An Avalanche of State Privacy Laws is Coming: What You Need to Know

Todd Hinton | October 15, 2019

The Westin Research Center periodically updates a comprehensive state privacy law comparison, a one-page document that breaks down the status of data privacy laws across the United States, and lists each state’s approach to various consumer rights and business obligations. While just three states (California, Maine, Nevada) have passed privacy laws, legislation is pending in another 12.

For enterprises with customers in every state, the flurry of new data privacy legislation is cause for concern, especially because of the significant differences between the laws. The consumer’s right to opt-out and the business obligation for transparency are the only common threads across each of the state laws. The Illinois bill in cross-committee, for example, does not include a right to deletion. Minnesota, Washington, and New York, meanwhile, have bills in committee that have an eyebrow-raising consumer right against solely automated decision-making as it pertains to their personal data.

Fail to Prepare, Prepare to Fail

What does this mean for a marketing organization that must prepare for and support the California, Maine, and Nevada bills that have been signed into law, as well as the potential for many more, even beyond those already in committee? For starters, of course, it means that organizations do not have the luxury of treating every customer the same; a one-size-fits-all approach to data privacy that fails to honor requests on an individual customer basis will not only run afoul of the law, it will introduce friction into a customer journey.

Respecting data privacy is an imperative for brands. According to the Harris Poll survey commissioned by RedPoint, 40 percent of consumers say that is “absolutely essential” that a company tell them what information is being collected about them and how it is being used. Further, 38 percent said it’s essential they have complete control over how their data is used, and 32 percent said the same about being able to set specific preferences.

Tame Complexity with MDM

A recent blog in this space highlighted the importance of applying customer permissions dynamically over the complete customer lifecycle. This capability will take on more urgency as state privacy laws expand. The challenge for marketing organizations, however, is the sheer amount of preference center complexity that different state privacy laws introduce.

Handling the complexity requires a data management solution that can process changes in real time and push changes out to every system impacted by an updated customer preference. What sets the RedPoint Customer Data Platform apart as an enterprise-grade CDP is an integrated master data management (MDM) component that processes every privacy data point at an individual customer level. Because the CDP ingests customer data from every source and of every type, a customer’s preferences and permissions for how their data is stored and used becomes part of a persistently updated unified customer profile, or golden record.

Privacy Compliance Starts with a Golden Record

The golden record, as it pertains to data privacy, is like a lockbox that updates and stores a customer’s preferences. MDM, however, activates any change across every enterprise system to ensure compliance at an operational level. A customer could make an opt-out request by contacting the call center, for example. Unless that information is distributed to every customer-facing application across the enterprise, there is a risk that a preference will not be honored accordingly – introducing friction into a customer journey. Any change could potentially affect a customer journey. An address change is an obvious example, as a customer moving from California to Nevada will fall under a new state privacy law jurisdiction.

MDM disperses changes to subscribers in real time to ensure that marketers can keep pace with a customer’s changing permissions and other changing data elements as the customer engages in an omnichannel journey with the brand. Sophisticated heuristic and probabilistic data matching and dynamic updates to an aggregate ensure that a record is consistently updated in real time, providing marketers with confidence that campaigns are perpetually in sync with the persistent view and tracking of a customer’s preferences.

Stay Nimble, Stay Compliant

The fluidity of current state privacy laws, combined with the prospect of additional legislation, requires a flexible approach to compliance. Complexity will of course rise with more state laws impacting more customers, requiring that the enterprise has the technology in place to not only scale, but to handle the nuances of the various consumer rights such as the right to erasure, the right to portability, and the right to recertification.

With an extensive set of APIs, the RedPoint CDP enables organizations to build applications pertinent for any variable. Consumer rights in California differ from those in Nevada, for example, and setting up data lineage processes accordingly will ensure there is no reliance on a one-size-fits-all approach to answer important questions such as how customer data is acquired, how it has been shared, its future use, or other questions about the data. Answering these questions on a state-by-state basis helps ensure compliance now and in the future, and provides transparency for customers, auditors, lines of business, regulators, and anyone else with a vested interest in an organization’s compliance.

With a dozen privacy laws winding their way through state legislatures, and perhaps more on the horizon, it is imperative that organizations prepare accordingly. In addition to becoming compliant with the law, the benefit to honoring customer preferences is meeting customer expectations for a superior customer experience.

In the Harris Poll survey, consumers rank privacy as the most important component of customer experience, just ahead of personalization. Meeting these expectations is a direct line to revenue, with 57 percent of consumers saying they would be less likely to shop or use services from a company that fails to protect their personal information. Conversely, 54 percent of consumers said they will share more personal data for companies that offer a more personalized experience. And 37 percent said they will flat out stop doing business with a company that does not offer a personalized experience.

Companies have an obligation to comply with various state privacy laws, but compliance is also an opportunity to please the customer with a superior customer experience that drives revenue.

RELATED CONTENT

The Right to be Forgotten as a Vehicle for Building Customer Trust

What is Data Lineage and Why is it Important?

What You Need to Know about Consumer Data Privacy Compliance

Be in-the-know with all the latest customer engagement, data management, and RedPoint Global news by following us on LinkedInTwitter, and Facebook.

Share This
Todd Hinton
Todd Hinton

As VP of Engineering, Data Management for RedPoint Global, Todd Hinton leverages more than 20 years of technology management and software development experience to his oversight of RedPoint Global’s data management product offerings, including master data management and the RedPoint Customer Data Platform. Connect with Todd on LinkedIn and Twitter.