3 data privacy principles to adopt now, even while governments still debate
Data privacy and security legislation are complex, confusing, and constantly evolving
Complex legislation takes a long time to come together, and it doesn’t get much more complex than data privacy and security law.
In the US, Acxiom has been calling for a national data privacy law since 2004. But instead, a confusing patchwork of state legislation has emerged over the years. And the rules that govern cross-border international data transfers only compound that complexity, as we’re seeing with the recent introduction of the EU-US Data Privacy Framework in response to the invalidation of Privacy Shield and Safe Harbor. And that’s just focused on EU personal data. Other countries are also following suit.
Brands risk getting stuck in data privacy limbo
One of the biggest problems, as I see it, with the slow speed of legislative progress is that many brands feel stuck in limbo. Without clear direction from governments, they’re left uncertain about how to proceed with their own data privacy and security initiatives.
So, what often ends up happening is they simply don’t act on these extremely important issues at all. Complexity leads to paralysis and procrastination. Then, when laws are ultimately passed and change is mandated, brands find themselves lagging with lots of catching up to do.
It’s a dangerous position for any brand to sleepwalk into, and it’s only going to get worse as the data privacy stakes rise in the new world of AI and its many potential applications for personalized marketing.
The time to act is now
The good news is brands don’t have to be in a bad position. Yes, these issues are extremely complex and legislation will take time. But it’s more important than ever to design your own systems to protect individuals and – as a result – to protect your own brand’s future.
While governments are struggling with the finer details, you can get ahead with your own ethical approaches to data protection by design.
Here are three steps you can take now, with a good degree of confidence, to ready yourself for the ongoing evolution of the data privacy and security landscape.
Three low-risk, high-reward practices around data privacy and security
1. Build a foundation of fairness
Fairness is one of the most powerful guiding principles any brand can adopt for its use of data, but what does it mean in practice? On the one hand, it’s about considering how you’re using not just data but the tools and technologies that help you harness data in your marketing and decision-making.
On the other hand, it’s important to remember we’re not just talking about one moment in time, like the moment when someone gives you their data, or the moment of an interaction between them and you, in a store or on your website. It’s about the potential implications that these moments can have down the line. Could it lead to an unfair, harmful, or discriminatory outcome for them? Could it keep them from getting credit? Or a job offer? Could it perpetuate a stereotype about a protected class of people? Building a foundation of fairness, for example, could mean implementing policies and procedures to regularly assess the data and tech you use to ensure they do not have a disparate impact on vulnerable consumers.
Fairness should be your foundation, and this applies to all sorts of impacts that might not be immediately apparent.
2. Maximize data transparency
We hear a lot about the need for transparency, especially in the context of the “black box” nature of technologies like AI. We must remain vigilant to keep unfair and hidden biases from creeping into learning models, whether it’s a bias humans have, like confirmation bias, or the unwanted output of an algorithm. And brands will run into more intellectual property issues such as copyright protections – was the data rightfully yours to use in the first place?
But laying those issues aside (they’re now table stakes), brands should be framing their approach around the question of an individual’s reasonable expectations about the use of their data. Would they expect their personal information to be used, for example, to advertise based on their current location – or would they be surprised (and offended) by that? If they ask about your decision-making processes, would your company reasonably be able to explain why a certain inference was made? And have you given them control over how their data is used?
These are the kinds of issues brands need to get ahead of by building as much transparency into their data models and processes as possible.
3. Stop hoarding data
Marketers know the power of data in creating better experiences for people, but the most accomplished data-driven marketers know that too much data can be a bad thing.
It’s not good to simply throw as much raw material into a data warehouse or data lake as possible, hoping to figure out what to do with it later. Today there’s a recognized risk to holding on to too much information for too long – not just mismanagement or breach risks (the global average cost of a data breach this year was $4.45m), but also a greater focus is being given to the environmental impact of data storage.
As brands experience the diminishing returns of too much data and a growing awareness of the risks of data hoarding, we’re going to see more effort channeled into data minimization initiatives.
Safe bets for brands getting ahead on data privacy and security
If you feel like your business is falling behind on data privacy and security measures, you’re not alone – and I wouldn’t blame you for feeling a little lost in limbo. But while governments debate the issues and slowly pass new laws, you can still take action.
Some practices represent a good investment in your brand today, and they’re likely to stay that way. Principles like fairness, transparency, using enough (but not too much) data, and generally treating other people’s data the way you’d like your own to be treated are important.
They’re not always easy principles to follow fully – but trust is hard won, and easily lost. Principles like these will build data trust in the longer term, and they’re unlikely to go out of fashion with your customers any time soon.