E&C) advanced a comprehensive data security and digital privacy measure with near-unanimous bipartisan support: The American Data Privacy and Protection Act (ADPPA) would establish new protections for all Americans. It would give consumers various rights over covered data, including the right to access, correct, and delete their data held by a particular covered entity.
Why it’s essential to pay attention to your consumer privacy practices
Business owners and marketers know that for our customers and prospects to engage with us online, they first need to trust us. So, it’s our task—and responsibility—to build that trust by putting the data collection framework in place to protect our customers.
When users fill out a form on our landing page or opt into a subscription, they trust that their personal data will be handled with care. There’s an expectation that the personal information they provide will be used for the specified purpose and will remain private.
One way to ensure that we’re keeping up our end of the bargain is to perform audits on our data collection practices regularly.
How to conduct a privacy audit
In a recent article in Fast Company by Arjun Bhatnagar, the data privacy expert and CEO of Cloaked, offers his suggestions for conducting an audit of your company’s consumer privacy practices which he says can help “identify weak points and identify a roadmap for change.” Here is Bhatnagar’s step-by-step guide, reprinted in its entirety:
Understand your data responsibilities.
Conducting a privacy audit begins with understanding the data responsibilities of the industry in which your company operates. The medical industry will have a different legal approach than an e-commerce company. For more information on privacy regulations regarding industry-specific information, you can check out the FTC’s guidelines. As a rule of thumb, every business owner should treat data protection equally and seriously.
Examine what data you really need.
Once data privacy expectations are set, companies need to take an honest look at the types of data being collected. It’s important to begin to understand the reasoning behind data collection, permissions involved in data collection, and the way that data is stored. Ask questions like:
- Do we need to collect all of these data points?
- Can we limit the data to improve the consumer experience or protect them better?
- Can we infer better insights with more accurate data as opposed to wider data?
- Are consumers consensually giving us permission to collect all of this data?
Data can then be divided by levels of sensitivity. Legally, financial and medical data may be treated differently than a person’s first name, although I believe the best approach is to treat all personal data with the same level of care.
Find the right security resource.
For companies that do not have an extensive IT or internet security department, outsourcing this task to a well-vetted contractor can be a quick fix. Make sure these contractors understand the company’s stance on privacy and desire to pivot to a consumer-first privacy model.
Alternatively, with the increasing importance of data protection, you may want to consider building your own in-house team. This can be a good idea for companies of all sizes to make consumer data protection their priority.
Make it consensual.
Embracing consumer privacy completely means embracing consensual data collection in the form of opt-ins and communicative transparency, letting the consumer know what’s being collected and for what purpose. Doing so can be as easy as a quick pop-up, a detailed page on your site or creating email communication. Make sure that all of the information is easy to digest for your consumer base, staying away from heavy legalese.
Schedule ongoing audits.
Keep in mind that a privacy audit is not a one-off activity. New audits should be scheduled and completed regularly to ensure ongoing compliance and holding the organization to the highest standards consistently. For some companies this may be an annual process; for others, it could occur quarterly or even more frequently.
Push back on pushback.
Getting buy-in to invest in privacy is not always easy. Yet research shows that for every dollar companies spend on privacy, they see a $2.70 return. Plus, investing in strong privacy practices increases retention, brand loyalty, and a higher likelihood of conversion. Customers today want to be considered more than a number and committing to privacy is one way a business can deliver.
It is important to stop thinking that you need every piece of data on an individual to grow your business. As business owners, we actually get smarter by focusing data on usage and not on building user profiles. The customer experience becomes better, too, reaching the consumer as they are today and not what they were yesterday.
Read the full article from Fast Company here.
A final thought about personal data security.
The increased demand for Internet privacy will continue to surge in 2023 with the push for ADPPA. With the end of third-party cookies on some web browsers (and others to follow suit), brands need to embrace transparency and make authentic connections with customers and prospects to collect the data they need to align their products and services.
So, in addition to making sure your data collection practices are on point, identify new ways to tap into your customers’ behaviors and preferences. Then you can use that data to serve them the content they want most from you, helping build trust and confidence in your brand.