Brands should not need a designated day to remember the importance of respecting customers’ rights when it comes to collecting and managing their private data. Laws like CCPA and GDPR tell them to do so, and plenty of data is available to inform best practices and show why data protection matters to consumers.
For instance, Tealium’s recent report on data privacy found 40% of consumers say that, other than themselves, businesses are the most responsible parties for protecting their data, higher than the federal government. Half of consumers don’t feel well-informed about how businesses are using their data, and 85% won’t forgive a company’s missteps, even if they previously trusted the brand.
For Data Privacy Day — held each year on Jan. 28 — we caught up with five companies to see what they’re doing to strengthen their data privacy practices in light of recent data privacy laws and increased consumer scrutiny. Data Privacy Day began in 2007 by the Council of Europe as European Data Protection Day, and US lawmakers first declared Jan. 28 as National Data Privacy Day in 2009.
Proactive Privacy Education for Consumers
Some organizations have turned to a proactive approach of educating consumers on steps they can take to better protect their data privacy.
Chelsea Brown, CEO and founder of Digital Mom Talk and a cybersecurity consultant, said one of the things her company has done to implement data privacy with clients is to “politely educate them on things they should be doing.”
“For example, when someone sends us an unencrypted message or email with their phone number or sensitive documents, we simply reply and add, ‘Just in case you didn't know, next time if you click on this button in the image, it will protect this information from being compromised. We've deleted the email containing this information from our servers to ensure your privacy is protected. You should do so on your end as well.’”
Such practices not only keeps information safe, Brown added, but also informs clients and companies how the company keeps their data secure.
Related Article: How the NIST Privacy Framework Will Help Manage Data Safely
Data Classification, Access Management and Robust Security
Will Ellis, founder of Privacy Australia and an IT security consultant, said some of the best data privacy practices he has implemented are data classification and the robust security of that data. “By identifying different types of data, we can see what needs to be as secure as possible and implement the correct protection for each data category,” he said. “For example, if we find that some data should only be accessible by a specific set of individuals within the company, we can implement a system of Privileged Access Management, which then creates another barrier by which to protect our customers’ information.”
The company also has in place various other security measures, such as the use of a VPN, anti-ransomware and anti-malware. “Consumer data protection is at the top of the list,” Ellis said, “as it is information which they have trusted us with, and we aim to uphold a strong relationship with them.”
Related Article: Why Marketers Should Be Leaders With Customer Data Privacy
A Continuous Focus on Reviewing, Testing and Training
Sue Bergamo, CIO and CISO at Episerver, said her company achieves a high level of confidence by reviewing and testing employees, network and systems. It’s a “continuous loop program,” one in which Episerver routinely tests its applications vulnerabilities, tests its network to assure perimeter safety and audits, both externally and internally, for malicious activity and anomalies. “We also work with a team of compliance auditors that review our policies, procedures and evidence to guarantee that security controls are followed and appropriately safeguard our data,” Bergamo said.
Employees must also complete a comprehensive annual security training program, where they are trained in identifying risks and malicious attempts to gain access to facilities and systems. Bergamo said she also likes to hold “surprise fictitious breaches” that test the skills of employees and response teams.
Bake Privacy Into User Experience
Hossein Rahnama, co-founder and CEO of Flybits, said his company merges the design side with the data side. “We bake privacy into the user experience so at the very moment data is being captured, the customer is empowered with the decision to share their data,” Rahnama said. “At this point, they understand the exchange in value: what data is going to be used, and what value they will get out of it. Larger companies can then focus on the story, the narrative required to encourage their customers to share the data."
Ensure Website, Email Compliance
Marty Puranik, president and CEO of Atlantic.Net, said his company has made major changes to its website to ensure it has the best practices to meet the regulatory and compliance requirements specifically with GDPR and CCPA. It has also implemented stringent controls about its email policy to comply with GDPR.
“Although these changes have resulted in lesser insight into marketing data, we have decided that ensuring customer privacy takes precedence,” Puranik said. “There is always an added cost to continuously meet and exceed regulatory and compliance requirements, but at the end of the day, it is a good investment to continue to provide the best user experience and have peace of mind knowing that we are in compliance with these regulations.”