By now, I imagine you’ve heard the news. California has become the first state to follow the European Union’s lead, creating a privacy framework of its own. Enforceable by 2020, the California Consumer Privacy Act will most certainly be the first of many.
Other states already have their own regulations in the works. And United States lawmakers are working with tech companies to devise a federal framework. Although there will naturally be a few differences, I imagine it will be largely based upon the foundation created by California.
So with that in mind, let’s discuss it.
The basic beats should be pretty familiar to anyone who’s been paying attention. Users have a right to know what data is being collected about them and why. They have a right to opt out of the sale of their data to third parties. Children under 16 - or their parent or legal guardian - must provide explicit consent before their data can be sold.
Consumers also have the right to download, transfer, or delete their stored data. Companies are not allowed to treat a consumer differently based on whether or not they have consented to their data being sold, and consumers are allowed to sue if a company violates this rule. Businesses are also expected to go to reasonable lengths to keep personal data safe - again, pretty similar to GDPR.
What’s interesting about California’s regulation is that it has a pretty broad definition of what constitutes personal information. There’s the obvious stuff, like browsing history and personal identifiers like name, address, and phone number. But it also includes psychometrics and any predictions or inferences a company might make about a consumer based on their behavior.
Again, California’s data privacy law isn’t going to be the sole standard for the country. But it will serve as a starting point. And at the very least, it should signal to your organization that it’s high time to start considering how it will deal with consumer data in its own right.
Honestly, your best bet here is to simply embrace the GDPR. Treat it as a business opportunity rather than a roadblock. Hire a compliance officer, and work with them to sanitize your data, organize consumer information, and draft up consent forms for your customers.
Compliance aside, the GDPR can actually end up being a pretty phenomenal marketing tool for your organization. Consumer trust in business is at an all-time low. If you’re able to show people that you care about their rights - if you demonstrate that you’re willing to give them ownership over their personal information - they will be much more willing to work with you in the future.
Sure, doing the right thing and respecting the agency of your customers should be its own reward. But in an era where privacy is effectively on life support, it can also be a great value-add. Really, time and effort aside, you’ve no reason not to become compliant.
Plus, it’ll save you from having to scramble through the process when your home state inevitably starts enforcing privacy regulations of its own.
About the Author:
Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.