How would national privacy legislation affect your marketing? For anyone who collects or uses consumer information, this is probably a salient question – but perhaps not one that every DMer wants to answer.
It shouldn’t be surprising that our industry often has seen consumer privacy as a matter for industry self-regulation, and we’ve defined many guidelines and best practices to that end. But whether we like it or not, we soon may have to accept the government’s involvement: Proposals for a national privacy law are gaining ground.
Long a major skeptic of privacy laws, Microsoft recently joined with the Center for Democracy and Technology – a public policy group that lobbies Congress on privacy issues – and others to call for a national Internet privacy law. Even some data brokers, who had their share of data breaches in 2005, have begun to support omnibus privacy legislation.
What caused this abrupt change? We might take Microsoft’s reasoning as a good example. In a white paper outlining its reasons for supporting federal legislation, the company argued that the current “bewildering jumble” of state and federal laws creates difficulty and confusion for businesses and consumers.
Microsoft makes a valid point. The privacy laws out there often are confusing and contradictory. More than 20 states have passed data breach or privacy legislation, and a national law may pass this year. While many states have followed the example of California’s 2003 law, significant ambiguity remains. For businesses looking to uphold industry best practices and promote the security of their brand, having a uniform standard might not be such a terrible thing. It’s also good for business to get into the mix: Without industry input, privacy legislation might go further than any of us would like.
How could legislation go too far? It’s probably more intuitive how privacy legislation could harm businesses. Witness the federal government’s guidelines for the healthcare industry. Even for consumers, though, protecting privacy sometimes can go a little further than they’d like. Maybe this seems unlikely here, but in other countries it may already have. Nearly 60 percent of Japanese citizens said a restrictive privacy law enacted there in April 2005 may be too constricting. There are times consumers want businesses to have their personal information, and ideal legislation would balance consumer concerns with the interest we all have in some sharing of information.
We should look closely at what is being suggested to ensure it meets this balance. In conjunction with the Center for Democracy and Technology, Microsoft now wants a standardized national law to “establish baseline privacy protections for consumers, and provide organizations with a uniform standard on which they can build privacy policies.”
Of course, this remains vague and could encompass any number of the pieces of legislation currently stalled in Congress. Yet whatever its final form, Microsoft’s support could prove instrumental in the push for a national privacy law. And based on the CDT and Microsoft’s positions, we can make predictions about what the law might require:
Consumer access to data collected about them may increase. We’ve all heard the “consumer in control” mantra. This is a logical extension. Even Microsoft has argued that consumers should be able to view the data held by marketers and data brokers.
Data breaches must be declared. With no national standard, it isn’t always clear when and where businesses are required to disclose a data breach occurrence. Under new legislation, this vagueness would disappear, with strong standards outlined for disclosure.
“Baseline privacy protections” will have some teeth. Most salient, perhaps, are any restrictions on the collection of consumer information. From the CDT’s position, we probably can expect new opt-in requirements as well as new penalties for those who don’t abide by the protections (and the Federal Trade Commission clearly has the will to pursue companies with inadequate privacy protections).
What will this mean for your business? That depends. Much of what the proposed legislation suggests is already part of industry best practices, so many marketers may be compliant already. But if nothing else, the specter of a federal privacy law is good reason to take a long, hard look at your privacy and data governance practices.
Research in the past year shows that even though consumer distrust of the Internet has grown, click-through and e-mail open rates rise when consumers have a “trusted relationship” with a marketer. So whether or not this bill has legs, you would do well to ensure that you’re taking steps to build this trust.