Is your governance framework protecting your 1st Party Data? In our first blog of the Consumer Intelligence series (1st Party Data, Clean Rooms, and Privacy — Why it’s so Hot), we emphasized the importance of your 1st party data and how Infinitive helps companies get the value out of their data by a 3-step process – Collect, Protect, and Connect. Our second blog laid the groundwork for (‘How to Optimize Your 1st Party Data – Step 1: Collect’). In this article, we will dive into the next key step in the process: “Protect your 1st party data”.
When it comes to Protecting your data, there are two critical focus points to look at across your business processes and data architectures: 1) protecting your consumer and 2) protecting your business.
Privacy across the globe – Protecting Your Consumer
For several years, consumer data privacy has been at the forefront of social media headlines and legislators’ dockets across the globe. In 2018, the EU started the protection movement by enacting the consumer data privacy law known as the ‘General Data Protection Regulation’ (GDPR). Soon after, California led the way in the US with a state-specific consumer privacy law, the ‘California Consumer Privacy Act’ (CCPA) which became effective in 2020. Four years later we are now experiencing how the laws are being interpreted, what fines are being issued, and what impacts the legislation will have to our business processes and technology when we are engaging with our consumers, platforms, and apps. But, in case you were not keeping a close eye on the scoreboard, there are now 4 more states that have followed in California’s footsteps with state specific legislation including: Colorado, Virginia, Utah, and Connecticut. So, does this mean that as business leaders we should expect to manage rules and policies across 50 different state-specific privacy laws? That sounds like a nightmare and depending on what states you have large numbers of consumers in, it’s one you might need to start living sooner rather later.
Hot Off the Press – ADPPA
On June 30, 2022 the House Energy and Commerce Committee introduced the American Data Privacy and Protection Act, H.R. 8152 (‘ADPPA’) which outlined the US federal consumer privacy framework. Where other federal attempts have failed, the ADPPA is a bipartisan approach to “strike a meaningful balance on key issues” to reduce complexity of a 50-state ‘food-fight’ of differing or even contradictory laws and policies, as stated by Roger Wicker, a Senate Commerce Committee Ranker Member.
For example, a key focus of the ADPPA bill is around ‘Consumer Control and Consent’. This gives consumers various rights over their personal data including the right to access, correct, and delete the data which you collect on them. It requires you to get affirmative consent from consumers before using their data and grants consumers the ability to deny you from sharing their data with other third-party entities or organizations. Another key piece of the legislation to watch is ‘Data Minimalization’, which imposes a requirement on organizations to not collect specific consumer data unless it is “reasonably necessary” as defined by the FTC’s definition. This minimalization of data collection happens regardless of consumer consent or transparency.
It is critical that your organization focuses on understanding the current and future laws, restrictions, policies, and most importantly what processes and technology solutions you will need to implement to protect your consumers’ 1st party privacy. Infinitive has deep experience in designing and implementing the processes and technical capabilities organizations need to comply with the privacy policies defined above, in the CCPA, and as additional laws are enacted. By starting with a proven strategy and plan, you can ensure that you will meet the needs of regulators while continuing to enhance your trusted consumer relationships. You can learn more about how to implement Consumer Privacy solutions here: ‘Staying Ahead of Consumer Privacy Data Laws‘.
Data Governance in the cloud – Protecting your Business
Not only do you need to make sure you are compliant in the privacy of the 1st party data that you are collecting, but you must also guarantee that you are protecting that data from improper access, ensuring its ongoing accuracy, and making it available when it is needed.
Having strong policies, procedures, standards, and controls specific to data protection is crucial to your Enterprise Data Governance strategy. These concepts apply to all customer data, whether managed in single cloud, multi-cloud, on-prem, or with a third party. Data protection is a part of Infinitive’s ‘Cloud Governance Model and Framework’, with a special focus on user identity and access management – ensuring that the right people have access to the right data.
For many, the word ‘Governance’ can feel like a restrictive straight jacket trying to slow down data access, decisions, and overall business growth. But the key is being able to see data governance NOT as a necessary evil, but instead as a business enabler. For example, leading organizations focus to establish great data governance programs to:
- Gain a Competitive Advantage – Increasing the speed of getting services to market, efficiency gains, and creating a better customer experience to differentiate your organization from your competitors.
- Manage Risks – Leading organizations blend legacy and new cloud-based technologies to ensure PII Data Security while decreasing reputation and financial risk.
- Lower Risk Profiles – Comprehensive Policies, Standards, Controls, and Procedures (PSCP) are the hallmarks of mature organizations, ensuring that organizational and compliance risks are mitigated effectively.
Protecting your trusted consumer relationships is key to continued business growth and it begins with a commitment to protecting your consumers’ privacy AND the security and access of that data. With Infinitive’s Cloud Governance Model and Framework, your organization can increase revenue, improve the customer experience, lower operation costs, and drive efficiencies in the cloud. Our privacy and data governance experts can help you navigate the ever-changing legal and policy landscape while working alongside you to implement solutions that will Protect 1st party data.
Looking ahead: Step 3 – Connect
Now that you have collected and protected your consumer 1st party data, it is time to get the value out of your data and leverage it for increased revenue, audience growth, amplified engagement, stronger partner connections, improved product decisions, and deeper consumer relationships. Stay tuned for our next blog, Step 3: Connect your data.