No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Data Privacy Rules Even a Kindergartener Can Understand

Without national consumer privacy regulations, businesses have a chance to lead by example

by Arlo Gilbert
May 3, 2023
in Data Privacy
abc blocks

Regulations on consumer data privacy can get complex, but one thing should remain simple: Responsible data governance means simply doing the right thing. Or at least that’s what Osano’s Arlo Gilbert believes.

Data does a lot for brands. They can use it to personalize customer experiences and refine marketing initiatives, but for many companies, the ethics of gathering, using and storing this data can get a little blurry.

I’m a dad to three children, and as a father, I spend much of my time and energy teaching my kids how to respect others and their things. Recently, I was discussing sharing with my youngest, and I realized that the behavioral best practices we teach kids apply to more than just playtime. We want our kids to do the right thing in their lives, and we should expect the same from organizations that use our data.

There are a few data privacy regulations in place that are a step toward doing the right thing, such as the EU’s GDPR. However, organizations that care about data privacy ethics will take it further and do right by their customers, even if doing so isn’t mandated by law. Ethical organizations will take care of consumers’ personal and sensitive data.

To help simplify this process, I’ve developed the ABCs of data privacy. These guidelines are uncomplicated enough that kids can understand them while still incorporating complicated messages about how to treat your customers.

california state flag
Data Privacy

CCPA Analysis: 320 Suits Filed to Enforce Data Privacy Protections So Far

by Staff and Wire Reports
April 5, 2023

In the first three years of its existence, 320 lawsuits have been filed in 28 states attempting to enforce provisions of the California Consumer Privacy Act (CCPA), according to an analysis of those actions by law firm Akin, which found that more than one in three 2022 lawsuits targeted financial services companies.

Read moreDetails

A: Always ask permission before taking something

The concept of sharing is one of the first major life lessons we teach kids — from both the giving and taking sides. If you want to play with your friend’s toy, ask them first, and vice versa. Data should be treated the same way.

If you want a consumer’s data, you must first clearly tell them what it is you’re requesting. Once they understand that, you can ask their permission to use their data. Only when permission is explicitly granted should you move forward with data collection.

Failing to be transparent about what you’re using data for is wrong and costly. Twitter found this out the hard way by misleading users about what their personal information was being used for. Twitter said the email addresses and phone numbers they collected were for account security, but it also allowed advertisers to use the data for targeted marketing campaigns. The FTC fined Twitter $150 million.

Your organization can do the right thing — and avoid fines — by using layers of permissions. For example, if your site uses cookies, a banner that allows an individual to accept or decline them guarantees consumers are informed about what they are consenting to. They’ll be equipped to make educated decisions about sharing their data, and your organization can be sure it isn’t taking anything without express permission. 

B: Be prepared to return something that’s not yours

Even if you asked for permission to play with your friend’s toy and they said yes, you must return it as soon as they ask. Data is no different. Your organization is just borrowing people’s data, so if an individual changes their mind about sharing, you must be prepared to give it back.

Someone can ask for their data to be returned through a data subject access request (DSAR). A DSAR allows a consumer to see what of their personal data you hold and how it’s being used. Not only can a consumer delete their information with your organization through a DSAR but they can also modify it, see how and where it’s being shared and more. Here’s what to do if your organization receives a DSAR request:

  • Confirm the requester’s identity.
  • Verify what they’re requesting.
  • Gather the data.
  • Ensure the data is clean, i.e. only includes information about the requester.
  • Send the data to the requesting party and include information about their data privacy rights.

C: Communicate candidly about where you’re storing someone’s stuff

Because the United States does not have a federal law in place regarding data privacy, a lot of data ends up in many places beyond where it was originally gathered. For example, if an organization collects your data, it may be free to share that data with third parties unless there is a law in place that restricts data collection and sharing. If there is no law, however, those third parties can then sell your data or share it further without telling you they’re doing so. The places your data lives grow exponentially, as do your chances of being affected by a data breach, and you most likely won’t have a clue.

This cluelessness is the result of a lack of transparency. Even when it’s not the law, your organization is responsible for doing the right thing and clearly communicating everywhere your consumers’ data is. If you don’t, and there is a breach, you risk damaging your customers’ trust in your organization’s ability to safeguard their data.

Organizations have a huge amount of data at their fingertips, which must be respected and treated right — just like I have taught my children to respect and take care of things they borrow from others. If you stick to these ABCs of data privacy, your organization will already be ahead of 99% of U.S. corporations.


Tags: Data GovernanceGDPR
Previous Post

NAVEX 2023 Hotline & Incident Management Benchmark Report

Next Post

From the Villain to the Hero: How Rate Swaps Could Have Prevented Latest Banking Crisis

Arlo Gilbert

Arlo Gilbert

Arlo Gilbert is the cofounder and CEO of Osano, a data privacy platform. Gilbert, a Texas native, is a high-growth leader with more than 20 years of experience in building companies in industries ranging from payment processing and telecommunications to digital health and enterprise software.

Related Posts

doj building sign with flags

‘Reasonable Steps’: What the DOJ Expects From Your Bulk Data Transfer Compliance Program

by Alexandra P. Moylan, Alisa L. Chestler and Michael J. Halaiko
May 5, 2025

Sample provisions offer blueprint for compliant data brokerage with foreign entities

data security program concept cameras

Your Sensitive Data Is Now a National Security Matter: The DOJ’s New Data Security Program

by Randall Cook, Vince Mekles and Rachel Woloszynski
April 29, 2025

90-day implementation window closing on regulations affecting companies with genomic, biometric, health and other personal information

Electronic Evidence Collection for eDiscovery and Compliance

Electronic Evidence Collection for eDiscovery and Compliance

by Corporate Compliance Insights
March 30, 2025

Are you prepared to manage modern data sources in your compliance program? Whitepaper Electronic Evidence Collection for eDiscovery and Compliance...

origami tiger

Paper Tigers Won’t Protect You: The Reality of Effective NIS2 Compliance

by Hans Kayaert
March 24, 2025

Why Belgium's early adoption model could prevent another round of ‘compliance theater’ across Europe

Next Post
Columns in a row

From the Villain to the Hero: How Rate Swaps Could Have Prevented Latest Banking Crisis

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights