What your business should know about data privacy

In the ongoing discussion of how to best utilize customer data gathered from marketing, privacy is always a concern. With companies like Apple starting to present privacy as a luxury product, consumers are more conscious of what businesses do with their data than ever before.

There is a balance between effective customer data usage and maintaining a reputation. And the key to that balance is being aware of the latest trends in data protection. It pays to be front-facing about privacy in 2019.

Existing regulations


Before diving into american efforts to protect customer data, it’s important to know what’s been going on overseas. The GDPR is the General Data Protection Regulation and it has been in effect in the EU for one year.

The GDPR isn’t an American regulation, but it does affect any business that processes personal data of EU individuals. Unless you have customers living in the EU, all you have to worry about is future US laws.

This regulation requires businesses to inform consumers of all personal data that is collected about them and how it will be used. Additionally, it does not allow automatic opt-ins for data collection. The regulation says that simply giving the user the ability to opt out of something does not mean the user is consenting. So a pre-checked consent box for data collection is not allowed.

This regulation gives consenting customers more knowledge of how their data is used. Some businesses are getting ahead of this by sending out emails detailing how data is used and providing an opt-out within that email. Businesses with large databases will naturally have an easier time with this than responding to individual requests.

Regardless of whether or not this regulation affects your business, remember that consumers are paying attention to what they’re opted into by default. Customers will take notice of your methods if they aren’t presented with the choice to give you their info You’re setting yourself up to look like the bad guy if you try to sneak your way into customer data.

California Law

The CCPA (California Consumer Privacy Act), passed in June of 2018, is often described as GDPR in the US. All states have legislation in place protecting consumer data, but California’s regulation is more stringent and other states are likely to follow suit

The California legislation is careful to describe exactly what information falls under its protection. Some of the most prominent data factors include:

  • Biometric data
  • Household purchase data
  • Family size information
  • Geolocation
  • Financial Information
  • Sleep Habits

Businesses must disclose how this info is collected and used. Customers can request what data is collected, the purpose of collecting the data, and which third parties are given the info.

Considering all of this, the best thing any company can do is be transparent about data collection policies. The law does require California businesses to clearly disclose a privacy policy on their website. Companies in all states should already be doing this, regulation or not.

Prepare for the privacy push

Having a strategy for organized data collection is more important than ever. Should your state enact policies similar to California and the EU, you’ll need to know what info your company collects and where to easily access it. 

Future regulations will likely continue to allow customers to request a report on data collected. Having an easily searchable database is important. But that would only end up as a fallback if your company puts together a comprehensive privacy and data collection policy. Prepare to accommodate your customers, but with a clear policy, you likely won’t have to go out of your way.

Other future privacy concerns

We often talk about ways to use smart speakers to optimize your business growth. But these devices have become the latest concern for the privacy-minded among us. 

Both Microsoft and Apple have come under fire recently for hiring contractors to listen to recorded smart speaker commands. The goal was to improve the technology’s ability to understand language. The amount that contractors listen to and what they hear is innocuous. Both companies admit to the strategy, but said contractors only hear specific commands, often triggered by mistake.

But Apple wasn’t going to let this tarnish their image as the company leading the push for privacy. The company published an official apology letter admitting they “haven’t been fully living up to [their] high ideals.” The post explains just which Siri recordings were studied and how the data improves the tech.

Apple outlined changes to retaining audio recordings and how recordings will be handled when triggered accidentally. The most important change is the ability for users to opt in to help Siri improve. The company states that it hopes “many people will choose to help Siri get better, knowing that Apple respects their data.”

Apple serves customers around the world and is headquartered in California. So they are directly under the regulation of the GDPR and the new California legislation. But their renewed focus on user opt-ins and internal handling of user data shows where the tech world is moving. Follow Apple’s lead and your bases will be covered, whatever regulations come in to place.


Share on