Will GDPR and the recently passed California privacy law herald a new age where companies avoid breaches by taking proper precautions?
With the enactment of new data privacy laws comes the expectation that consumer privacy will be better maintained. But will the new rules help stem the seemingly endless reports of data breaches? I talked to some marketers who are hoping they will.
Europe’s General Data Protection Regulation (GDPR), which governs the handling of European Union (EU) members’ data went into effect in May. California mirrored many of the GDPR’s tenets when it passed its landmark data privacy bill last month, and it’s expected that other states will follow suit.
Both laws call for businesses to shore up their processes and procedures to ensure that breaches are less likely to happen — and impose huge fines when they do.
This summer has seen more than its share of breaches, and it’s only just begun.
In June, data broker Exactis exposed a database that held information about millions of US citizens — eclipsing the historic Equifax breach last year. Smaller recent breaches include the US Adidas retail website just last week.
And consumers are not happy.
A recent survey by customer identity firm Janrain showed that a whopping 78 percent of consumers were aware of the Facebook/Cambridge Analytica scandal and 58 percent said it made them more concerned about data privacy and security than before.
Businesses should step up
Ankur Laroia, global leader, strategy and corporate development for Alfresco Software, told me that corporations must “employ modern digital business platforms to identify, curate, secure and ultimately delete consumer data once it is at the end of its lifecycle.”
“…With GDPR now being effective, global corporations will face fines when any sort of personal information of customers or employees, including data as innocuous as email addresses, are hacked/stolen or inadvertently exposed. The surface area of attack for businesses has grown substantially as well, with servers typically needing patches across the IT landscape. Besides facing the specter of fines, there’s damage to corporate standing, loss of consumer trust, credibility issues as well as irreparable damage to a brand which can take years to recover from.”
Peter Reinhardt, CEO and co-founder of consumer data platform (CDP) Segment, said that new rules such as the ones in California are inevitable because it’s “only natural that consumers are now looking to legislation to help with these issues.”
“Due to the many data scandals that have occurred recently, there is now a much greater general awareness about data privacy issues — around both the protection of consumer data as well as the ethical and respectful use of this data. Given California’s prominent role within tech, it is not surprising that the state is the first in the US to drive this kind of legislation forward and follow the EU precedent. The California Consumer Privacy Act of 2018 is the first proof point, of many we will likely see, that Americans also want transparency into data practices and similar privacy protections like those enforced in the EU.”
Gary Kamikawa, vice president of demand generation at workflow platform Nintex, said the new legislation should make marketers more aware of the problem.
“With the new legislation passed in California, there are a number of similarities between the work that GDPR has placed on any global company. As marketers, it has made us more hyper-aware [of] how we are managing data collection, usage, and customer requests.”
A shift in power
Giving consumers more power is a hallmark of these privacy laws. But can marketers handle the shift?
Paul Warner, vice president of customer and employee experience strategy at InMoment, says the data laws will require companies to think differently about their customers.
“These new data policies and regulations signal a significant shift in power and expectations between individuals and organizations, and customers and brands….As a result, there is a need to fundamentally change the agreement and ground rules between these two groups. GDPR, the California legislation, and other policies that are in the works mark the end of the age of transactions and usher in ‘the era of the relationship,’ meaning that retailers can no longer simply ‘manage’ the customer’s experience, they must engage with them in reciprocal, mutually beneficial relationships.”
Just over a month into the enforcement of GDPR, we’re still waiting to see how GDPR will affect US companies that have European customers.
Nintex’s Kamikawa noted that the California law poses similar issues.
“The challenge that the California legislation provides is that a lot of the ways global companies are collecting data are at a country level and not always collecting information at a state level. Especially for commercial relationships where addresses may be tied solely with the corporate office and not to the individual’s locations. This creates various obstacles around data collection in today’s mobile and remote workforce to properly identify users that are part of the California legislation.”
Still, Kamikawa — and the rest of us — are waiting to see how it plays out.
“The spirit of the (California) law is commendable to improve the way companies handle data and interact with customers. However, the practicality of compliance and enforcement remain a real hurdle to making that vision become a common experience for end-users. Like GDPR, I think a lot of companies are going to be watching closely to see how it actually gets enforced and then trying to adjust and respond appropriately.”