The CCPA Hidden Game Changer: “Do Not Sell My Personal Information”

There are several key aspects of the California Consumer Privacy Act (CCPA) that people are largely missing to date. Here, learn why the "Do Not Sell My Personal Information" provision of the CCPA could be a game changer for many companies. And learn how you can get a head start implementing the processes and systems to comply with the provision without hobbling the business.

All Posts

Privacy rights management: The new competitive differentiator

In the face of continued consumer distrust over data privacy and a regulatory environment that remains uncertain, forward-thinking companies are building best practices for data stewardship – and creating a competitive advantage in the process.

 

Consumers are more concerned about data privacy than ever before. It is the No. 1 social issue that Americans would like businesses to address. Even ahead of healthcare.

 

Regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act 2018 (CCPA) – and a host of other new regulations being developed around the world – are attempts to calm those fears and force companies to be better stewards of their customers’, or users’, data.

 

Yet the new regulations don’t seem to have had an immediate calming effect. Several months after GDPR was enacted, a Global Web Index survey found that 70% of internet users in the UK and U.S. were more concerned about their online privacy than a year earlier.

 

In this kind of environment there is a tremendous opportunity for forward-thinking companies to build a competitive advantage based on good data stewardship.

 

Data privacy is the No. 1 social issue that Americans would like businesses to address. Even ahead of healthcare. 

Click to tweet

 

Opportunities for forward-thinking companies

We have entered a new privacy paradigm. Privacy rights management used to mean protecting your customers’ data. Today also means enabling your customers to exercise control over their data.

 

The basic idea, in this new privacy paradigm, is this: When a user gives personal, sensitive information to a company in order to get a service, that company should have a duty to exercise care in how it collects, analyzes, manipulates, and shares that information. India McKinney, a legislative analyst for the Electronic Frontier Foundation, reflected the popular consensus well: Companies should “serve as fiduciaries for their consumers' data, and to satisfy duties of loyalty, confidentiality, and care for their users.”

 

We have entered a new privacy paradigm. Privacy rights management used to mean protecting your customers’ data. Today also means enabling your customers to exercise control over their data.

Click to tweet

 

Personalization and privacy can coexist

There’s a valid concern that rigid privacy rights rules could stifle innovation – just as companies are increasingly able to turn data into competitive advantage. As Gartner analyst Saul Judah explains it, “Effective governance is a critical success factor for data and analytics initiatives, and one of the most difficult challenges that organizations face.”

 

Yet it’s a misconception that personalization and privacy are conflicting efforts. In fact, they’re symbiotic opportunities to deliver business value. Leverage customers’ data to deliver more personalized products and services to them, and at the same time be a good steward of that customer data.

 

It’s a misconception that personalization and privacy are conflicting efforts. In fact, they’re symbiotic opportunities to deliver business value.

Click to tweet

 

Best practices for data trust and business success

Being an effective steward of your customers’ data can be a key differentiator as you acquire new and deepen existing customer relationships. Delight your customers with clarity, speed, and education.

 

There are three best practices that will take you a long way toward establishing that competitive advantage:

1. Privacy portal

This is the number one way to deliver transparency to your data subjects. Unlike a basic web form, a privacy portal is a space in which your users can self-administer some or all of their privacy requests. A portal enables the secure transfer of sensitive information with a password and SSL encryption. You can communicate disclosures, past consent(s), and open and closed requests. Intelligently designed workflows make the process easier and more understandable.

 

2. Matrix of consent

A matrix of consent helps manage complexity by tying data categories (profile data, social data, contact info, income data, etc.) to data uses (app, new account, loan application, etc.). The matrix shows the type of data used by service. It shows what data subjects have agreed to, what they have specifically revoked access to, and what data does not apply to a particular service. It provides easily understandable transparency into the ways your access to a customers’ data enables you to provide their services.

 

3. Automating for fast response

For most organizations, best practice privacy rights management demands at least some automation. If you expect to receive a lot of subject access requests or you have a very complex data environment to extract the data from, automation is key to fulfilling requests quickly and transparently. (What’s more, organizations in that position often find that the cost of automating some or all of the process is less than the operational overhead required to manually manage the requests.)

 

There are other best practices in privacy rights management of course, including practices that reduce operational overhead by automatically deleting or anonymizing records across hundreds of back-end systems. But these three are the key ones to delight customers and thereby gain competitive advantage.

 

Being an effective steward of your customers’ data can be a key competitive differentiator. Delight your customers with clarity, speed, and education.

Click to tweet

 

Now what?

None of this is easy. For most businesses, managing data, alerting users to their rights, and responding to data subject access requests is an overwhelming amount of work. Making it more difficult is the fact that data privacy regulations continue to change.

 

The ideal solution is a complex piece of software that can navigate through the different regulations and render a complex web of rules into a platform that can be easily understood.

 

The Apples and Microsofts of the world are building their own such software. For most companies, that’s not the best approach.

 

There are reasons why most enterprises license Salesforce rather than building their own customer relationship management system … why Oracle’s fastest growing products are as-a-service solutions:

  • You get much faster time to benefit (just license and configure, which takes weeks rather than months)
  • Typically, the all-in costs are much lower over time
  • It is, by definition, highly scalable
  • You get new releases and upgrades as soon as they’re rolled out

 

A software-as-a-service solution for privacy rights management has all those same benefits, which go a long way to delivering flexibility for today’s uncertain privacy rights environment.

 

Indeed, in their July 2018 survey, TrustArc found that 87% of companies are looking to a third party to help meet GDPR compliance requirements. More than half use third-party technology and tools to automate and operationalize data privacy.

 

87% of companies are looking to a third party to help meet GDPR compliance requirements, according to TrustArc.

Click to tweet

 

By turning to a purpose-built SaaS solution, you can focus on building trust with your users and customers and understanding what the data means. And that can be a huge competitive advantage to the business that is your primary focus.

 

New call-to-action

Truyo
About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

The CCPA Hidden Game Changer: “Do Not Sell My Personal Information”

There are several key aspects of the California Consumer Privacy Act (CCPA) that people are largely missing to date. Here, learn why the "Do Not Sell ...

A MasterClass in Modern Privacy Rights Management: CCPA & Beyond

Privacy regulations are expanding beyond the European Union’s General Data Protection Regulation (GDPR), to include California’s Consumer Privacy Act ...

How to Modify Your GDPR SAR Practices for the CCPA

Original broadcast date: March 21, 2019 via IAPP Webconference When it comes to operationalizing your privacy compliance, the need to create efficient...

State of the States: U.S. Privacy Regulation Status Update

Updated April 16, 2019 to add Arizona, Connecticut, Nevada, and Texas. We have entered a new privacy paradigm, where the only certainty is uncertainty...