Building Trust Through Transparency: Evaluating Your Company’s Data Privacy Strategies

There is a growing demand for transparency and accountability from individuals, regulators and stakeholders about how companies manage their data. Look no further than nearly a dozen states that have enacted comprehensive data privacy laws and recent FTC actions about how companies protect customer data. This demand for accountability has led to a shift in how companies approach data privacy without compromising their operational viability. As people become more aware of how their personal information is collected, stored and used, companies must make privacy a priority while still using data to create brand and business value.

In an increasingly complex technology landscape, traditional approaches to reaching consumers are no longer effective in monitoring users’ online activities across the web. Taking shortcuts with privacy and permissions risks precious brand and consumer trust that, once eroded, can be difficult to regain. Companies must understand that fostering trust through proper permissioning and privacy protocols can not only enhance their reputation but also drive customer loyalty and business success. But true transparency involves more than complying with regulations; it requires a comprehensive approach that includes policies, technologies and a cultural commitment to protect data.

Create strong connectivity with privacy teams and beyond 

A close partnership with privacy teams is essential across the enterprise to comprehend the intricate landscape of data privacy regulations, especially for business units that deal with customers’ data. This collaboration helps interpret how new laws specifically apply to the company’s unique attributes, such as industry, size, audience and geographic reach. 

The surge in recent legislative activity includes the implementation of new state privacy laws — California, Virginia, Colorado and Connecticut have already implemented new laws this year; Utah is set to follow suit. Another 10 states have passed laws that will go into effect over the next couple of years, and many more are under consideration in legislatures across the country. Additionally, the FTC is committed to tackling “commercial surveillance and lax data security practices.” Penalties prohibit certain companies from sharing user data — such as disclosing email addresses, IP addresses and other personal identification information — with applicable third parties for advertising purposes and require the companies to potentially pay millions in civil penalties.

The takeaway from these recent rulings and complaints by the FTC, and regulatory requirements becoming increasingly restrictive, is that companies need to develop an accountable data privacy culture in a data-driven world. With a deep understanding of the company’s nuances, privacy teams can guide companies to adhere to regulations while optimizing data-driven strategies that resonate with audiences. Complying with these guidelines can facilitate international business operations and data transfers.

A chief privacy officer (CPO) who is well-versed in state and international data privacy laws and regulations can help make sure the organization complies with these complex and ever-evolving laws. CPOs are also responsible for crafting and maintaining clear and transparent privacy policies that communicate how customer data is collected, used and protected. By staying updated on regulatory changes and integrating collaborative efforts with others across the enterprise — including legal, IT and marketing — the CPO helps the organization with risk mitigation while ensuring privacy considerations are integrated from the outset rather than added as an afterthought.

A CPO is a priority, but external legal experts can also provide an unbiased and objective assessment of an organization’s privacy practices, ensuring that internal biases or conflicts of interest do not cloud the evaluation. CPOs also bring a deep understanding of evolving privacy regulations and can help organizations navigate complex legal requirements and risk mitigation effectively — saving an organization significant time and resources to drive business value long-term. 

Companies that proactively integrate privacy across their organization create a culture of being at the forefront of ever-changing and rapidly evolving compliance and privacy requirements. This proactive approach not only satisfies the most stringent legal and IT rules but also enables the responsible use of data to create trustworthy and enjoyable brand interactions for consumers.

Data Privacy

Privacy Law Compliance Parallels and Peculiarities: Navigating the Consumer Privacy Compliance Circus

by Roy Wyman, Alexandria Wood Davenport and Joelle L. Hupp

October 9, 2023

Are states stepping into the void — or muddying the waters — on data protection laws?

Read moreDetails

Regularly audit processes for market variation 

Knowing what data is collected and how it’s used enables companies to strategically leverage data for growth. Effective data utilization leads to better insights, improved marketing strategies and enhanced customer experiences. Yet businesses are grappling with compliance challenges due to the rapid and varied passage of privacy laws in the United States. Each new law adds to this complexity, necessitating ongoing adaptation by businesses.

While most of the states that have adopted comprehensive privacy legislation to date have relied heavily on the concepts and terminology codified in the EU’s GDPR, the future of privacy legislation in the U.S. is also likely to be characterized by laws tailored to specific categories of data.

For example, Illinois, Texas and Washington have dedicated biometric data privacy laws, Washington enacted a healthcare-focused law protecting the privacy of consumer health decisions and health data, and Massachusetts is considering a bill to outlaw “selling, leasing, trading or renting location data” across the state and require explicit consent for collecting or processing location data, reflecting a shift toward stricter data control.

From a corporate perspective, having privacy laws — even if they lack clarity — provides a structured framework to align with changing cultural norms. These laws serve as a valuable guide for businesses, enabling them to adapt their practices in response to evolving privacy expectations. Businesses that proactively embrace and comply with privacy laws can gain a stronger market position by meeting consumer expectations and demonstrating a commitment to data protection. From an individual’s viewpoint, these laws reinforce the protection of their privacy rights, aligning with what should have been safeguarded all along.

The next step to better understand the type of data a company has is to work with the newly connected privacy team to perform data audits. Regular audits help to ensure that a company’s actions match the promises made in its privacy policy. This alignment is crucial to maintaining trust and credibility with consumers who rely on accurate information about data practices and to maintaining a competitive advantage in the global corporate marketplace.

Audits provide a comprehensive understanding of the data a company possesses, including sensitive information. This awareness enables informed decision-making, allowing the company to handle data responsibly and ethically. Regular audits help maintain transparency by enabling the company to accurately inform consumers about the purpose and use of collected data. Clear communication builds trust and demonstrates respect for user privacy.

Businesses must remain agile and be prepared to adapt their data-handling practices as privacy laws evolve, especially as new, category-specific regulations emerge.

Build long-term consumer trust through transparency and ethical data use 

Under most new privacy laws, consumers are given the right to understand the data collected from and about them by companies. They should have the right to opt out of data usage simply and easily, without deceptive tactics or consequences. Enterprises must provide transparency and clarity for consumers who wish to exercise their opt-out rights.

For example, many of the state laws and FTC complaints mentioned earlier target so-called “dark patterns,” or manipulative designs used to obtain users’ consent to share personal information surreptitiously.

Beyond mere consumer privacy compliance, transparency plays a pivotal role in shaping customers’ overall experience with a company. Businesses need to be transparent about the value consumers can expect to receive in exchange for sharing their data. 

Transparency builds trust and fosters positive interactions between consumers and businesses. When consumers fully understand the benefits and can choose whether to allow their data to be shared, it paves the way for a mutually beneficial relationship between the brand and consumers.

For example, subject access requests (SARs) granted by the privacy laws enable people to exercise greater control over their personal information. Businesses are obligated to respond to SARs within specific time limits and with the requested information, and companies handling personal information must implement robust security measures to protect the confidentiality and security of personal information — a critical step to prevent unauthorized access to sensitive data.

Companies that proactively design their data privacy efforts for transparency and trust can gain a competitive edge by differentiating themselves as ethical stewards of data, creating a foundational identity in a crowded marketplace. Contrary to the misconception that stringent data privacy measures stifle innovation, transparent data practices can spur innovation because partners ultimately want to work with companies that abide by responsible data usage and inspire consumer confidence.

Final thoughts

The data ecosystem is progressively embracing accountability and transparency, a direction that is both necessary and overdue. Ultimately, companies stand to gain by complying willingly with the new privacy protections afforded to consumers, clarifying to consumers the worth they receive in return for their data, elucidating the methods and reasons behind data collection and usage, and illustrating the advantages derived from these practices.