No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Data Privacy Rules Even a Kindergartener Can Understand

Without national consumer privacy regulations, businesses have a chance to lead by example

by Arlo Gilbert
May 3, 2023
in Data Privacy
abc blocks

Regulations on consumer data privacy can get complex, but one thing should remain simple: Responsible data governance means simply doing the right thing. Or at least that’s what Osano’s Arlo Gilbert believes.

Data does a lot for brands. They can use it to personalize customer experiences and refine marketing initiatives, but for many companies, the ethics of gathering, using and storing this data can get a little blurry.

I’m a dad to three children, and as a father, I spend much of my time and energy teaching my kids how to respect others and their things. Recently, I was discussing sharing with my youngest, and I realized that the behavioral best practices we teach kids apply to more than just playtime. We want our kids to do the right thing in their lives, and we should expect the same from organizations that use our data.

There are a few data privacy regulations in place that are a step toward doing the right thing, such as the EU’s GDPR. However, organizations that care about data privacy ethics will take it further and do right by their customers, even if doing so isn’t mandated by law. Ethical organizations will take care of consumers’ personal and sensitive data.

To help simplify this process, I’ve developed the ABCs of data privacy. These guidelines are uncomplicated enough that kids can understand them while still incorporating complicated messages about how to treat your customers.

california state flag
Data Privacy

CCPA Analysis: 320 Suits Filed to Enforce Data Privacy Protections So Far

by Staff and Wire Reports
April 5, 2023

In the first three years of its existence, 320 lawsuits have been filed in 28 states attempting to enforce provisions of the California Consumer Privacy Act (CCPA), according to an analysis of those actions by law firm Akin, which found that more than one in three 2022 lawsuits targeted financial services companies.

Read more

A: Always ask permission before taking something

The concept of sharing is one of the first major life lessons we teach kids — from both the giving and taking sides. If you want to play with your friend’s toy, ask them first, and vice versa. Data should be treated the same way.

If you want a consumer’s data, you must first clearly tell them what it is you’re requesting. Once they understand that, you can ask their permission to use their data. Only when permission is explicitly granted should you move forward with data collection.

Failing to be transparent about what you’re using data for is wrong and costly. Twitter found this out the hard way by misleading users about what their personal information was being used for. Twitter said the email addresses and phone numbers they collected were for account security, but it also allowed advertisers to use the data for targeted marketing campaigns. The FTC fined Twitter $150 million.

Your organization can do the right thing — and avoid fines — by using layers of permissions. For example, if your site uses cookies, a banner that allows an individual to accept or decline them guarantees consumers are informed about what they are consenting to. They’ll be equipped to make educated decisions about sharing their data, and your organization can be sure it isn’t taking anything without express permission. 

B: Be prepared to return something that’s not yours

Even if you asked for permission to play with your friend’s toy and they said yes, you must return it as soon as they ask. Data is no different. Your organization is just borrowing people’s data, so if an individual changes their mind about sharing, you must be prepared to give it back.

Someone can ask for their data to be returned through a data subject access request (DSAR). A DSAR allows a consumer to see what of their personal data you hold and how it’s being used. Not only can a consumer delete their information with your organization through a DSAR but they can also modify it, see how and where it’s being shared and more. Here’s what to do if your organization receives a DSAR request:

  • Confirm the requester’s identity.
  • Verify what they’re requesting.
  • Gather the data.
  • Ensure the data is clean, i.e. only includes information about the requester.
  • Send the data to the requesting party and include information about their data privacy rights.

C: Communicate candidly about where you’re storing someone’s stuff

Because the United States does not have a federal law in place regarding data privacy, a lot of data ends up in many places beyond where it was originally gathered. For example, if an organization collects your data, it may be free to share that data with third parties unless there is a law in place that restricts data collection and sharing. If there is no law, however, those third parties can then sell your data or share it further without telling you they’re doing so. The places your data lives grow exponentially, as do your chances of being affected by a data breach, and you most likely won’t have a clue.

This cluelessness is the result of a lack of transparency. Even when it’s not the law, your organization is responsible for doing the right thing and clearly communicating everywhere your consumers’ data is. If you don’t, and there is a breach, you risk damaging your customers’ trust in your organization’s ability to safeguard their data.

Organizations have a huge amount of data at their fingertips, which must be respected and treated right — just like I have taught my children to respect and take care of things they borrow from others. If you stick to these ABCs of data privacy, your organization will already be ahead of 99% of U.S. corporations.


Tags: Data GovernanceGDPR
Previous Post

NAVEX 2023 Hotline & Incident Management Benchmark Report

Next Post

From the Villain to the Hero: How Rate Swaps Could Have Prevented Latest Banking Crisis

Arlo Gilbert

Arlo Gilbert

Arlo Gilbert is the cofounder and CEO of Osano, a data privacy platform. Gilbert, a Texas native, is a high-growth leader with more than 20 years of experience in building companies in industries ranging from payment processing and telecommunications to digital health and enterprise software.

Related Posts

virginia flag

Virginia Is for Lovers (of Data Privacy)

by Alex Tray
May 17, 2023

In the three years since California implemented its landmark data privacy act (CCPA), more than 20 other states have considered...

banks information sharing_f

Sharing Is Caring? Lessons From Dutch Banks’ Data-Sharing Program

by Sukirt Singh
March 22, 2023

With federal investigations pending, the autopsy of Silicon Valley Bank and resulting cascade of bank failures is only just beginning....

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

Next Post
bank swaps final

From the Villain to the Hero: How Rate Swaps Could Have Prevented Latest Banking Crisis

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT