Task Force Mobilizes to Tackle the Proliferation of Privacy Rules
Cloud-based data sends privacy concerns sky-high.
Why can't anything ever be as good as it seems? Your best friend calls and says he has tickets for the Super Bowl and you exult. Then he tells you he needs your check for $5,000 for the seat ASAP. Such is the situation with Big Data. It's a bona fide Holy Grail for segmenting, targeting, converting and carrying on serious relationships with customers. But, oh, the price to be paid.
Delta found it out last month when California filed a lawsuit against the airline for violating its 2004 Online Privacy Protection Act for failing to post a conspicuous privacy disclaimer on its “Fly Delta” app. Foreign countries enforce a hodgepodge of digital privacy regulations, and nothing's to stop other states from enacting their own versions of the California laws. With mobile devices turning digital marketing into a world without borders, what are marketers to do?
They could form a global task force, but ISACA, an association of IT professionals, did it for them today on the occasion of Data Privacy Day. The task force is charged with establishing standards, conducting research, and educating companies how to maneuver through the minefield of privacy, an area that has become ever more hazardous with the wholesale adoption of mobile devices.
“Globalization is complicating privacy for multinational companies. If I download an app in the U.S. and it allows somebody in Europe to illegally gather data on American consumers, where is the marketer's liability?” says ISACA board member Jeff Spivey, who is VP of RiskIQ, a risk intelligence firm. “The European Union is trying to standardize some of these rules, and there's a cry for a federal law to do the same here.”
For now, however, privacy rules and regulations continue to emanate from a variety of government sources. Just since mid-December, two federal agencies added new privacy requirements to longstanding laws.
Health and Human Services passed omnibus rules to enhance patient security in the Health Insurance Portability and Accountability Act (HIPAA) that put new limits on how information is used and disclosed for marketing purposes and prohibits the sale of an individuals' health information without their permission.
The Federal Trade Commission amended the Children's Online Privacy Protection Act (COPPA), adding several new protections inspired by the proliferation of mobile devices. The agency closed a loophole that allowed kid-directed apps and websites to permit third parties to collect personal information from children through plug-ins without parental notice, and it modified the PII list to include geolocation information, photographs, and videos.
The rapid proliferation of smartphones across the globe has complicated privacy issues and accelerated the needs of marketers to keep track of them.
“Nearly all of this sensitive personal information is coming from mobile devices and apps. The granularity of the data is intensifying,” says Spivey. “Not only are we still in the early days of Big Data, but the early days are changing before our eyes.”
As awareness of the risk increases, Spivey says, more and more multinational companies are adding Chief Privacy Officers to monitor privacy issues. For marketers without CPOs or anyone else dedicated to the task at their companies, he suggests a simple, two-bullet-point process.
“First, marketers have to understand what the regulations are. With different rules coming in by state and country, make sure your policies adhere to the strictest of them,” Spivey says. “And second, be sure the data you buy from outside your company was legally obtained by the supplier.”
Spivey says no certification program currently exists for data suppliers and that there is not likely to one in place any time soon, especially one taking into account regulations worldwide. In the meantime, he counsels marketers to word contracts with suppliers in such a way that responsibility for privacy compliance is shared.